4

How can export all FreeIPA users to a csv file?

sanjayparmar
  • 623
  • 8
  • 18
  • none that I know of, but quite simple to roll your own with some basic scripting. – natxo asenjo Jul 06 '18 at 20:07
  • 1
    indeed, two minutes with a shell in a host with the ipa-admin tools installed: ipa user-find | grep login | awk ' {print $NF}' | awk '{printf "%s,",$0} END {print ""}' and I get a comma separated listi of user names. Dumping this to a file and retrieving more than 100 records will be left as an exercise for the reader ;-) – natxo asenjo Jul 06 '18 at 20:17
  • but using Apache Directory Studio (a ldap browser) you can do just that, Select the part of the tree you need, and export it to csv, it works – natxo asenjo Jul 06 '18 at 20:42
  • @natxoasenjo Thanks for your update. I tried same way but I am missing something. I want show in like First Name, Last Name, Email, Mobile. format. – sanjayparmar Jul 08 '18 at 11:11
  • if you try with- ipa user-find --all | grep -E "First|Last|Email" you will get result like. First name: test1 Last name: test2 Email address: test21@ipa.example.com this need to be in CSV format – sanjayparmar Jul 08 '18 at 11:14
  • the easiest without scripting it yourself would be to use Apache Directory Studio, you can specify what attributes you want to export – natxo asenjo Jul 08 '18 at 15:49

2 Answers2

6

This command worked for me:

ipa user-find --all | grep -E "User Login|First|Last|UID|Email" > IPA_RAW.txt

after that, use this perl line to convert the format:

perl -ne 'chomp; print $_ . (($. % 8) ? "," : "\n")' IPA_RAW.txt | awk "Add your filters here" > users-list.csv

thanks

bjoster
  • 4,423
  • 5
  • 22
  • 32
Bilal Masaud
  • 61
  • 1
  • 2
  • If you have a lot of records returned you will need to first modify the limit or the results will be truncated. `ipa config-mod --searchrecordslimit=######` – TJ Zimmerman Mar 04 '21 at 18:48
  • I like that this uses IPA and perl without needing to add other items. I think I will use sed to convert, since I don't know perl. – Jeter-work Mar 18 '22 at 19:20
0

Late but full "copy/paste" answer (based on previous ones - thanks - I could have quit after writing ipa2json); for present and future needs.

Export users with:

ipa user-find --all > ipa.txt

If the output is truncated adjust the limit with the command below and retry:

ipa config-mod --searchrecordslimit=######

To use this method you need nodejs on the machine (or container) where you intend to process ipa.txt; for this I suggest using nvm:

# install nodejs version manager (nvm) for the current user (not root!)
wget https://raw.githubusercontent.com/creationix/nvm/master/install.sh | bash

# install the latest nodejs long time support (lts) version for the current user
nvm install --lts

Install the required scripts as command line tools for the current user:

npm i -g ipa2json      # to convert ipa output to json
npm i -g equalizejson  # to spread missing fields in every record
npm i -g json2csv      # to convert the json to csv

Convert ipa output to json with:

ipa2json ipa.txt > ipa.json

Equalize the json (you need all the fields in all the instances for proper csv conversion) and convert to csv :

equalizejson ipa.json | json2csv > ipa.csv

To uninstall nvm, nodejs and the scripts you may just remove the $NVM_DIR folder (usually ~/.nvm), as documented when you type "nvm" in the terminal.

Luc Deschenaux
  • 1
  • 1
  • i suggest, you should explain what kind of script you plan to install, and why we should install it? – djdomi Jul 21 '21 at 07:07
  • @djdomi If you need answers about some script you consider to install, please be more specific, But first please read the description with "npm info" or on the related github page if the script name is not sufficient to picture it. As for why you should install it, obviously to achieve the expected result. – Luc Deschenaux Jul 26 '21 at 02:04
  • @LucDeschenaux, they're referring to the github script (from a random project from an unknown account) suggested in the answer. There is no information about the script. Due dilligence would be to go to github and look at what the script does. – Jeter-work Mar 18 '22 at 19:17
  • @Jeter-work Good, do look at what the script does despite of anybody says. Or if it is not applicable, run it in a container or a VM without internet access instead, that's best practice. – Luc Deschenaux Mar 20 '22 at 04:03