15.2 The slAP Syntax

slaptool [-hlaspcPef] -r object_name_file | -o "object" [file ...]

The following table describes the command options.

Command

Description

-h

Displays a help message and exits (all other options are ignored).

-l

Excludes user IDs.

-v

Excludes variables.

-a

Excludes applications.

-s

Excludes settings.

-S

Include passwords. Only applies to export operations which include symbols and must be used in conjunction with -E for security.

-p

Excludes password policies.

-E password

Specifies that the generated XML should be encrypted or decrypted using the supplied password. Password must be at least 8 characters long.

-f

Use the current user, for export allow inclusion of password credentials. (cannot be used with -r or -o).

-c

Excludes credsets.

-d

Performs delete rather than import.

For example:

  • To delete logins:

    slaptool -d -o "cn=abc,dc=123" -l

  • To delete applications:

    slaptool -d -o "cn=abc,dc=123" -a

  • To delete password policy:

    slaptool -d -o "cn=abc,dc=123" -p

NOTE:You can also use -f, to perform delete operation for the current user.

For example, slaptool -d -f -l.

-e

Performs an export rather than an import.

-r

object_name_file

Specifies a file containing line-delimited object names on which to perform the operation.

-o

object

Specifies a particular object on which to operate.

[file]

Specifies one or more .XML files from which to read data (or to write to for exporting). No file specification. It reads and writes data from and to the stdin and stdout.

For example:

./slaptool.exe -o "cn=bernie, cn=netiq, dc=testdomain, dc=com" initial_setup.xml

This reads userIDs, applications, settings and password policies from the file initial_setup.xml and writes them out to the object:

"cn=bernie, cn=netiq, dc=testdomain, dc=com"

-P

Exclude Passphrase.

-k [password]

Enables the creation of a passphrase answer for individual users in LDAP and Microsoft Active Directory environments.

It is mandatory for users to save a passphrase answer on first log in to SecureLogin. The slAP tool requires password authorization to save user data. The -k switch provides the user password, enabling automated creation of the passphrase answer. This answer can be manually changed by users after provisioning.

For example, the following command is used to import user data and a passphrase question and answer combination:

slaptool.exe -k password -o context filename.xml

This reads userIDs, applications, settings, and password policies from the file initial_setup.xml file and writes them out to the object: "cn=writer, cn=netiq, dc=testdomain, dc=com”

NOTE:

  • If the -P switch was not used during the export operation, then you must use either -P or -k switch during the import operation.

  • If -P switch was used during export operation, then -P or -k switch is not required during the import operation.

  • When using the slAP tool in an eDirectory mode and when Novell Client is installed, use the following syntax:

    slaptool <command option> -o <user DN in NDS format> -a
    
    

    For example:

    slaptool -d -o "abc.mytestou.novell" -a

slAP Tool Example

The following Perl application definition, created for the example organization discussed previously, assumes that usernames and passwords are stored in a text file named listofnames.txt. There is one space between each username and password pair per line.

A XML file, such as the XML File Example is required to run this application definition, containing the data for import. Where the data is customized on a per user name basis, the string to be substituted is replaced with *usernamegoeshere*.

For example:

******************************************************
open FILE,"listofnames.txt";
foreach (<FILE>) {
chomp;                  # Clean string
@lines = split(/\n/);   # Split up string
for each $l (@lines) {
    @fields = split(/\s/);
    $name = $fields[0];
    $pass = $fields[1];
    open DATAFILE,"source.xml";
    open OUTFILE,">data.xml";
    foreach (<DATAFILE>) { # Write up a file specific to this user
        s/\*usernamegoeshere\*/$name/;
        s/\*passwordgoeshere\*/$pass/;
        # Any other variable substitution can be done here too...
        print OUTFILE "$_";
   }
    close DATAFILE;
    close OUTFILE;
   system "slaptool.exe -k \"$pass\" -o
\"CN=$name.O=myorg.T=OURCOMPANY\" data.xml";
        }
}
close FILE;
unlink 'data.xml';
****************************************************

Using an XML file called source.xml, run the application definition with the data that is to be imported. For example, you can manually export data from a single user setup with the value for the username replaced with the string "*usernamegoeshere*".

NOTE:The example application definition does not include error handling.

XML File Example

<?xml version="1.0"?>
<SecureLogin>
   <passphrasequestions>
      <question>Please enter a passphrase for SLAP testing.</question>
   </passphrasequestions>
   <passphrase>
      <activequestion>Please enter a passphrase for SLAP 
testing.</activequestion>
      <answer>passphrase</answer>
   </passphrase>
   <logins>
      <login>
         <name>fnord</name>
         <symbol>
            <name>username</name>
            <value>bob</value>
         </symbol>
         <symbol>
            <name>Password</name>
            <value>test</value>
         </symbol>
      </login>
<login>
         <name>notepad.exe</name>
         <symbol>
            <name>username</name>
            <value>asdf</value>
         </symbol>
         <symbol>
            <name>Password</name>
            <value>test</value>
         </symbol>
      </login>
      <login>
         <name>testlogin</name>
         <symbol>
            <name>username</name>
            <value>Novell</value>
         </symbol>
         <symbol>
            <name>Password</name>
            <value>test</value>
         </symbol>
      </login>
    </logins>
</SecureLogin>