Environment
NetIQ SecureLogin
SecureLogin 7.0 SP3
NSL7.0.3 HF4
eDirectory datastore or
Active Directory datastore
Situation
How to delete unwanted SecureLogin applications that users enabled themselves.
SecureLogin application definiton removed from container also needs to be removed from indivual users.
How to delete unwanted applications from user profiles.
SSO-enabled application setup by end users needs to be removed from user workstations.
Resolution
Do either of the following:
1. Use the SecureLogin directory management tool (iManager on eDir, MMC on AD, or SLManager for either directory). In the SecureLogin plugin go into each individual user and delete the unwanted app from the user's list of applications.
2. Use the SecureLogin Attribute Provisioning tool (SLAP tool) with the -d switch to delete applications created by individual users. SLAP tool will need to be run against each user that has the undesired apps. Note that this will delete all non-inherited apps, not just one specific application. Use the syntax shown below, substituting the appropriate user name and context.
SLAP tool Syntax in an AD environment, or in eDir environment with the NSL Client installed in LDAP mode:
slaptool -d -o "cn=joetest,ou=mytestou,o=novell" -a
slaptool -d -o "cn=joetest,ou=mytestou,o=novell" -a
SLAP tool syntax in an eDirectory environment with the the NSL Client installed in eDir mode with the Novell Client:
slaptool -d -o "joetest.mytestou.novell" -a
With the above command all user added applications will be removed from the specified user. The user-added apps will be removed from the directory immediately, and removed from the local workstation on the next cache refresh. The SecureLgogin local cache is refreshed when SecureLogin is started, when a refresh occurs at the end of the normal cache refresh interval, or when a refresh is forced through the SecureLogin system tray icon (right click the SecureLogin “hand” icon, select “advanced,” and “refresh cache.”
slaptool -d -o "joetest.mytestou.novell" -a
With the above command all user added applications will be removed from the specified user. The user-added apps will be removed from the directory immediately, and removed from the local workstation on the next cache refresh. The SecureLgogin local cache is refreshed when SecureLogin is started, when a refresh occurs at the end of the normal cache refresh interval, or when a refresh is forced through the SecureLogin system tray icon (right click the SecureLogin “hand” icon, select “advanced,” and “refresh cache.”
Note: The -d option was added to SLAP tool with the NSL7.0.3 release. This solution was tested with the the slaptool that ships with NSL7.0.3 HF4. For additional information about using SLAP tool see section 15 of the the online docs.
Use Slaptool64.4xe on 64 bit workstations.
Additional Information
SLAPTool.exe (and/ or SLAPTool64.exe) will appear in the directory C:\Program Files\Novell\SecureLogin if the option was selected during installation to install the administrative tools. If this option was not selected, modify the installation through Control Panel, Programs.