[Freeipa-users] attempting to Import Local Accounts into FreeIPA Server on Fedora 25: ipa: ERROR: Could not get User login interactively

[Rob Crittenden]

Standa Laznicka wrote:
> On 11/29/2016 09:35 PM, Robert Kudyba wrote:
>>
>>> On Nov 29, 2016, at 11:37 AM, Rob Crittenden <rcritten at redhat.com
>>> <mailto:rcritten at redhat.com>> wrote:
>>>
>>> Robert Kudyba wrote:
>>>> I知 trying to use the script posted on
>>>> https://urldefense.proofpoint.com/v2/url?u=https-3A__shellonearth.net_import-2Dlocal-2Daccounts-2Din-2Dfreeipa-2Drhelcentos_&d=DgIDAw&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=qUO21wyGfiMBRaZk6rjEMSMEMYZB0QpBVyQTCq3U6lw&s=9CmZV-vE0Nle4yup0VrHuHVnMuPNCBaOcJQkR4GzebM&e=
>>>> .
>>>> I知 getting the below error. Have the options for ipa user-add changed
>>>> recently? Here痴 what the error looks like in context from the CLI:
>>>>
>>>> Password for admin at ourdomain:
>>>> User login:
>>>> ipa: ERROR: Could not get User login interactively
>>>>
>>>> Here is what痴 in the script:
>>>>
>>>> ipa user-add $USER --first=$FIRST --last=$LAST --cn="$FULL"
>>>> --displayname="$FULL" --uid=$UUID --gidnumber=$GID --setattr
>>>> userpassword='{crypt}$CRYPT'
>>>>
>>>>
>>>
>>> Are you sure $USER has a value?
>>>
>>> It looks like it is falling back on interactive prompting for required
>>> fields.
>>
>> Thanks that gave me a clue. The script was looking for a group ID of 8
>> characters long I changed it to 4:
>> forline in"$(echo $p | grep "x:[0-9][0-9][0-9][0-9]*:")"# Only grep
>> user accounts with IDs of 4 digits or more
>>
>> But now the script just “hangs” and no response. I confirmed
>> permissions of the shadow and passwd files and just using 20 login
>> names from each file. Nothing shows up in the user search of the
>> FreeIPA GUI.
>>
>>
>>
> Well, I may not be that fluent in bash as I used to be, but from what I
> see here, it's quite obvious. Line 39 - you have a `while read p` part
> there that waits for input from stdin. That's where you hang. How you
> managed to get to `ipa user-add` line before I am not really certain.
> 
> Did you perhaps mean to read from /tmp/passwd or /tmp/shadow on L39? :)
> 

Check out his blog, he has an updated script. He was missing a < before
$PASSWORD at the end.

It still seems really fragile to me. I've attached a python script I
wrote ages ago to do a similar import. You'd need to add your regex but
this worked last I tried and is more performant when importing a lot of
users because it does them in batches.

rob
-------------- next part --------------
#!/usr/bin/python
#
import re
import sys
import tempfile
from ipalib.dn import DN
from ipalib import api, errors

bulksize = 50
name_pattern = re.compile('(\w+) \w (\w+)')

if len(sys.argv) != 2:
    sys.exit("Usage: %s <filename>" % sys.argv[0])
filename=sys.argv[1]

api.bootstrap(context='cli')
api.finalize()
api.Backend.xmlclient.connect()

def process_batch(batch):
    try:
        results = api.Command['batch'](batch)['results']
        for result in results:
            if result['error'] and 'already exists' not in result['error']:
                print result['error']
            elif 'completed' in results:
                if result['completed'] > 0:
                    print "New members added to group %s" % result['result']['cn']
            elif 'failed' in result and len(result['failed']['member']['user']) > 0 and 'not allowed' in result['failed']['member']['user'][0][1]:
                print "Cannot add members to a user-private group: %s" % result['result']['cn']
    except errors.NetworkError, e:
        print "FAIL: connection error trying to run batch: %s" % e
    except errors.LimitsExceeded:
        # This was probably thrown in the post_callback, it isn't critical
        print 'Limits error'
    except KeyboardInterrupt:
        sys.exit("quitting")

batch = []
count = 0
fd = open(filename, 'r')
while True:
    line = fd.readline()
    if not line:
        break
    line = unicode(line.strip())
    (uid, line) = line.split(' ', 1)
    try:
        (login, passwd, uid, gid, gecos, dir, shell) = line.split(':')
    except ValueError, e:
        print "mal-formed passwd entry: %s (%s)" % (e, line)
        continue
    m = name_pattern.match(gecos)
    if m:
        first = m.group(1)
        last = m.group(2)
    else:
        first = u'NIS'
        last =  u'USER'
    batch.append(dict(method='user_add',
                      params=([login], dict(gidnumber=int(gid),
                                uidnumber=int(uid),
                                gecos=gecos.strip(), homedir=dir, shell=shell,
                                givenname=first, sn=last, noprivate=u'true',
                                addattr='userPassword={crypt}%s' % passwd))))
    count += 1
    if count % bulksize == 0:
        process_batch(batch)
        batch = []
        print "%d users" % count

if batch:
    process_batch(batch)

fd.close()