During our last project, one of the Application Teams requested our help because they needed to execute some commands in IAPI with a specific user for which they didn’t know the password. They tried to use a DM_TICKET as I suggested them but they weren’t able to do so. Therefore I gave them detailed explanations of how to do that and I thought I should do the same in this blog because I was thinking that maybe a lot of people don’t know how to do that.

 

So let’s begin! The first thing to do is obviously to obtain a DM_TICKET… For that purpose, you can log in to the Content Server and use the local trust to login to the docbase with the Installation Owner (I will use “dmadmin” below). As said just before, there is a local trust in the Content Server and therefore you can put any password, the login will always work for the Installation Owner (if the docbroker and docbase are up of course…):

[dmadmin@content_server_01 ~]$ iapi DOCBASE -Udmadmin -Pxxx
 
 
        EMC Documentum iapi - Interactive API interface
        (c) Copyright EMC Corp., 1992 - 2015
        All rights reserved.
        Client Library Release 7.2.0050.0084
 
 
Connecting to Server using docbase DOCBASE
[DM_SESSION_I_SESSION_START]info:  "Session 013f245a8000b7ff started for user dmadmin."
 
 
Connected to Documentum Server running Release 7.2.0050.0214  Linux64.Oracle
Session id is s0

 

Ok so now we have a session with the Installation Owner and we can therefore get a DM_TICKET for the specific user I was talking about before. In this blog, I will use “adtsuser” as the “specific user” (ADTS user used for renditions). Getting a DM_TICKET is really simple in IAPI:

API> getlogin,c,adtsuser
...
DM_TICKET=T0JKIE5VTEwgMAoxMwp2ZXJzaW9uIElOVCBTIDAKMwpmbGFncyBJTlQgUyAwCjEKc2VxdWVuY2VfbnVtIElOVCBTIDAKMTgwCmNyZWF0ZV90aW1lIElOVCBTIDAKMTQ1MDE2NzIzNwpleHBpcmVfdGltZSBJTlQgUyAwCjE0NTAxNjc1MzcKZG9tYWluIElOVCBTIDAKMAp1c2VyX25hbWUgU1RSSU5HIFMgMApBIDggYWR0c3VzZXIKcGFzc3dvcmQgSU5UIFMgMAowCmRvY2Jhc2VfbmFtZSBTVFJJTkcgUyAwCkEgMTEgU3ViV2F5X2RlbW8KaG9zdF9uYW1lIFNUUklORyBTIDAKQSAzMSBQSENIQlMtU0QyMjAwNDYuZXUubm92YXJ0aXMubmV0CnNlcnZlcl9uYW1lIFNUUklORyBTIDAKQSAxMSBTdWJXYXlfZGVtbwpzaWduYXR1cmVfbGVuIElOVCBTIDAKMTEyCnNpZ25hdHVyZSBTVFJJTkcgUyAwCkEgMTEyIEFBQUFFSWlRMHFST1lIZEFrZ2hab3hTUUEySityd2xPdnZVcVdKbFdVdTUrR2lDV3ZtY1dkRzVwZnRwVWRDeVVldE42QjVOMnVxajZwYnI3MEthaVNpdGU5aWdmRk43bDA0cjM0d0JtYlloaUpQWXgK
API> exit
Bye

 

Now we do have a DM_TICKET for the user “adtsuser” so let’s try to use it. You can try to login in the “common” way as I did above but that will just not work because what we got is a DM_TICKET and that’s not a valid password. Therefore you will need to use something else:

[dmadmin@content_server_01 ~]$ iapi -Sapi
Running with non-standard init level: api
API> connect,DOCBASE,adtsuser,DM_TICKET=T0JKIE5VTEwgMAoxMwp2ZXJzaW9uIElOVCBTIDAKMwpmbGFncyBJTlQgUyAwCjEKc2VxdWVuY2VfbnVtIElOVCBTIDAKMTgwCmNyZWF0ZV90aW1lIElOVCBTIDAKMTQ1MDE2NzIzNwpleHBpcmVfdGltZSBJTlQgUyAwCjE0NTAxNjc1MzcKZG9tYWluIElOVCBTIDAKMAp1c2VyX25hbWUgU1RSSU5HIFMgMApBIDggYWR0c3VzZXIKcGFzc3dvcmQgSU5UIFMgMAowCmRvY2Jhc2VfbmFtZSBTVFJJTkcgUyAwCkEgMTEgU3ViV2F5X2RlbW8KaG9zdF9uYW1lIFNUUklORyBTIDAKQSAzMSBQSENIQlMtU0QyMjAwNDYuZXUubm92YXJ0aXMubmV0CnNlcnZlcl9uYW1lIFNUUklORyBTIDAKQSAxMSBTdWJXYXlfZGVtbwpzaWduYXR1cmVfbGVuIElOVCBTIDAKMTEyCnNpZ25hdHVyZSBTVFJJTkcgUyAwCkEgMTEyIEFBQUFFSWlRMHFST1lIZEFrZ2hab3hTUUEySityd2xPdnZVcVdKbFdVdTUrR2lDV3ZtY1dkRzVwZnRwVWRDeVVldE42QjVOMnVxajZwYnI3MEthaVNpdGU5aWdmRk43bDA0cjM0d0JtYlloaUpQWXgK
...
s0

 

Pretty simple, right? So let’s try to use our session like we always do:

API> retrieve,c,dm_server_config
...
3d3f245a80000102
API> dump,c,l
...
USER ATTRIBUTES

  object_name                                   : DOCBASE
  title                                         : 
  ...

 

And that’s it, you have a working session with a specific user without the need to know any password, you just have to obtain a DM_TICKET for this user using the local trust of the Installation Owner!