2. REPUBLICANISMO EN ROUSSEAU
2.3 La República: Poder legislativo y poder
The NTAgent import configuration file consists of the following sections: · The Version section (required)
· The Import section (required)
· The Default Values section (optional) The Version Section
The Version section consists of a single field that specifies the import configuration file version. The syntax is:
Version=version_number
where version_number is the version number assigned to the configuration file, in the format n.nn. The latest version is:
Version=1.01
import configuration file. There are no differences between import configuration file versions.
The Import Section
The Import section consists of fields that define the parameters of the import operation for NTAgent. The next sections describe these fields.
Server
The Server field specifies the name of the Windows NT server to which entries are to be imported. It has the same syntax and default as the Server field in the export
configuration file and is an optional field. NTAgent imports entries that do not contain a Server attribute value to the server specified in this field. However, if an entry contains a Server attribute value, NTAgent imports the entry to the server supplied as the attribute value.
Domain
The Domain field specifies the name of the Windows NT domain that contains the Windows NT server to which entries are to be imported. NTAgent also automatically prefixes the domain name specified in this field to user names specified as group members. It performs this operation because the group member syntax consists of two components: domain name and user name (in the format domain\user) and the import data file only contains the user name portion of the member name.
The Domain field has the same syntax and default as the Domain field in the export configuration file and is a mandatory field. NTAgent imports entries that do not contain a Domain attribute value to the domain specified in this field. However, if an entry contains a Domain attribute value, NTAgent imports the entry to the domain supplied as the attribute value.
Separator
The Separator field specifies a value to be used to separate the individual attribute values of a multi-valued attribute. It has the same syntax as the Separator field in the export configuration file.
DataType
The DataType field selects whether accounts, local groups, or global groups are imported. The syntax is:
DataType=number
where number is one of the following values: · 1 — Import accounts (default)
· 3 — Import local groups This is a mandatory field. DeleteEntries
The DeleteEntries field controls whether or not account or group entries that exist in a Windows NT system are to be deleted if matching entries exist in the import data file. The syntax is:
DeleteEntries=switch
where switch is one of the following values:
· 0 — Do not delete entries in a Windows NT system that match entries to be imported (default)
· 1 — Delete entries in a Windows NT system that match entries to be imported This is an optional field. If it is not specified (or is not present in the configuration file), NTAgent does not delete any entries in a Windows NT system when it performs the import operation.
This field has a higher precedence than any per-entry "changetype" operations specified in the import data file.
ReplaceAllAttributes
The ReplaceAllAttributes field controls whether NTAgent can modify only the selected subset of an account's attributes, or whether it can modify all account attributes. The syntax is:
ReplaceAllAttributes=switch
where switch is one of the following values:
· 0 — Only the account attributes specified in the import data file can be modified · 1 — All of the account attributes can be modified
The ReplaceAllAttributes field is only valid if the DataType field is set to 1 (importing user accounts).
If ReplaceAllAttributes is set to 1, NTAgent assigns the values specified in the Default Values section to the account attributes in the NT system that are specified in Default Values but which are not specified in the import data file.
If ReplaceAllAttributes is set to 1, the Default Values section is required. ReplaceAllAttributeValues
The ReplaceAllAttributesValues field controls whether NTAgent can modify the attribute values of a multi-valued NT account attribute. The syntax is:
ReplaceAllAttributeValues=switch
where switch is one of the following values:
· 0 — Attribute values in the import data file are added to the multi-valued attribute (default)
· 1 — Attribute values in the import data file replace the attributes of the multi-valued attribute
The ReplaceAllAttributeValues field is only valid if the DataType field is set to 1 (importing user accounts) and is only relevant if there is no "changetype" operation applied to the attribute.
ReplaceAllGroupMembers
The ReplaceAllGroupMembers field controls whether NTAgent adds new members to a global or local group entry or replaces all members in a global or local group entry. The syntax is:
ReplaceAllGroupMembers=switch
where switch is one of the following values:
· 0 — Add new member values to the User attribute of the group entry (default)
· 1 — Delete all existing member values in the User attribute of the group entry and add the member values specified in the import data file
This field is only meaningful if the DataType field is set to 2 (import global groups) or 3 (import local groups). This is an optional field; if no value is specified or the field is not present in the configuration file, NTAgent adds new member values.
DeleteGroupMembers
The DeleteGroupMembers field controls whether or not NTAgent deletes members from a group entry in the NT system. The syntax is:
DeleteGroupMembers=switch
where switch is one of the following values:
· 0 — Do not delete member values from the User attribute of the group entry (default) · 1 — Delete member values in the User attribute of the group entry
If set to 1, NTAgent deletes attribute values from the User attribute of a group entry (it does not delete the user's account entry) if the values appear in the import data file. If DeleteGroupMembers is set to 1, the User attribute for the group entry cannot contain LDIF attribute modification operations. See "Import Data File Format" for more information about these operations.
(import local groups).
This is an optional field; if no value is supplied or the field is not present in the configuration file, NTAgent does not delete member values.
DateFormat and DateSeparator
The DateFormat and DateSeparator fields specify the date format and separator that NTAgent is to use when representing the expiration date of an NT account. They have the same syntax as the DateFormat and DateSeparator fields in the export configuration file. Trace
The Trace field controls whether NTAgent performs program flow tracing on an import operation. It has the same syntax as the Trace field in the export configuration file and is an optional field.
TraceLevel_1
The TraceLevel_1 field controls whether NTAgent writes level 1 tracing information about the import operation. It has the same syntax as the TraceLevel_1 field in the export configuration file and is an optional field.
TraceLevel_2
The TraceLevel_2 field controls whether NTAgent writes level 2 tracing information about the import operation. It has the same syntax as the TraceLevel_2 field in the export configuration file and is an optional field.
