Setup guide
The setpin Command
Chapter 4 PIN Generator Tool 37
For example, if you want to check PINs—that the PINs are being given to the
correct users and that they are conforming to the length and character-set
restrictions—before updating the directory, do not specify this option. You can
check the PINs before updating the directory by looking at the o utput file; for
details, see “Output File” on page 42.
• [saltattribute=<LDAP_attribute_to_use_for_salt_creation>]
Use this argument to specify the LDAP attribute the tool should use for salt
creation. Ifyou specify an attribute, thetool integrates the correspondingvalue
of the attribute with each PIN, and hashes the resulting string with the hash
routine specified in the hash argument.
If you don’t specify this argument, the DN of the user is used. For details, see
“How PINs Are Stored in the D irectory” on page 43.
• [debug]
Use this argument to specify whether the tool should write debugg ing
information (to the standard error). If
debug=attrs is specified, the tool w rites
much more information about each entry in the directory.
• [testpingen=<count>]
Use this argument to test the pin-generation mode.
<count> specifies the total number (in decimal) of PINs to be generated for
testing purposes.
• [optfile]
Use this argument to specify that the tool should read in options (one per line)
from specified file; this option enables you to put all the arguments in a file,
instead of typing them on the command line.
Example
The following command generates PINs for all entries that have the CN attribute (in
their distinguished name) defined in an LDAP directory named
laiking that is
listening at port
19000. The PIN Generator binds to the directory as user
DirectoryManager and starts searching the directory from the node
dn=o=example.com in the directory tree. ThetooloverwritestheexistingPINs,if
any, with the new ones.
setpin host=lailing port=19000 "binddn=CN=directory manager"
bindpw=password "filter=(cn=*)" basedn=o=example.com clobber write