USAGE for manage_users_from_ldap.sh v1.3.3: manage_users_from_ldap.sh -i [-c] [-d] [-L ] [-si] [-v] [-n] [-D] or manage_users_from_ldap.sh [-h|-man|-V] DESCRIPTION: This custom script is useful only in scenarios where the command 'p4 ldapsync' does not work in '-u' (update) mode. This can happen if certain data elements in LDAP contain characters incompatible with Perforce (e.g. '#' chars). In cases where 'ldapsync -u' works as expected, this script is not needed. This script relies on 'p4 ldapsync' working with '-g' (group management) mode. It a will abort of this fails. The basic idea for this script is that all Perforce users must by in either or both of these two groups to have an account: * p4-users * p4-users-non-ldap This script does the following: * Calls 'p4 ldapsync -g' to update the Perforce group p4-users from the LDAP group of the same name. * Detects users missing from Perforce, i.e. if an account is listed in either of the two group noted above, but does not have a Perforce account. Missing users will be reported, and optionally added with '-c'. * Detects extra users in Perforce, i.e. if any exist in Perforce but are not listed in either of the two groups noted above. Extra users will be reported. If '-d' is specified, extra users will be deleted, along with all of their workspaces (according to the Owner field of the client spec). Workspace removal is done using a command like: p4 client -df -Fs These flags will blast checkouts and deleted sheled files associated with the workspace. To preserve shelved files, they must be unshelved by another user in another workspace prior to running this script. Workspace removal can fail in some edge cases, such as if the user has files checked out to a workspace for which they are not the listed Owner. Manual corrective action is necessary in these cases. If workspace removal fails, user removal will fail. OPTIONS: -i Specify the SDP instance name. If the '-i' flag is omitted, the value is derived from the $SDP_INSTANCE environment variable. If $SDP_INSTANCE is not defined, then '-i ' is required. -c Create users that exist in either of the two user groups mentioned above but which do not exist in Perforce. Users will be added with an Email field value of @, where domain is determined from the MAILFROM setting, which evaluates to @. The FullName field is set to the same value as the userid, and can be adjusted by the user manually. The AuthMethod will be set to whatever the default is (per the auth.default.method configurable). By default, without '-c', users to be added are reported, but no action is taken. As a safety feature, a maximum of 5 missing users will be added on any one invocation of this script. To add more users, call this script as many times as needed. -d Delete extra uses and any client specs (workspaces) for which they are the listed Owner. By default, without '-d', users to be added are reported, but no action is taken. As a safety feature, a maximum of 5 extra users will be deleted on any one invocation of this script. To delete more users, call this script as many times as needed. -v Set verbosity 1-5 (-v1 = quiet, -v5 = highest). NOTE: This script is self-logging. That is, output displayed on the screen is simultaneously captured in the log file. Do not run this script with redirection operators like '> log' or '2>&1', and do not use 'tee'. -si Operate silently. All output (stdout and stderr) is redirected to the log only; no output appears on the terminal. -n No-Op. Prints certain commands instead of running them. Some commands, such as the 'p4 ldapsync -g' command that does not affect data, are executd regardless of whether '-n' is used. Using '-n' will prevent creation and removal of users even if '-c' and/or '-d' are used. -D Set extreme debugging verbosity. HELP OPTIONS: -h Display short help message -man Display man-style help message -V Dispay version info for this script and its libraries. EXAMPLES: Sample call from cron: manage_users_from_ldap.sh -i 1 -c