slaptool [-hlvasISpEcPefdF] [-k password] -r object_name_file | -o "object" [file ...]
The following table describes the command options:
|
Command |
Description |
|---|---|
|
-h |
Displays a help message and exits (all other options are ignored). |
|
-l |
Excludes user IDs. |
|
-v |
Excludes variables. |
|
-a |
Excludes applications. |
|
-s |
Excludes settings. |
|
-S |
Include passwords. Only applies to export operations which include symbols and must be used in conjunction with -E for security. |
|
-p |
Excludes password policies. |
|
-E password |
Specifies that the generated XML should be encrypted or decrypted using the supplied password. Password must be at least 8 characters long. |
|
-f |
Use the current user, for export allow inclusion of password credentials. (Cannot be used with -r or -o). |
|
-c |
Excludes credsets. |
|
-d |
Performs delete rather than import. For example:
NOTE:You can also use -f, to perform delete operation for the current user. For example:
|
|
-e |
Performs an export rather than an import. |
|
-r <object_name_file> |
Specifies a file containing line-delimited object names on which to perform the operation. |
|
-o <object> |
Specifies a particular object on which to operate. |
|
[file] |
Specifies one or more .XML files from which to read data (or to write to for exporting). No file specification. It reads and writes data from and to the stdin and stdout. For example: ./slaptool.exe -o "cn=bernie, cn=netiq, dc=testdomain, dc=com" initial_setup.xml This reads userIDs, applications, settings and password policies from the file initial_setup.xml and writes them out to the object: "cn=bernie, cn=netiq, dc=testdomain, dc=com" |
|
-P |
Exclude Passphrase. |
|
-k [password] |
Enables the creation of a passphrase answer for individual users in LDAP and Microsoft Active Directory environments. It is mandatory for users to save a passphrase answer on first log in to SecureLogin. The slAP tool requires password authorization to save user data. The -k switch provides the user password, enabling automated creation of the passphrase answer. This answer can be manually changed by users after provisioning. For example, the following command is used to import user data and a passphrase question and answer combination: slaptool.exe -k password -o context filename.xml This reads userIDs, applications, settings, and password policies from the file initial_setup.xml file and writes them out to the object: "cn=writer,cn=netiq, dc=testdomain, dc=com" |
|
-I |
Includes settings inherited from containers or groups. |
NOTE:
If the -P switch was not used during the export operation, you must use -P or -k switch during the import operation.
If -P switch was used during the export operation, then -P or -k switch is not required during the import operation.
When using the slAP tool in the eDirectory mode and Novell Client is installed, use the following syntax:
slaptool <command option> -o <user DN in NDS format> -a
For example:
slaptool -d -o "abc.mytestou.novell" -a
Using the slap tool you can migrate the data at the user-level or at the group-level.
At the user-level: You can migrate the data using UPN of the user.
Export: slaptool.exe -e -a -s -P -E <password> -S -f <path of the backup XML file>
For example, slaptool.exe -e -a -s -P -E xyz -S -f d:\nslbackup.xml
Import: slaptool.exe -E <password> -o "UPN" <path of the exported XML file>
For example, slaptool.exe -E xyz -o "migrate@nsl-test.xyz" d:\nslbackup.xml
At the group-level: You can migrate the data using GUID of the group. While migrating, you need to specify the object ID of the group instead of the group name.
Export: slaptool.exe -e -a -s -P -E <password> -S -f <path of the backup XML file>
For example, slaptool.exe -e -a -s -P -E xyz -S -f d:\nslbackup.xml
Import: slaptool.exe -E <password> -o "GUID" <path of the exported XML file>
For example, slaptool.exe -E xyz -o "52926721-ce14-4b0a-b7ef-b1261282d24e" d:\nslbackup.xml
The following Perl application definition, created for the example organization discussed previously, assumes that user names and passwords are stored in a text file named listofnames.txt. There is one space between each username and password pair per line.
A XML file, such as the XML File Example is required to run this application definition, containing the data for import. Where the data is customized on a per user name basis, the string to be substituted is replaced with *usernamegoeshere*.
For example:
******************************************************
open FILE,"listofnames.txt";
foreach (<FILE>) {
chomp; # Clean string
@lines = split(/\n/); # Split up string
for each $l (@lines) {
@fields = split(/\s/);
$name = $fields[0];
$pass = $fields[1];
open DATAFILE,"source.xml";
open OUTFILE,">data.xml";
foreach (<DATAFILE>) { # Write up a file specific to this user
s/\*usernamegoeshere\*/$name/;
s/\*passwordgoeshere\*/$pass/;
# Any other variable substitution can be done here too...
print OUTFILE "$_";
}
close DATAFILE;
close OUTFILE;
system "slaptool.exe -k \"$pass\" -o
\"CN=$name.O=myorg.T=OURCOMPANY\" data.xml";
}
}
close FILE;
unlink 'data.xml';
****************************************************
Using an XML file called source.xml, run the application definition with the data that is to be imported. For example, you can manually export data from a single user setup with the value for the username replaced with the string "*usernamegoeshere*".
NOTE:The example application definition does not include error handling.
<?xml version="1.0"?>
<SecureLogin>
<passphrasequestions>
<question>Please enter a passphrase for SLAP testing.</question>
</passphrasequestions>
<passphrase>
<activequestion>Please enter a passphrase for SLAP
testing.</activequestion>
<answer>passphrase</answer>
</passphrase>
<logins>
<login>
<name>fnord</name>
<symbol>
<name>username</name>
<value>bob</value>
</symbol>
<symbol>
<name>Password</name>
<value>test</value>
</symbol>
</login>
<login>
<name>notepad.exe</name>
<symbol>
<name>username</name>
<value>asdf</value>
</symbol>
<symbol>
<name>Password</name>
<value>test</value>
</symbol>
</login>
<login>
<name>testlogin</name>
<symbol>
<name>username</name>
<value>Novell</value>
</symbol>
<symbol>
<name>Password</name>
<value>test</value>
</symbol>
</login>
</logins>
</SecureLogin>