[Freeipa-users] attempting to Import Local Accounts into FreeIPA Server on Fedora 25: ipa: ERROR: Could not get User login interactively
Rob Crittenden
rcritten at redhat.com
Wed Nov 30 13:34:01 UTC 2016
Standa Laznicka wrote:
> On 11/29/2016 09:35 PM, Robert Kudyba wrote:
>>
>>> On Nov 29, 2016, at 11:37 AM, Rob Crittenden <rcritten at redhat.com
>>> <mailto:rcritten at redhat.com>> wrote:
>>>
>>> Robert Kudyba wrote:
>>>> I知 trying to use the script posted on
>>>> https://urldefense.proofpoint.com/v2/url?u=https-3A__shellonearth.net_import-2Dlocal-2Daccounts-2Din-2Dfreeipa-2Drhelcentos_&d=DgIDAw&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=qUO21wyGfiMBRaZk6rjEMSMEMYZB0QpBVyQTCq3U6lw&s=9CmZV-vE0Nle4yup0VrHuHVnMuPNCBaOcJQkR4GzebM&e=
>>>> .
>>>> I知 getting the below error. Have the options for ipa user-add changed
>>>> recently? Here痴 what the error looks like in context from the CLI:
>>>>
>>>> Password for admin at ourdomain:
>>>> User login:
>>>> ipa: ERROR: Could not get User login interactively
>>>>
>>>> Here is what痴 in the script:
>>>>
>>>> ipa user-add $USER --first=$FIRST --last=$LAST --cn="$FULL"
>>>> --displayname="$FULL" --uid=$UUID --gidnumber=$GID --setattr
>>>> userpassword='{crypt}$CRYPT'
>>>>
>>>>
>>>
>>> Are you sure $USER has a value?
>>>
>>> It looks like it is falling back on interactive prompting for required
>>> fields.
>>
>> Thanks that gave me a clue. The script was looking for a group ID of 8
>> characters long I changed it to 4:
>> forline in"$(echo $p | grep "x:[0-9][0-9][0-9][0-9]*:")"# Only grep
>> user accounts with IDs of 4 digits or more
>>
>> But now the script just “hangs” and no response. I confirmed
>> permissions of the shadow and passwd files and just using 20 login
>> names from each file. Nothing shows up in the user search of the
>> FreeIPA GUI.
>>
>>
>>
> Well, I may not be that fluent in bash as I used to be, but from what I
> see here, it's quite obvious. Line 39 - you have a `while read p` part
> there that waits for input from stdin. That's where you hang. How you
> managed to get to `ipa user-add` line before I am not really certain.
>
> Did you perhaps mean to read from /tmp/passwd or /tmp/shadow on L39? :)
>
Check out his blog, he has an updated script. He was missing a < before
$PASSWORD at the end.
It still seems really fragile to me. I've attached a python script I
wrote ages ago to do a similar import. You'd need to add your regex but
this worked last I tried and is more performant when importing a lot of
users because it does them in batches.
rob
-------------- next part --------------
#!/usr/bin/python
#
import re
import sys
import tempfile
from ipalib.dn import DN
from ipalib import api, errors
bulksize = 50
name_pattern = re.compile('(\w+) \w (\w+)')
if len(sys.argv) != 2:
sys.exit("Usage: %s <filename>" % sys.argv[0])
filename=sys.argv[1]
api.bootstrap(context='cli')
api.finalize()
api.Backend.xmlclient.connect()
def process_batch(batch):
try:
results = api.Command['batch'](batch)['results']
for result in results:
if result['error'] and 'already exists' not in result['error']:
print result['error']
elif 'completed' in results:
if result['completed'] > 0:
print "New members added to group %s" % result['result']['cn']
elif 'failed' in result and len(result['failed']['member']['user']) > 0 and 'not allowed' in result['failed']['member']['user'][0][1]:
print "Cannot add members to a user-private group: %s" % result['result']['cn']
except errors.NetworkError, e:
print "FAIL: connection error trying to run batch: %s" % e
except errors.LimitsExceeded:
# This was probably thrown in the post_callback, it isn't critical
print 'Limits error'
except KeyboardInterrupt:
sys.exit("quitting")
batch = []
count = 0
fd = open(filename, 'r')
while True:
line = fd.readline()
if not line:
break
line = unicode(line.strip())
(uid, line) = line.split(' ', 1)
try:
(login, passwd, uid, gid, gecos, dir, shell) = line.split(':')
except ValueError, e:
print "mal-formed passwd entry: %s (%s)" % (e, line)
continue
m = name_pattern.match(gecos)
if m:
first = m.group(1)
last = m.group(2)
else:
first = u'NIS'
last = u'USER'
batch.append(dict(method='user_add',
params=([login], dict(gidnumber=int(gid),
uidnumber=int(uid),
gecos=gecos.strip(), homedir=dir, shell=shell,
givenname=first, sn=last, noprivate=u'true',
addattr='userPassword={crypt}%s' % passwd))))
count += 1
if count % bulksize == 0:
process_batch(batch)
batch = []
print "%d users" % count
if batch:
process_batch(batch)
fd.close()
More information about the Freeipa-users
mailing list