The SecureLogin Attribute Provisioning (SLAP) tool uses command line options to allow SecureLogin to leverage user data from an organization’s provisioning system. Using the SLAP tool, you can import data, in XML format from third-party applications into the SecureLogin user’s datastore as well as export information (except user application passwords and the user’s passphrases).
Data that can be manipulated includes:
User variables
Application definitions
Organizational settings
Password policies
Logins
Passphrase questions and answers
The SLAP tool command operates as a provisioning tool between SecureLogin data in a directory and in an XML file. The XML schema used is the same as the Copy Settings GUI importer/exporter. In addition to copying settings, the SLAP tool can extract usernames. The SLAP tool cannot export single sign-on sensitive data such as passwords and passphrases.
For example, an organization with 10,000 users in a SAP system, implementing SecureLogin can speed deployment significantly by automating the initial user login. To do this, use a file containing multiple users’ username and password combinations from SAP, and use the SLAP tool to import the file into the SecureLogin datastore as a bulk process. The SLAP tool removes the requirement for each user to enter credentials on the first log in to SecureLogin.
If the SLAP tool is used to import data into Novell SecureLogin from either an encrypted or an unencrypted file, and any preferences are set that require the Novell SecureLogin version 6 data store format, then the datastore version must be specified in the file. Preferences that require the version 6 format are:
EncryptionType
NRKeySource
StoreDataOnSmartCard
UseEnhancedProtectionByDefault
The datastore version is set as:
<preference> <name>AppliedSSODataStoreVersion</name> <value>600000</value> <isdatastore/> </preference>
If the value of this preference is not set to 6, 6.0 or 600000 then an error message is returned from the SLAP tool: Cannot import version 6 datastore preferences into a lower versioned datastore.
When the SLAP tool is used for initial provisioning of SecureLogin user accounts, before any SecureLogin data has been stored for users, the XML file must include a passphrase question and response. This question/response can be the same for each user and can be changed by the user after deployment.
NOTE:Novell SecureLogin does not need to be running to use the SLAP tool.