[Freeipa-users] Ipa add-user non interactively specifying a password.

Chris Mohler cmohler at oberlin.edu
Tue Sep 1 19:54:22 UTC 2015 

Thanks Craig!
That's quite a handy reply. It's actually a lot nicer than what I was 
planning to do. I appreciate this a lot.

-Chris


On 09/01/2015 03:33 PM, Craig White wrote:
> -----Original Message-----
> From: freeipa-users-bounces at redhat.com [mailto:freeipa-users-bounces at redhat.com] On Behalf Of Chris Mohler
> Sent: Tuesday, September 01, 2015 12:17 PM
> To: freeipa-users at redhat.com
> Subject: [Freeipa-users] Ipa add-user non interactively specifying a password.
>
> Hi List,
> I'm trying to make a script to add users non interactively with ipa add-user and specify a password of testpw
>
> I tried:
>
> ipa user-add username --first=firstname --last=lastname --homedir=/home/username --password testpw --gidnumber=0000 --noprivate --shell=/bin/bash
> #ipa: ERROR: command 'user_add' takes at most 1 argument
>
> and this:
>
> ipa user-add username --first=firstname --last=lastname --homedir=/home/username --password=testpw --gidnumber=0000 --noprivate --shell=/bin/bash
> #ipa: error: --password option does not take a value
>
> No Luck.
>
> Any suggestions?
> -----
> I will take it a lot further - salt to taste (and watch the line wraps)...
>
> #!/bin/sh
> #
> # Script to automate adding users
> #
> # Updated 12/16/2014
> # Craig White
> #
> CMD1='/usr/bin/ipa user-add'
> CMD2='/usr/bin/ipa group-add-member'
> TEE='/usr/bin/tee -a'
> LOG='/tmp/ipa_users_add.txt'
> MAIL='/bin/mailx'
> KERB=`klist -s; echo $?`
>> $LOG
> [[ -n "$4" ]] || { echo "Usage: ipa_user_add.sh LOGIN FIRST_NAME LAST_NAME EMAIL GROUPS " && echo "       REQUIRED ---->     ^       ^          ^       ^" && echo "You can have many groups separated with just a space"; exit 0 ; }
> [[ $KERB == "0" ]] || { echo "Your kerberos ticket has expired - Please create a valid kerberos ticket by typing 'kinit'"; exit 0 ; }
> if [ -z "$EMAIL" ]; then
>    echo "You need to add EMAIL to your environment variables - type 'export EMAIL=YOUR_EMAIL_ADDRESS' before running this command or better yet, add it to your .bash_profile"
>    exit 0
> fi
>
> $CMD1 $1 --first=$2 --last=$3 --random --email=$4 | $TEE $LOG
> echo "---- ----- ----- ----- -----" | $TEE $LOG
> echo "You must login and change your password" | $TEE $LOG
> echo "SSH to some server you have access to" | $TEE $LOG
> echo "or" | $TEE $LOG
> echo "https://_IPA_SERVER_1_/ipa/ui  OR  https://_IPA_SERVER_2_/ipa/ui" | $TEE $LOG
> echo " - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -" | $TEE $LOG
> $CMD2 ipausers --users=$1 | $TEE $LOG
> if [ -n "$5" ]; then
>    $CMD2 $5 --users=$1 | $TEE $LOG
> fi
> if [ -n "$6" ]; then
>    $CMD2 $6 --users=$1 | $TEE $LOG
> fi
> if [ -n "$7" ]; then
>    $CMD2 $7 --users=$1 | $TEE $LOG
> fi
> if [ -n "$8" ]; then
>    $CMD2 $8 --users=$1 | $TEE $LOG
> fi
> if [ -n "$9" ]; then
>    $CMD2 $9 --users=$1 | $TEE $LOG
> fi
> echo "See attachment for login information" | $MAIL -s 'New Account Information' -r $EMAIL -a $LOG $4
> /bin/rm -f $LOG

More information about the Freeipa-users mailing list