this works: create Server.app users with dscl

misterfriendly · August 21, 2014, 3:36pm

Here’s a script for setting up student & teacher accounts on OS X Server (I tested this with 10.9.4). Modify to suit your needs.


set errorLog to (path to desktop as text) & "dscl_create_users_errorLog.txt" -- or wherever you want to save it
try
	close access file errorLog
end try
set errorFile to open for access errorLog with write permission

set {adminName, adminPW} to {text returned of (display dialog "Please enter an admin username:" default answer ""), ¬
	text returned of (display dialog "Please enter an admin password:" default answer "" with hidden answer)} -- username and password of the local admin user, so that you don't have to type it in a million times while running the script

set theUsers to {{1111, "someteacher", "Some", "Teacher"}, {2222, "somestudent", "Some", "Student"}} -- faculty UID's are between 1000 and 1999, students are 2000 and up

repeat with u in theUsers
	set dsclShells to {}
	set {uid, username, firstname, lastname} to {item 1 of u, item 2 of u, item 3 of u, item 4 of u}
	
	-- find & replace"DirAdmin'sPassword" with your real diradmin's password in the commands below
	-- also put in the real FQDN of your server and the path to the home directories
	
	set end of dsclShells to {"dscl -u diradmin -P DirAdmin'sPassword /LDAPv3/127.0.0.1 -create /Users/" & username} --create the user
	set end of dsclShells to {"dscl -u diradmin -P DirAdmin'sPassword /LDAPv3/127.0.0.1 -create /Users/" & username & " FirstName " & firstname} --set the first name
	set end of dsclShells to {"dscl -u diradmin -P DirAdmin'sPassword /LDAPv3/127.0.0.1 -create /Users/" & username & " LastName " & lastname} -- set the last name
	set end of dsclShells to {"dscl -u diradmin -P DirAdmin'sPassword /LDAPv3/127.0.0.1 -create /Users/" & username & " UniqueID " & uid} --set the UID
	set end of dsclShells to {"dscl -u diradmin -P DirAdmin'sPassword /LDAPv3/127.0.0.1 -passwd /Users/" & username & " " & username} --set the password to username (or whatever)
	set end of dsclShells to {"dscl -u diradmin -P DirAdmin'sPassword /LDAPv3/127.0.0.1 -create /Users/" & username & " RealName " & (quoted form of (firstname & " " & lastname))} --set the display name
	set end of dsclShells to {"dscl . -append /Groups/com.apple.access_afp GroupMembership " & username} -- allow AFP
	set end of dsclShells to {"dscl . -append /Groups/com.apple.access_smb GroupMembership " & username} -- allow SMB
	set end of dsclShells to {"dscl -u diradmin -P DirAdmin'sPassword /LDAPv3/127.0.0.1 -append /Groups/staff GroupMembership " & username} -- add to 'staff' group :: that's the 'Open Directory Users' group, not 'staff' as in 'teachers'
	set end of dsclShells to {"dscl -u diradmin -P DirAdmin'sPassword /LDAPv3/127.0.0.1 -create /Users/" & username & " PrimaryGroupID 20"} -- set primary group to 'staff'
	set end of dsclShells to {"dscl -u diradmin -P DirAdmin'sPassword /LDAPv3/127.0.0.1 -create /Users/" & username & " UserShell /bin/bash"} -- set default shell
	set end of dsclShells to {"dscl -u diradmin -P DirAdmin'sPassword /LDAPv3/127.0.0.1 -create /Users/" & username & " NFSHomeDirectory /Network/Servers/myserver.myschool.edu/path/to/userhomes/" & username} -- set home directory
	set end of dsclShells to {"dscl -u diradmin -P DirAdmin'sPassword /LDAPv3/127.0.0.1 -create /Users/" & username & " HomeDirectory " & quoted form of ("<home_dir><url>afp://myserver.myschool.edu/path/to/userhomes</url><path>" & username & "</path></home_dir>")} --set AFP home path
	if uid < 2000 then set end of dsclShells to {"dscl -u diradmin -P DirAdmin'sPassword /LDAPv3/127.0.0.1 -append /Groups/faculty GroupMembership " & username} -- user is faculty; add to faculty group
	set end of dsclShells to {"dscl -u diradmin -P DirAdmin'sPassword /LDAPv3/127.0.0.1 -append /Groups/students GroupMembership " & username} -- add to students group :: we add everyone to 'students' but you don't have to
	set end of dsclShells to {"mkdir -p " & (quoted form of ("/path/to/userhomes/" & username))} -- create home directory
	set end of dsclShells to {"chown -R " & username & ":staff " & (quoted form of ("/path/to/userhomes/" & username))} -- set home directory owner & group
	
	repeat with theShell in dsclShells
		try
			do shell script theShell user name adminName password adminPW with administrator privileges
		on error theError -- log to file
			write ((current date) as text) & return & theShell & return & theError & return & return to errorFile starting at eof
		end try
	end repeat
end repeat
close access errorFile

Browser: Safari 537.36
Operating System: Mac OS X (10.8)

alastor933 · August 21, 2014, 3:57pm

This wiil be much faster without the repeat loop. Just convert the list of shell commands to text, using a semicolon as delimiter:

-- chain the commands
set text item delimiters to ";"
set theCmdString to dsclShells as text
set text item delimiters to ""

-- execute the commands in one fell swoop
do shell script theCmdString with administrator privileges

misterfriendly · August 21, 2014, 4:03pm

I find it a little easier to intercept errors if you pass one shell command at a time, but yeah.