[Freeipa-users] Export user and host list to a csv or text file

Bret Wortman bret.wortman at damascusgrp.com
Fri May 23 11:40:07 UTC 2014 

Yes, though it might be a bit more data than you're expecting.

Here's what we did to get the details out of a server (and import them 
into another). I'm sure there's a more elegant solution, but this worked 
for us. Also note that we didn't use all the data this export script 
generated, but felt it was better to have it than to not.

EXPORT:

#!/bin/sh
#
# Generate latest ipa config files for possible re-import later.
#
# (C) 2014, The Damascus Group
#

CONFIGDIR=/opt/ipa_config

[ ! -d $CONFIGDIR ] && mkdir $CONFIGDIR
pushd $CONFIGDIR

ipa dnszone-find --all > dnszone.txt
grep 'Zone name' dnszone.txt | awk '{print $3}' | sed 's/\r//' > zones.txt
for line in $(cat zones.txt); do
     fn=$(echo $line | sed 's/\.in-addr\.arpa\.//')
     echo "For zone $line -> dnsrecord-$fn.txt"
     ipa dnsrecord-find $line --sizelimit=99999 --all --structured > 
dnsrecord-${fn}.txt
done
ipa user-find --all > users.txt
ipa host-find --sizelimit=99999 --all > hosts.txt
ipa policy-find --all > policy.txt
ipa sudorule-find --all > sudorule.txt
ipa sudocmdgroup-find --all > sudocmdgroup.txt
ipa sudocmd-find --all > sudocmd.txt
ipa role-find --all > roles.txt
ipa pwpolicy-find --all > pwpolicy.txt
ipa privilege-find --all > privilege.txt
ipa permission-find --all > permission.txt
ipa netgroup-find --all > netgroup.txt
ipa usergroup-find --all > usergroup.txt
ipa idrange-find --all > idrange.txt
ipa hostgroup-find --all > hostgroup.txt
ipahbacrule-find --all > hbacrule.txt
ipa hbacsvc-find --all > hbacsvc.txt
ipa group-find --all > group.txt
ipa cert-find --all > cert.txt
ipa automember-find --type=group --all > automember-group.txt
ipa automember-find --type=hostgroup --all > automember-hostgroup.txt
popd
------cut-------

Then, for example, you can import these into a new IPA server using 
something like these:

#!/bin/bash
#
#  parse_hosts
#
# (C) 2014, The Damascus Group
#

FN=$1
OTP=MyOnetimePassword

RE_HOSTNAME="Host name:\s+(.*)$"

name=""

while read line; do
     if [[ $line =~ "$name" ]]; then
         if [[ -n "$name" ]]; then
             echo "Adding $name"
             ipa host-add $name --password $OTP --force
         fi
         name=${BASH_REMATCH[1]}
     fi
done < $FN
echo "Adding $name"
ipa host-add $name --password $OTP --force
-------cut----------

And this for users:

#!/bin/bash
#
# parse_users
#
# (C) 2014, The Damascus Group

FN=$1

RE_DN="dn:\s+(.*)$"
RE_LOGIN="User login:\s+(.*)$"
RE_LAST="Last name:\s+(.*)$"
RE_FIRST="First name:\s+(.*)$"
RE_CN="Full name:\s+(.*)$"
RE_DISPLAYNAME="Display name:\s+(.*)$"
RE_INITIALS="Initials:\s+(.*)$"
RE_SHELL="Login shell:\s+(.*)$"
RE_HOMEDIR="Home directory:\s+(.*)$"
RE_PRINCIPAL="Kerberos principal:\s+(.*)$"
RE_EMAIL="Email address:\s+(.*)$"
RE_SSHPUBKEY="SSH public key:\s+(.*)$"
RE_UID="UID:\s+(.*)$"
RE_GID="GID:\s+(.*)$"

login=""
last=""
first=""
cn=""
displayname=""
initials=""
shell=""
homedir=""
prinicpal=""
email=""
sshpubkey=""
uid=""
gid=""

while read line; do
     if [[ $line =~ $RE_DN ]]; then
         ipa user-add $login \
             --last=$last \
             --first=$first \
             --cn="$cn" \
             --displayname="$displayname" \
             --initials=$initials \
             --shell=$shell \
             --homedir=$homedir \
             --principal=$principal \
             --email=$email \
             --sshpubkey="$sshpubkey" \
             --uid=$uid \
             --gid=$gid
         login=""
         last=""
         first=""
         cn=""
         displayname=""
         initials=""
         shell=""
         homedir=""
         prinicpal=""
         email=""
         sshpubkey=""
         uid=""
         gid=""
     fi
     if [[ $line =~  $RE_LOGIN ]]; then
         login=${BASH_REMATCH[1]}
     fi
     if [[ $line =~  $RE_LAST ]]; then
         last=${BASH_REMATCH[1]}
     fi
     if [[ $line =~  $RE_FIRST ]]; then
         first=${BASH_REMATCH[1]}
     fi
     if [[ $line =~  $RE_CN ]]; then
         cn=${BASH_REMATCH[1]}
     fi
     if [[ $line =~  $RE_DISPLAYNAME ]]; then
         displayname=${BASH_REMATCH[1]}
     fi
     if [[ $line =~  $RE_INITIALS ]]; then
         initials=${BASH_REMATCH[1]}
     fi
     if [[ $line =~  $RE_SHELL ]]; then
         shell=${BASH_REMATCH[1]}
     fi
     if [[ $line =~  $RE_HOMEDIR ]]; then
         homedir=${BASH_REMATCH[1]}
     fi
     if [[ $line =~  $RE_PRINCIPAL ]]; then
         principal=${BASH_REMATCH[1]}
     fi
     if [[ $line =~  $RE_EMAIL ]]; then
         email=${BASH_REMATCH[1]}
     fi
     if [[ $line =~  $RE_SSHPUBKEY ]]; then
         sshpubkey1=${BASH_REMATCH[1]}
         read sshpubkey2
         read sshpubkey3
         sshpubkey="$sshpubkey1 $sshpubkey2 $sshpubkey3"
     fi
     if [[ $line =~  $RE_UID ]]; then
         uid=${BASH_REMATCH[1]}
     fi
     if [[ $line =~  $RE_GID ]]; then
         gid=${BASH_REMATCH[1]}
     fi
done < $FN
ipa user-add $login \
     --last=$last \
     --first=$first \
     --cn="$cn" \
     --displayname="$displayname" \
     --initials=$initials \
     --shell=$shell \
     --homedir=$homedir \
     --principal=$principal \
     --email=$email \
     --sshpubkey="$sshpubkey" \
     --uid=$uid \
     --gid=$gid
---------cut----------

If there's any interest, I can toss these scripts plus a handful of 
other parsers for things like DNS, hbac and sudo into a github project. 
Unless someone points out a compelling reason to not do things this way.


Bret

On 05/23/2014 12:42 AM, Sanju A wrote:
> Dear All,
>
> Is there any command to export the user and host list to a csv or text 
> format
>
>
> Regards
> Sanju Abraham
> ___________
>
> =====-----=====-----=====
> Notice: The information contained in this e-mail
> message and/or attachments to it may contain
> confidential or privileged information. If you are
> not the intended recipient, any dissemination, use,
> review, distribution, printing or copying of the
> information contained in this e-mail message
> and/or attachments to it are strictly prohibited. If
> you have received this communication in error,
> please notify us by reply e-mail or telephone and
> immediately and permanently delete the message
> and any attachments. Thank you
>
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140523/eb6a3e64/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3766 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140523/eb6a3e64/attachment.p7s>

More information about the Freeipa-users mailing list