TraceLevel_3
The TraceLevel_3 field controls whether NTAgent writes level 3 tracing information about the import operation. It has the same syntax as the TraceLevel_3 field in the export configuration file and is an optional field.
TraceFileName
The TraceFileName field specifies the pathname of the trace file to which NTAgent is to write information about the import operation. It has the same syntax as the
TraceFileName field in the export configuration file and is an optional field unless the Trace field is specified.
InsertRASInfo
The InsertRASInfo field controls whether the NT account's DialinPrivilege attribute value is imported. The syntax is:
InsertRASInfo=[switch]
· 0 — Do not import the DialinPrivilege and DialinPhoneNumber attribute values (in this case, NTAgent sets the DialinPrivilege attribute value to 3 (No callback)) · 1 — Import the DialinPrivilege and DialinPhoneNumber attribute values TerminalServer
The TerminalServer field controls whether NTAgent handles the specific attributes of a Terminal Server. The syntax is:
TerminalServer=[switch]
where switch is one of the following values:
0—Don’t handle the specific attributes (default) 1—Handle the specific attributes
This is an optional field. If it is not specified (or the field is not present in the configuration file), NTAgent does not handle the specific attributes of a Terminal Server.
Default Values Section
The Default Values section specifies default values that NTAgent is to assign to account attributes in the NT system that have no value. The syntax is:
attribute_name=default_value
where attribute_name is the name of an NT user account attribute and default_value is the value to apply when the attribute has no value. For example:
[DefaultValue] FullName=Test HomeDirectoryPath=\\redmond4\test HomeDirectoryDrive=X: LogonScriptName=script.exe UserProfilePath=c:\test Workstations=workst1,workst2 AccountType=0 PasswordCantChange=0 PasswordNeverExpires=0 PasswordExpired=0 AccountLookedOut=0 AccountDisabled=0 AccountExpires=12.05.2012 Password=WinNT DialinPrivilege=0 DialinPhoneNumber=123
This section is required if DataTypes is set to 1 and ReplaceAllAttributes is set to 1. Appendix B describes the Windows NT user account, global group, and local group attributes that NTAgent can import.
3.3 Export and Import Data File Format
The NTAgent import and export data files use a tagged file format. The next sections describe the:
· General data file format · Delta export data file format · Import data file format
3.3.1
Delta Export Data File Format
The delta export data file format supports the LDIF per-entry "changetype" attribute that indicates the type of modification that has been made to the entry in the Windows NT system since the last full export. The value for "changetype" is one of "add", "modify", or "delete". The changetype attribute name and its values are case-sensitive. Here is an example:
ChangeType: delete
LocalGroupName: LocalTestGroup1 Comment: Commuent luoihzz
User: ASW\Kellner GlobalGroups:
(0x0c is here as the record (entry) separator) Changetype: add
LocalGroupName: new1 Comment:
User:
GlobalGroups:
(0x0c is here as the record (entry) separator) Changetype: modify
LocalGroupName: Uwe Kruger Comment: all accounts of… User: ASW\Kruger
GlobalGroups:
(0x0c is here as the record (entry) separator) -
See "NTAgent Export Procedure" for details about how NTAgent performs delta exports.
3.3.2
Import Data File Format
The import data file format supports the LDIF per-entry "changetype" attribute that indicates the type of modification to be made to the entry in the Windows NT system. The value for "changetype" is one of "add", "modify", or "delete". The changetype attribute name and its values are case-sensitive.
The attributes for a multi-valued attribute specified in a "modify" changetype operation appear on separate lines. For example:
add: Workstation Workstation: Mars Workstation: Venus Workstation: Saturn -
Entries with a "modify" changetype contain attributes that indicate one or more "add", "delete", or "replace" attribute value modifications. The "replace" modification has a higher precedence than the "add and "delete" modifications; if it is present for an attribute, it is the only modification evaluated.
For the "modify" changetype, NTAgent adds a new entry to the NT system if it does not find a matching entry.
The values in the relevant fields in the import configuration file have a higher precedence than the changetype operations specified in the import data file. For example, if
DeleteEntries is set to 1, NTAgent deletes entries that match entries in the import data file from a Windows NT system regardless of the change types specified for the entries in the import data file.
The import data file can contain comments, which are identified by a # character at the beginning of a line.
An example for an import entry with an "add" changetype: UserName: hboss
ChangeType: add Comment: Comment 1 FullName: Hugo Boss HomeDirectoryPath: HomeDirectoryDrive: LogonScriptName: UserProfilePath: Workstations: AccountType: 0 PasswordCnatChange: 0 PasswordNeverExpires: 1 PasswordExpired: 0 AccountLockedOut: 0 AccountDisabled: 0 DialinPrivilege: 0 DialinPhoneNumber: Password: password
An example for an import entry with a "modify" changetype: UserName: hboss
ChangeType: modify replace: Workstations Workstations: w2 Workstations: w6
-
replace: FullName FullName: Hugo Boss - delete: HomeDirectoryPath - HomeDirectoryDrive: LogonScriptName: ScriptName2 replace: UserProfilePath UserProfilePath: c:\ - AccountType: 0 PasswordCantChange: 0 PasswordNeverExpires: 1 PasswordExpired: 0 AccountLockedOut: 0 AccountDisabled: 0 AccountExpires: DialinPrivilege: 3 DialinPhoneNumber: 222333444 delete: GlobalGroups GlobalGroups: TestGroup 1 GlobalGroups: TestGroup 2 - add: LocalGroups LocalGroups: LocalTestGroup1 LocalGroups: LocalTestGroup2 -
"Windows NT Attributes" describes the Windows NT user account, global group, and local group attributes that NTAgent can import.]