Articles July 4, 2005 at 12:39 pm

LDAP Info Tab Auto-fill

That info tab with all it’s empty fields has been taunting me with all it’s wonderful uses, but sitting down and filling in 500+ users with all their individual data is not something even I’d wish on my worst enemy!

Read On for details on how to have all the fields filled in 30 minutes or less…The biggest issue I faced when starting working on this was figuring out where my data was coming from. So many people have this data already, but getting it into a format that will easily import into LDAP was the real challenge. Asking around, it seemed that spreadsheets and databases were the norm, both or which have some sort of function to export to a comma delimited file (csv), so this was my jumping off point.

Setting up your csv file is probably going to be the toughest part of this whole exercise, you have to put it in a specific order – otherwise you’re going to end up with your users residing in their phone numbers… So, here’s the order of the csv file:

shortname,street,city,state,zip,country,work tel,mobile tel,fax,pager,mail,mail2,mail3,aim,jabber,msn,icq,yahoo,url,blog

This is pretty close to the order found in the info tab now in Workgroup Manager. There are a couple caveats to this however, because the script is using ldapmodify to bring in all this data for us, it will result in an error and no data being imported if there are blanks left in your csv file. The other thing to note is that the mail addresses need to be distinct – for example, in my testing I had my 3 e-mail addresses as follows:

...,[email protected],none,none,...

This didn’t work as ldapmodify was seeing the two “none” addresses as the same entry. It’s only the multiple e-mails this affects, the IM accounts are handled differently.

A little information on csv files: Check your csv in a very simple text editor before running with it, some applications have a habit of not creating line breaks correctly when exporting to csv – a simple test of this is simply viewing your csv file in the terminal – if you’re seeing a lot of unrecognizable characters where you’d expect to see line breaks, you’ve created your csv with one of these applications. Drop your csv into vi, TextWrangler or even TextEdit, and do a find and replace on the fake line break and replace it with a real one.

Notes on actually running the script:

  • Try it out on a testing server first!
  • The script takes arguments at execution in the following manner:
    ./info_filler &#91;ldap_admin&#93; &#91;ldap_password&#93; &#91;ldap server&#93; &#91;path/to/csv_file&#93;
  • Make sure that you’re passing the directory administrator username and password – this is the username and password you set up when you first promoted your server to an Open Directory Master.
  • The LDAP server argument is either the FQDN of your server, or it’s IP adress – i.e.
  • Change the settings within the script for your base DN and add more variables if required for your environment:
  • Be Patient! Depending on how many users you’re filling in information for, this script could take a few moments to run, in my testing I found 5-8 minutes was reasonable for a couple hundred users.

    The script is available for download from our scripts archive here.


    Andrina Kelly is responsible for anything and everything touched by, or connected to, a Mac at Bell Media, Canada's premiere multimedia company. You may recognize her name from the end credits of Canada's evening news broadcast. She has previously spoken at MacSysAdmin, JAMF National Users Conference, Apple's WWDC, Macworld IT conferences, Mac Networkers Retreat, and Canada MacExpo.

    More Posts

  • No Comments

    • Whoops – forgot to login before posting that. I thought I should clarify
      a little:

      If you want to use that modification, find the line that starts with
      "LAST=`ldapsearch -x -b […]`" and swap out the code above for the
      portion of that line that starts at "| grep cn:"

      Enjoy, and thanks! This script saved me *hours upon hours* of work.

    • So, can you us exactly how you’re trying to execute the script – and have
      you modified the script to suit your environment – i.e. removed the entries?

    • Curious to know if there is anyway just to import the first and last names and of
      the users into the info tab and ignore the rest of the information..

      Could I just comment out the rest of the information (street, email, phone, etc)?

      • Indeed, comment out the sections you’re not interested in –
        although, I’d be inclined to do a slight rewrite if that’s all you’re
        requiring, and simply pull out this section

        FIRST=`ldapsearch -x -b "dc=$DC_PART1,dc=$DC_PART2" uid=$
        {line} cn | grep cn: | sed -e 's/cn: //g' | sed -e 's/[0-9]//g'| awk 
        '{print $1}'`
        LAST=`ldapsearch -x -b "dc=$DC_PART1,dc=$DC_PART2" uid=$
        {line} cn | grep cn: | sed -e 's/cn: //g' | sed -e 's/[0-9]//g' | awk 
        '{print $2 $3}'`

        and cut your ldif down with only these portions:

        cat << EOF >> /tmp/users.ldif
        dn: uid=$line,cn=Users,dc=$DC_PART1,dc=$DC_PART2
        changetype: modify
        replace: givenName
        givenName: $FIRST
        replace: sn
        sn: $LAST

        If you’re only looking for first and last name, I wouldn’t go to the
        trouble of the csv file either – use something like this to get your

        USERS="dscl /LDAPv3/ -list /Users"

        and then throw that into use with a while loop:

        $USERS | while read line
        <ldif file creation here>

        And how about another idea…. I find ldapmodify significantly more
        reliable, however, we can use dscl is you’re only talking about a
        small-ish number of users (be wary of this as some records can get
        missed with dscl, with you, the admin, being none the wiser):

        $USERS | while read line
        FIRST=`dscl /LDAPv3/ -read /Users/"${line}" | grep cn | 
        sed -e 's/cn\:\ //g' | sed -e 's/[0-9]//g' | awk '{print $1}'` 
        LAST=`dscl /LDAPv3/ -read /Users/"${line}" | grep cn | 
        sed -e 's/cn\:\ //g' | sed -e 's/[0-9]//g' | awk '{print $2 $3}'`
        LDAPv3/ -create /Users/"${line}" sn $LAST
        LDAPv3/ -create /Users/"${line}" FirstName $FIRST

        That should be enough ideas to get you going!


    • Try editing /etc/openldap/slapd_macosxserver.conf

      and add the following

      allow bind_v2

      then restart slapd

    Leave a reply

    You must be logged in to post a comment.