OK, this is a users object in my test AD domain:
dn: CN=User3,CN=Users,DC=example,DC=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: User3
instanceType: 4
whenCreated: 20150621144659.0Z
uSNCreated: 45224
name: User3
objectGUID: cafff519-eeae-4a4b-8395-09b059a9b919
userAccountControl: 512
codePage: 0
countryCode: 0
primaryGroupID: 513
objectSid: S-1-5-21-2025076216-3455336656-3842161122-2106
accountExpires: 9223372036854775807
sAMAccountName: User3
sAMAccountType: 805306368
userPrincipalName:
Us...@example.com
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=example,DC=com
unixUserPassword: ABCD!efgh12345$67890
msSFU30Name: User3
msSFU30NisDomain: example
uidNumber: 10023
gidNumber: 10007
unixHomeDirectory: /home/User3
loginShell: /bin/false
whenChanged: 20150624075921.0Z
pwdLastSet: 0
uSNChanged: 45447
distinguishedName: CN=User3,CN=Users,DC=example,DC=com
If I wanted to add this user with an ldif, I would use something like this:
dn: CN=User3,CN=Users,DC=example,DC=com
changetype: add
cn: User3
objectClass: user
sAMAccountName: User3
userPrincipalName:
Us...@example.com
name: User3
userAccountControl: 512
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=example,DC=com
uid: User3
msSFU30Name: User3
msSFU30NisDomain: example
uidNumber: 10023
gidNumber: 10007
loginShell: /bin/false
unixHomeDirectory: /home/User3
unixUserPassword: ABCD!efgh12345$67890
dn: CN=User3,CN=Users,DC=example,DC=com
changetype: modify
replace: unicodePwd
unicodePwd::$UNICODEPWD"
To get $UNICODEPWD, I would do this:
UNICODEPWD=$(echo -n "\"$_USER_PW\"" | $_ICONV -f UTF-8 -t UTF-16LE |
$_BASE64 -w 0)
As you can see the required ldif is different from yours and I told you
this over on the samba-technical mailing list.
The easiest way for you to add the users will be to write a script that
will parse your ldif, using it to obtain the user name etc and then use
'samba-tool user create' to actually create the users, your only problem
will be obtaining the users password. Unless you know the users plain
passwords, it may be easier to create a new password and set the user to
change the password at next logon.
Rowland
Rowland