Importing users with a password

A

Askew

Registered
In Workgroup Manager, there is the ability to export all of your users. However, when exporting, the dialog states that passwords are not exported and to manually add them to the text file if they are needed.

I am unable to find documentation from apple saying how to edit the file so that a user's password is imported. I've tried a few different things with the exported file with no avail.

How can I add a password for each user with the file generated by and export from WGM?

Thanks :)
 
Well, to actually export the users passwords, use mkpassdb. You'll need a directory to save it to. For example:

sudo mkdir /path/to/backup_directory
sudo mkpassdb -backupdb /same/path/as_above
 
ok...looks good...but then how can i move the password file created by running the commands you listed above to the 2nd server?

basically, what i want to do is duplicate the list of users and their passwords on a second os x server.

so, can i use the exported file from WGM for the user names, and the password file from mkpassdb to somehow restore the passwords? if so, how do i restore the passwords?

Thanks :)
 
Yes, you can restore them. First things first though, if you have two server licenses and two different boxes, why not make the secondary server an OD replica? Then you'd have redundancy. If you want to retire that first server, make the second a replica and then promote it to be the Master. Then your migration is done for you. :)

So, what you'll do in the situation you've been talking about, use WGM to import all the LDAP user data. Then securely move over the password database that you dumped out in the previous steps. You can put it on a FW drive or such to move it, just be sure to delete it out when your done. You can use:

sudo mkpassdb -mergeparent to accomplish this. You'll also want to use mkpassdb -kerberize to kerberize the password server.
 
Go3iverson said:
Yes, you can restore them. First things first though, if you have two server licenses and two different boxes, why not make the secondary server an OD replica? Then you'd have redundancy. If you want to retire that first server, make the second a replica and then promote it to be the Master. Then your migration is done for you. :)
Click to expand...

Although this surely is the best way, another way is (if you can not make a replica for some reason), you also can use the MASTER LDAP / OD information on the second server (same effect as replica, but not the advantage of the backup). You can even edit the MASTER on the 2nd server.

This will work instantly, so when a user is created / removed / changed, the next login will use that information. This is the way I have my mailserver listening to the fileserver for valid logins AND a the MAILSERVER itself has also a database, which contains valid logins (web-users are in general not allowed to login to the fileserver, the reverse (employees) do have an email address.

Use the utility DIRECTORY ACCESS to tell uou 2nd server to incorporate the MASTER (1st server OD) into its own OD.

I sure will use above backup method for my LOGIN entries.


Good Luck, Kees
 
whenever i try to run mkpassdb -backupdb i get the following error:

cannot validate the active database.
-1


is something wrong with my setup? users are able to login and get mail no problem
 
You must log in or register to reply here.
Back
Top