USAGE for manage_users_from_ldap.sh v1.4.2: manage_users_from_ldap.sh -i [-c] [-d] [-L ] [-si] [-v] [-n] [-D] or manage_users_from_ldap.sh [-h|-man|-V] DESCRIPTION: This script wraps the 'p4 ldapsync' command, adding email reporting functionality. This script relies on 'p4 ldapsync' working properly. That implies ldap specs are configured with credentials for a 'reader' account, and two Perforce groups identified in this script are defined. The basic idea for this script is that all Perforce users must by in either or both of these two groups to have an account: * LDAP-PerforceHelixUsers * Non-LDAP-Users This script does the following: * Calls 'p4 ldapsync -g' to update the Perforce group LDAP-PerforceHelixUsers from the LDAP group of the same name. * Calls 'p4 ldapsync -g' to update the Perforce group LDAP-PerforceHelixAdmins from the LDAP group of the same name. * Detects users missing from Perforce, i.e. if an account is listed in either of the two group noted above, but does not have a Perforce account. Missing users will be reported, and optionally added with '-c'. * Detects extra users in Perforce, i.e. if any exist in Perforce but are not listed in either of the two groups noted above. Extra users will be reported. If '-d' is specified, extra users will be deleted, along with all of their workspaces (according to the Owner field of the client spec). Workspace removal is done using a command like: p4 client -df -Fs These flags will blast checkouts and deleted sheled files associated with the workspace. To preserve shelved files, they must be unshelved by another user in another workspace prior to running this script. Workspace removal can fail in some edge cases, such as if the user has files checked out to a workspace for which they are not the listed Owner. Manual corrective action is necessary in these cases. If workspace removal fails, user removal will fail. WORING AROUND A SPECIFIC LDAP INCOMPATIBILITY: This custom script is needed in scenarios where the command 'p4 ldapsync' does not work in '-u' (update) mode. This can happen if certain data elements in LDAP contain characters incompatible with Perforce (e.g. '#' chars). In cases where 'ldapsync -u' works as expected, this script's primary value is the admin communication emails and workflow related to notifying about users to be cleane up, or actively removing such users. OPTIONS: -i Specify the SDP instance name. If the '-i' flag is omitted, the value is derived from the $SDP_INSTANCE environment variable. If $SDP_INSTANCE is not defined, then '-i ' is required. -c Create users that exist in either of the two user groups mentioned above but which do not exist in Perforce. Users will be added with an Email field value of @, where domain is determined from the MAILFROM setting, which evaluates to @p4demo.com. The FullName field is set to the same value as the userid, and can be adjusted by the user manually. The AuthMethod will be set to whatever the default is (per the auth.default.method configurable). By default, without '-c', users to be added are reported, but no action is taken. As a safety feature, a maximum of 5 missing users will be added on any one invocation of this script. To add more users, call this script as many times as needed. -d Delete extra uses and any client specs (workspaces) for which they are the listed Owner. By default, without '-d', users to be added are reported, but no action is taken. As a safety feature, a maximum of 5 extra users will be deleted on any one invocation of this script. To delete more users, call this script as many times as needed. -v Set verbosity 1-5 (-v1 = quiet, -v5 = highest). NOTE: This script is self-logging. That is, output displayed on the screen is simultaneously captured in the log file. Do not run this script with redirection operators like '> log' or '2>&1', and do not use 'tee'. -si Operate silently. All output (stdout and stderr) is redirected to the log only; no output appears on the terminal. -n No-Op. Prints certain commands instead of running them. Some commands, such as the 'p4 ldapsync -g' command that does not affect data, are executd regardless of whether '-n' is used. Using '-n' will prevent creation and removal of users even if '-c' and/or '-d' are used. -D Set extreme debugging verbosity. HELP OPTIONS: -h Display short help message -man Display man-style help message -V Dispay version info for this script and its libraries. EXAMPLES: Sample call from cron: manage_users_from_ldap.sh -i 1 -c