AFP548.com: Articles: Importing Users into Mac OS X Server 10.2

Importing Users into Mac OS X Server 10.2

6 November 2002

If you have never played around with AppleScript, now would be a good time to get some experience with it. With a simple AppleScript we can turn an Excel sheet of names and passwords into a file that can easily be imported into Workgroup Manager saving you, or your intern, countless hours of tedious work.

Before starting it is important to familiarize yourself with the format of an import/export file from Workgroup Manager. The easiest way to do this is to export a few users into a text file. For example:

Note: the “” graphic, used below, indicates that the current and following line should appear as one, not split up.

0x0A 0x5C 0x3A 0x2C dsRecTypeStandard:Users 13 
dsAttrTypeStandard:RecordName 
   dsAttrTypeStandard:Password dsAttrTypeStandard:UniqueID 
   dsAttrTypeStandard:PrimaryGroupID  dsAttrTypeStandard:Comment 
   dsAttrTypeStandard:Expire dsAttrTypeStandard:Change dsAttrTypeStandard:RealName 
   dsAttrTypeStandard:NFSHomeDirectory dsAttrTypeStandard:UserShell dsAttrTypeStandard:PrintServiceInfoXML dsAttrTypeStandard:HomeDirectory  
dsAttrTypeStandard:MailAttribute
nettest::1026:20::::Network Tester:/Network/Servers/osx/Users/nettest:/bin/tcsh::<home_dir><url> 
   afp\://osx.afp548.com/Users</url><path>nettest</path></home_dir>:<dict>\
        <key>kAPOPRequired</key>\
        <string>APOPNotRequired</string>\
        <key>kAttributeVersion</key>\
        <string>Apple Mail 1.0</string>\
        <key>kAutoForwardValue</key>\
        <string></string>\
        <key>kIMAPLoginState</key>\
        <string>IMAPAllowed</string>\
        <key>kMailAccountLocation</key>\
        <string>osx.howardcc.edu</string>\
        <key>kMailAccountState</key>\
        <string>Off</string>\
        <key>kNotificationState</key>\
        <string>NotificationOff</string>\
        <key>kNotificationStaticIPValue</key>\
        <string>0.0.0.0</string>\
        <key>kPOP3LoginState</key>\
        <string>POP3Allowed</string>\
        <key>kSeparateInboxState</key>\
        <string>OneInbox</string>\
        <key>kShowPOP3InboxInIMAP</key>\
        <string>HidePOP3Inbox</string>\
        <key>kUserDiskQuota</key>\
        <string>0</string>\
</dict>\

Confusing at first, sure, but it’s fairly easy to see what’s going on.

It begins with a few ASCII character definitions in hexadecimal format that let Workgroup Manager know what characters to use to separate the fields. You can get a list of ASCII characters by executing this command:

cat /usr/share/misc/ascii

Just keep in mind that the numbers in the file are in hexadecimal so they are prefaced with 0x. In /usr/share/misc/ascii they don’t have the prefix. Now things should be clear. Unless you have special needs you don’t have much reason to change these.

Next comes a standard tag that says this is a user record as opposed to a group record.

The next number specifies how many records you are providing; you only need a few to make the import. The rest will either be created by the system or are just left blank. For instance in the example above there is a whole chunk of info about the mail attributes of this user. You don’t necessarily need that if the user you are importing doesn’t need a mail account, so you can leave that out of your import.

Now all of the fields are listed in the order that you will be supplying data. Obviously the number of fields you set with the previous number needs to match how many you name.

The Server Admin Guide that comes with Mac OS X Server, or you can download it from Apple’s Web site, has a good description of how to set this up.

To help you out I have written an AppleScript that takes a comma-separated values file (from Excel, for example) and converts it into a plain text file suitable for importing using Workgroup Manager. It is specifically designed for allowing you to set up users with network home folders. It also stores the users' passwords into the password server. The import file should have three attributes per line. The first is the user’s first name, the second is the user’s last name and the third is the plaintext password for the user.

Feel free to take a look at the source of the script and make it do more, or less, if you need to. If you make any changes or have any suggestions we would be happy to post them here, too.