14.2 SLAP Syntax

slaptool [-hlaspcPef] -r object_name_file | -o "object" [file ...]

The following table describes the command options:

Table 14-1 SLAP tool command options

Commands

Description

-h

Displays help message and exit (all other options are ignored).

-l

Excludes userIDs.

-v

Excludes variables (passwords will not be exported in current version).

-a

Excludes applications.

-s

Excludes settings.

-p

Excludes password policies.

-c

Excludes credsets.

v

Excludes Passphrase (affects import only).

-e

Performs export rather than import.

-r

object_name_fileSpecifies a file containing line-delimited object names on which to perform the operation.

-o

object Specifies a particular object on which to operate.

-f

Uses the cache file, rather than accessing a directory (cannot be used with -r or -o, and SecureLogin must be set to use Dummy mode - user will be selected interactively at run time).

[file ...]

Specifies one or more .XML files from which to read data (or to write to in the case of exporting). No file specification reads/writes data from/to stdin/stdout.

For example:

./slaptool.exe -o "CN=bernie.O=novell.T=DEVTEST" initial_setup.xml

This reads userIDs, applications, settings and password policies from the file initial_setup.xml and writes them out to the object:

“CN=bernie.O=novell.T=DEVTEST”

-k [password]

Enables the creation of a passphrase answer for individual users in LDAP and Microsoft* Active Directory environments.

It is mandatory for users to save a passphrase answer on first log on to SecureLogin. The SLAP tool requires password authorization to save user data. The -k switch provides the user password, enabling automated creation of the passphrase answer. This answer can be manually changed by users after provisioning.

For example, the following command is used to import user data and a passphrase question/response combination:

slaptool.exe -k password -o context filename.xml

14.2.1 SLAP Tool Example

The following Perl application definition, created for the example organization discussed previously, assumes user names and passwords are stored in a text file named listofnames.txt. There is one space between each username and password pair per line.

A XML file (see the following example) is required to run this application definition, containing the data for import. Where the data is customized on a per user name basis, the string to be substituted is replaced with *usernamegoeshere*.

For example:

open FILE,"listofnames.txt";
foreach (<FILE>) {
chomp;                  # Clean string
@lines = split(/\n/);   # Split up string
foreach $l (@lines) {
    @fields = split(/\s/);
    $name = $fields[0];
    $pass = $fields[1];
    open DATAFILE,"source.xml";
    open OUTFILE,">data.xml";
    foreach (<DATAFILE>) { # Write up a file specific to this user
        s/\*usernamegoeshere\*/$name/;
        s/\*passwordgoeshere\*/$pass/;
        # Any other variable substitution can be done here too...
        print OUTFILE "$_";
   }
    close DATAFILE;
    close OUTFILE;
   system "slaptool.exe -k \"$pass\" -o \"CN=$name.O=myorg.T=OURCOMPANY\" data.xml";
        }
}
close FILE;
unlink 'data.xml';
****************************************************
Using an XML file called source.xml, run the application definition with the data that is to be imported. For example, you can manually export data from a single user setup with the value for the username replaced with the string "*usernamegoeshere*".


The example application definition does not include error handling.
XML file example
<?xml version="1.0"?>
<SecureLogin>
   <passphrasequestions>
      <question>Please enter a passphrase for SLAP 
testing.</question>
   </passphrasequestions>
   <passphrase>
      <activequestion>Please enter a passphrase for SLAP 
testing.</activequestion>
      <answer>passphrase</answer>
   </passphrase>
   <logins>
      <login>
         <name>fnord</name>
         <symbol>
            <name>username</name>
            <value>bob</value>
         </symbol>
         <symbol>
            <name>Password</name>
            <value>test</value>
         </symbol>
      </login>
<login>
        <name>notepad.exe</name>
         <symbol>
            <name>username</name>
            <value>asdf</value>
         </symbol>
         <symbol>
            <name>Password</name>
            <value>test</value>
         </symbol>
      </login>
      <login>
         <name>testlogin</name>
         <symbol>
            <name>username</name>
            <value>Novell</value>
         </symbol>
         <symbol>
            <name>Password</name>
            <value>test</value>
         </symbol>
      </login>
    </logins>
</SecureLogin>