15.2 The SLAP Syntax

slaptool [-hlaspcPef] -r object_name_file | -o "object" [file ...]

The following table describes the command options.




Displays a help message and exits (all other options are ignored).


Excludes user IDs.


Excludes variables (passwords will not be exported in the current version).


Excludes applications.


Excludes settings.


Excludes password policies.


Excludes credsets.


Excludes passphrases (affects an import only).


Performs an export rather than an import.



Specifies a file containing line-delimited object names on which to perform the operation.



Specifies a particular object on which to operate.


Uses the cache file, rather than accessing a directory. Cannot be used with -r or -o, and SecureLogin must be set to use Dummy mode. The user is selected interactively at run time).


Specifies one or more .XML files from which to read data (or to write to for exporting). No file specification. It reads and writes data from and to the stdin and stdout.

For example:

./slaptool.exe -o "CN=bernie.O=activcard.T=DEVTEST" initial_setup.xml

This reads userIDs, applications, settings and password policies from the file initial_setup.xml and writes them out to the object:


-k [password]

Enables the creation of a passphrase answer for individual users in LDAP and Microsoft Active Directory environments.

It is mandatory for users to save a passphrase answer on first log in to SecureLogin. The SLAP tool requires password authorization to save user data. The -k switch provides the user password, enabling automated creation of the passphrase answer. This answer can be manually changed by users after provisioning.

For example, the following command is used to import user data and a passphrase question and answer combination:

slaptool.exe -k password -o context filename.xml

This reads userIDs, applications, settings, and password policies from the file initial_setup.xml file and writes them out to the object: “CN=writer.O=novell.T=DEVTEST”

SLAP Tool Example

The following Perl application definition, created for the example organization discussed previously, assumes that usernames and passwords are stored in a text file named listofnames.txt. There is one space between each username and password pair per line.

A XML file, such as the XML File Example is required to run this application definition, containing the data for import. Where the data is customized on a per user name basis, the string to be substituted is replaced with *usernamegoeshere*.

For example:

open FILE,"listofnames.txt";
foreach (<FILE>) {
chomp;                  # Clean string
@lines = split(/\n/);   # Split up string
for each $l (@lines) {
    @fields = split(/\s/);
    $name = $fields[0];
    $pass = $fields[1];
    open DATAFILE,"source.xml";
    open OUTFILE,">data.xml";
    foreach (<DATAFILE>) { # Write up a file specific to this user
        # Any other variable substitution can be done here too...
        print OUTFILE "$_";
    close DATAFILE;
    close OUTFILE;
   system "slaptool.exe -k \"$pass\" -o
\"CN=$name.O=myorg.T=OURCOMPANY\" data.xml";
close FILE;
unlink 'data.xml';

Using an XML file called source.xml, run the application definition with the data that is to be imported. For example, you can manually export data from a single user setup with the value for the username replaced with the string "*usernamegoeshere*".

NOTE:The example application definition does not include error handling.

XML File Example

<?xml version="1.0"?>
      <question>Please enter a passphrase for SLAP testing.</question>
      <activequestion>Please enter a passphrase for SLAP