Some time ago I threw together a script that lets you import many users into a Plone site. See http://www.uwosh.edu/ploneprojects/docs/how-tos/mass-or-batch-user-create.
Complicated by CSRF Protection
Recently I found out that Plone's new plone.protect CSRF protection makes it harder to run a Script (Python) through the ZMI. When you click the Test tab, even though everything looks like it ran, in the event log you'll find an INFO message saying that the transaction was aborted because it may have been a CSRF exploit.
Fake Out the CSRF Protection
You can still run a Script (Python) from the ZMI by getting the value of the authentication ticket that plone.protect is expecting.
You will find the value of the authentication ticket has been appended to every clickable link within a Plone site that has plone.protect, e.g.
Append it to the URL of the Test tab, so instead of going to the URL
you would go to
Or Run It From the Command Line
I modified the script so now you can run it from the command line on the server:
bin/client1 run importusers.py