[Samba] Import USER and PASSWORD Samba3+OpenLadp TO Samba4

Rowland Penny rowlandpenny241155 at gmail.com
Tue Aug 25 15:39:56 UTC 2015 

On 25/08/15 16:02, vinifa wrote:
> I am using AD DC. I already have a domain Samba3 + Openladp, I'm creating
> this new domain Samba4, but I want to import all users who have already
> registered in my base Openldap. If it was the same demesne I would use the
> migration tool, but it's a different domain.
>
>
>
> --
> View this message in context: http://samba.2283325.n4.nabble.com/Import-USER-and-PASSWORD-Samba3-OpenLadp-TO-Samba4-tp4690180p4690202.html
> Sent from the Samba - General mailing list archive at Nabble.com.
>

OK, this is a users object in my test AD domain:

dn: CN=User3,CN=Users,DC=example,DC=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: User3
instanceType: 4
whenCreated: 20150621144659.0Z
uSNCreated: 45224
name: User3
objectGUID: cafff519-eeae-4a4b-8395-09b059a9b919
userAccountControl: 512
codePage: 0
countryCode: 0
primaryGroupID: 513
objectSid: S-1-5-21-2025076216-3455336656-3842161122-2106
accountExpires: 9223372036854775807
sAMAccountName: User3
sAMAccountType: 805306368
userPrincipalName: User3 at example.com
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=example,DC=com
unixUserPassword: ABCD!efgh12345$67890
msSFU30Name: User3
msSFU30NisDomain: example
uidNumber: 10023
gidNumber: 10007
unixHomeDirectory: /home/User3
loginShell: /bin/false
whenChanged: 20150624075921.0Z
pwdLastSet: 0
uSNChanged: 45447
distinguishedName: CN=User3,CN=Users,DC=example,DC=com

If I wanted to add this user with an ldif, I would use something like this:

dn: CN=User3,CN=Users,DC=example,DC=com
changetype: add
cn: User3
objectClass: user
sAMAccountName: User3
userPrincipalName: User3 at example.com
name: User3
userAccountControl: 512
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=example,DC=com
uid: User3
msSFU30Name: User3
msSFU30NisDomain: example
uidNumber: 10023
gidNumber: 10007
loginShell: /bin/false
unixHomeDirectory: /home/User3
unixUserPassword: ABCD!efgh12345$67890

dn: CN=User3,CN=Users,DC=example,DC=com
changetype: modify
replace: unicodePwd
unicodePwd::$UNICODEPWD"

To get $UNICODEPWD, I would do this:

UNICODEPWD=$(echo -n "\"$_USER_PW\"" | $_ICONV -f UTF-8 -t UTF-16LE | 
$_BASE64 -w 0)

As you can see the required ldif is different from yours and I told you 
this over on the samba-technical mailing list.

The easiest way for you to add the users will be to write a script that 
will parse your ldif, using it to obtain the user name etc and then use 
'samba-tool user create' to actually create the users, your only problem 
will be obtaining the users password. Unless you know the users plain 
passwords, it may be easier to create a new password and set the user to 
change the password at next logon.

Rowland
Rowland

More information about the samba mailing list