Script for migrating NetInfo system accounts to OpenDirectory accounts

This is going to be above the scope of most “power users” or newcomers to shell operations in OS X, but the following is a zsh script for pulling local system users in NetInfo and moving them into shiny new OpenDirectory accounts. If you don’t know what any of that means, you probably shouldn’t be messing with this. If you do, enjoy.

for i in `cat /path/to/shadowed/password/dump/users`
do
user=`echo $i|cut -d: -f1`
# if [ `nidump passwd .|grep $user|wc -l` -lt 1 ]; then
if [ `$DSCL . -list /Users |grep $user|wc -l` -lt 1 ]; then
#get the rest of the user settings
shell=`echo $i|cut -d: -f10`
realname=`echo $i|cut -d: -f8`
uniqueid=`echo $i|cut -d: -f3`
primarygroupid=`echo $i|cut -d: -f4`
homedir=`echo $i|cut -d: -f9`
passwdhash=`echo $i|cut -d: -f2`
# echo $i|niload -m passwd .
#create user in local OpenDirectory
$DSCL . -create /Users/$user
$DSCL . -append /Users/$user UserShell $shell
$DSCL . -append /Users/$user RealName "$realname"
$DSCL . -append /Users/$user UniqueID $uniqueid
$DSCL . -append /Users/$user PrimaryGroupID $primarygroupid
$DSCL . -append /Users/$user NFSHomeDirectory $homedir
$DSCL . -append /Users/$user AuthenticationAuthority ";basic;"
$DSCL . -append /Users/$user Password "$passwdhash"
# Below would use more secure SHA1 password hash, but requires some setup work
# Shadow password files would need to be stored in /path/to/shadowed/password/dump/shadow directory
# with name in form of $user.shadow (one per user)
#$DSCL . -append /Users/$user AuthenticationAuthority ";ShadowHash;"
#$DSCL . -append /Users/$user Password "*"
#keyfile=`$DSCL . -read /Users/$user | grep -i generateduid | cut -d' ' -f2`
#cp /path/to/shadowed/password/dump/shadow/$user.shadow /var/db/shadow/hash/$keyfile
mkdir -p /Users/$user
/usr/sbin/chown $user /Users/$user
logger -p local1.info "$user has been added to local OpenDirectory accounts"
fi
done

for i in `cat /path/to/shadowed/password/dump/remove`
do
user=`echo $i|cut -d: -f1`
if [ `$DSCL . -list /Users |grep $user|wc -l` -gt 0 ]; then
#niutil -destroy . /users/$user
dscl . -delete /Users/$user
rm -r /Users/$user
logger -p local1.info "$user has been removed from local OpenDirectory accounts"
fi
done

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s