SecureLogin Attribute Provisioning Tool

The SecureLogin Attribute Provisioning Tool (SLAP tool) enables SecureLogin to leverage an organization's provisioning system. You can use the SLAP tool to import the following data, in XML format, from third-party applications into the SecureLogin user's datastore as well as export information (except for passwords and passphrases):

The SLAP tool operates as a bidirectional translator between SecureLogin data in a directory and an XML file. The XML schema used is the same as the Copy Settings GUI importer/exporter. In addition to copying settings, the SLAP tool can extract usernames. The SLAP tool doesn't export sensitive data such as passwords and passphrases.

For example, an organization with 10,000 users in a SAP* system, implementing SecureLogin, can speed deployment significantly by automating the initial user login with the SLAP tool. Use the SLAP tool to extract the usernames and passwords into a text file that is subsequently loaded into SecureLogin. The SLAP tool removes the requirement for each user to enter credentials on first login to SecureLogin.


SLAP Tool Syntax

The SLAP tool syntax is

slaptool [-hlaspcPef] -r object_name_file | -o "object" [file ...]
Option Description

-h

Displays a help message and exits. (All other options are ignored.)

-l

Excludes user IDs.

-v

Excludes variables. (Passwords aren't exported in the current version.)

-a

Excludes applications.

-s

Excludes settings.

-p

Excludes password policies.

-c

Excludes credsets.

-P

Excludes the passphrase. (Affects import only.)

-e

Performs an export rather than an import.

-r object_name_file

Specifies a file containing line-delimited object names on which to perform the operation.

-o object

Specifies a particular object on which to operate.

-f

Uses the cache file, rather than accessing a directory. (This option can't be used with -r or -o, and SecureLogin must be set to use Dummy mode. The user is selected interactively at runtime).

[file ...]

Specifies one or more .xml files to read data from (or, if exporting, to write data to). No file specification reads or writes data from or to stdin or stdout.

For example,

./slaptool.exe -o "CN=markus.O=novell.T=RDev" initial_setup.xml

In this example, slaptool.exe reads user IDs, applications, settings and password policies from the file initial_setup.xml and writes them out to the object CN=markus.O=novell.T=RDev.


SLAP Tool Example

The following example Perl script assumes usernames and passwords are stored in a text file named listofnames.txt. There is one space between each username and password pair per line.

An XML file that contains the data for import is required to run this script. Where the data is customized on a per username basis, the string to be substituted is replaced with *usernamegoeshere*.

open FILE,"listofnames.txt"; 
foreach (<FILE>) {
chomp; # Clean string
@lines = split(/\n/); # Split up string
foreach $l (@lines) {
@fields = split(/\s/);
$name = $fields[0];
$pass = $fields[1];
open DATAFILE,"source.xml";
open OUTFILE,">data.xml";
foreach (<DATAFILE>) { # Write up a file specific to this user
s/\*usernamegoeshere\*/$name/;
s/\*passwordgoeshere\*/$pass/;
# Any other variable susbstitution can be done here too...
print OUTFILE "$_";
}
close DATAFILE;
close OUTFILE;
system "slaptool.exe -o \"CN=$name.O=myorg.T=OURCOMPANY\" data.xml";
}
}
close FILE;
unlink 'data.xml';

Using an XML file called source.xml, run the script with the data to be imported. For example, import data that has been manually exported from a single user setup, but with the value for the username replaced with the string "*usernamegoeshere*".

The example script does not include error handling.


XML File Example

<?xml version="1.0"?><securelogin>   <passphrasequestions>      <question>Please enter a passphrase for SLAP testing.</question>   </passphrasequestions>   <passphrase>      <activequestion>Please enter a passphrase for SLAP testing.</activequestion>      <answer>passphrase</answer>   </passphrase>   <logins>      <login>         <name>fnord</name>         <symbol>            <name>username</name>            <value>bob</value>         </symbol>         <symbol>            <name>Password</name>            <value>test</value>         </symbol>      </login>      <login>         <name>notepad.exe</name>         <symbol>            <name>username</name>            <value>asdf</value>         </symbol>         <symbol>            <name>Password</name>            <value>test</value>         </symbol>      </login>      <login>         <name>testlogin</name>         <symbol>            <name>username</name>            <value>Novell</value>         </symbol>         <symbol>            <name>Password</name>            <value>test</value>         </symbol>      </login>    </logins></securelogin>


Running Slaptool.exe

Run slaptool.exe from a command prompt.

If slaptool.exe doesn't run from the securelogin\tools directory, you might need to copy the following files to the Program Files\Novell\SecureLogin directory, and run slaptool.exe from there: