User management
This training page describes adding internal and external users and groups to Perforce IPLM. Adding users to groups and listing users and groups is also discussed.
Perforce IPLM users and groups
Users and groups in Perforce IPLM can be defined either internally or externally from a system such as LDAP or AD. Internal users can be converted to external users, but not the other way around. When users and groups are defined externally, the externally defined fields become read-only from Perforce IPLM, the external source is maintained as the authoritative definition of the user or group. Other fields, and subgroup membership that doesn't interfere with the external definition can be modified from within Perforce IPLM.
Internal users and groups
Adding users to Perforce IPLM through internal commands
Perforce IPLM maintains a special internal 'admin' group that can only be defined internally, and can't be removed or overwritten by any external source. Users added to the 'admin' group become administrators, and in addition to the capabilities of non-administrator users, have the ability to add new Libraries, edit and manage users, manage permissions (also shared by 'owner' lever permissions on a specific object), and edit all IPs and workspaces. Administrator status can be removed by removing the user from the 'admin' group. Perforce IPLM also defines a special internal-only 'admin' user account that is a permanent member of the 'admin' group. An admin can create users and groups in Perforce IPLM as shown below:
> pi user add testuser This will bring up the following template: [USER] # Username is required and must be a unique identifier. # Must not contain colons ":" or newline characters. name = testuser # Email is required email = testuser@example.com # Password is required password = # Full name is optional fullname = Test User # Description is optional description = a test user # The Icon is optional icon = Successfully created User 'testuser'.
> pi group add newgroup This will bring up the form as seen below: [GROUP] # Name is required name = newgroup # Description is optional description = a new group # The Icon is optional icon = # Sub groups sub_groups = # Members of the group users = testuser Successfully created Group 'newgroup'
To see the list of users in Perforce IPLM user:
> pi user list
To see more details about the user and whether they are internal or external users and the groups they belong to, use:
> pi user list -v
The output seen will be as below.
> pi user list
┌──────────┬───────────────────┬────────────────────────┐
│ USER │ FULL NAME │ EMAIL │
╞══════════╪═══════════════════╪════════════════════════╡
│ admin │ admin │ root@localhost │
│ mdxtut │ MDX tutorial user │ mdxtut@example.com │
│ testuser │ Test User │ testuser@example.com │
└──────────┴───────────────────┴────────────────────────┘
Found 3 matching object(s).
> pi user list -v
User mdxtut:
Full name - MDX tutorial user
E-mail - mdxtut@example.com
Description -
Source - Internal
Groups - tutorial
License - PI-L1
User admin:
Full name - admin
E-mail - root@localhost
Description - Admin
Source - Internal
Groups - admin
License - PI-L1
User testuser:
Full name - Test User
E-mail - testuser@example.com
Description - a test user
Source - Internal
Groups - newgroup
License - PI-L1
Found 3 matching object(s)
Internal Perforce IPLM User Authentication
Internal users are authenticated with Perforce IPLM via the command:
> pi login <username>
> pi login mdxtut Password: Successfully logged in as 'mdxtut'
External Users and Groups
Adding Users to Perforce IPLM through External Sources
Instead of using individual commands to add users and groups, an external user source, typically LDAP or Active Directory, may be configured to supply user and group information to Perforce IPLM. The admin can import external users and groups into Perforce IPLM using the command:
> pi user sync
The above command will run a predefined user supplied script that will access the external data source and return the external user and group definition data required by Perforce IPLM. The location of the script will have to be defined in the piserver configuration. The configuration file is:
/etc/mdx/piserver.yml
externalSync:
# External synchronization script
script: /etc/mdx/ext-sync.sh
Here is an example of a user sync script and below is the user and group list returned to Perforce IPLM in JSON format:
{
"users": [
{
"username": "john",
"fullname": "John Doe",
"email": "john@example.com" },
{
"username": "jane",
"fullname": "Jane Doe",
"email": "jane@example.com" },
{
"username": "ian",
"fullname": "Ian Smith",
"email": "ian@example.com" },
{
"username": "mary",
"fullname": "Mary Smith",
"email": "mary@example.com" },
{
"username": "fanny",
"fullname": "Fanny Smith",
"email": "fanny@example.com" },
{
"username": "may",
"fullname": "May Smith",
"email": "may@example.com" }
],
"groups": [
{
"groupname": "Blue",
"members": ["john", "jane"]
},
{
"groupname": "Green",
"members": ["ian", "mary"]
},
{
"groupname": "Colors",
"subgroups": ["Blue", "Green"]
"members": ["fanny", "may"]
}
]
}
External Perforce IPLM User Authentication
External users are authenticated by the external data source rather than internally by Perforce IPLM. An Auth script must be provided to enable authentication, this script should be defined in the piserver configuration file (piserver.yml). The location of the script will be defined in the piserver configuration file as shown below:
# Absolute path to the external authentication script
security.externalAuthenticationScript = /etc/mdx/ext-auth.sh
externalSecurity:
# External authentication script
script: /etc/mdx/ext-auth.sh
More information about adding internal and external users and groups can be found in the Users and Groups section of the Perforce IPLM Administration Manual.