Login
    Contenu x
    Running Tcl Scripts
    • 06 Jan 2025
    • 3 Minutes à lire
    • Sombre
      Lumière
    • PDF
    Contenu

    Running Tcl Scripts

    • Mis à jour le 06 Jan 2025
    • 3 Minutes à lire
    • Sombre
      Lumière
    • PDF
    The content is currently unavailable in French. You are viewing the default English version.
    Résumé de l’article

    Using the dpadmincmd command to run a Tcl script requires an administration logon to be specified with command-line parameters, unless the script itself contains a logon command. If a logon requires credentials, the -u userid and -p password parameters are required.

    To run a script in Tcl

    1. Navigate to the Tcl installation folder:

      • On Windows, open a Command Prompt windows and navigate to %PROGRAMFILES%\VASCO\IDENTIKEY Authentication Server\bin.
      • On Linux, open a terminal and navigate to /usr/bin/.

    2. Type the following command:

      dpadmincmd -u userid -p passwordscriptname

      If the Tcl script contains the required administration logon command, run the following command:

      dpadmincmd scriptname

      If the Tcl script requires additional parameters, include them after the scriptname parameter.

    The Tcl script file must contain a sequence of Tcl commands. Tcl Command-Line Administration tool will first perform the logon, and if successful, will execute each command in the script in sequence. The Tcl language allows you to write simple sequential scripts or add more complex control flow, functions and so on.

    The script does not need to use the logoff or exit commands explicitly. Tcl Command-Line Administration tool will log off the session if necessary at exit time.

    Character substitution

    When using a non-printing ASCII character substitution in a string, e.g. \t for a horizontal tab, enclose the string in double quotes. If the string is enclosed in { }, the string will be displayed exactly as entered.

    The following:

    Error: \t Component does not exist. \n \t \t Please check the Component name

    will be displayed as:

    Error:Component does not exist.

    Please check the Component name.

    Whereas:

    {Error: \t Component does not exist. \n \t \t Please check the Component name.}

    will be displayed as:

    Error: \t Component does not exist. \n \t \t Please check the Component name.

    Sample Tcl scripts

    Below are some sample scripts to perform basic tasks. They range in complexity to provide an example of what can be done, and the techniques required.

    Verify if a component record exists

    The following script checks for the existence of a RADIUS client component record with a specific IP address. If a component record of that type and location does not exist, a message will be displayed onscreen. 

    # Check if a specified RADIUS Client Component exists
if { [catch { component get { comp_type "RADIUS Client" location 192.0.2.1 } } result ] } {
  puts "Component does not exist: $result"
}

    Create a record if it doesn't exist

    This script is based on the previous sample to verify for the existence of a RADIUS client component record. If no component does currently exist, it creates one. It requires a location parameter to be passed to the script when it is run from the dpadmincmd command. 

    # Get IP-address location from command-line argument
set loc [lindex $argv 0]

# Create the component if it does not exist
if { [catch "component get {comp_type {RADIUS Client} location $loc}" result ] } {
  if { [catch "component create {comp_type {RADIUS Client} \
    location $loc \
    policy_id {IDENTIKEY Authentication Server 3 Local Authentication} \
    shared_secret default \
    protocol RADIUS}" result ] } {
      puts "Error creating component: $result"
  } else {
    puts "Created component"
  }
} else {
  puts "Component already exists"
}

    Bulk user administration

    This script collects all authenticator user records that belong to the domain named Domain1 and unlocks any which were locked. This script is suitable for small to medium-sized databases (e.g. less than 18000 users). 

    # Get all the users of the domain Domain1
if { [catch { user query {domain Domain1} } users ] } {
  puts "Unable to retrieve users: $users"
} else {
  # Loop for each user
  foreach user $users {
    # Get the user information into an array for easier access
    array set userinfo $user

    # Check if the locked information is present as it may not return a
    # value if the user is not locked
    if { [info exists userinfo(locked)] } {
      # If the user is locked, try to unlock it
      if { [string equal $userinfo(locked) yes] } {
        if { [catch "user update {userid $userinfo(userid) domain Domain1 locked no}" result] } {
          puts "Error unlocking $userinfo(userid): $result"
        } else {
          puts "Unlocked $userinfo(userid)"
        }
      }
    }

    # Clear-out the current user information
    array set userinfo [list]
  }
}

    For larger databases, perform the actions in batches. To do so, supply the row_offset and row_count in the user query. For example, the following line will return a list of 1000 users starting from offset 3000:

    set userlist [user query {domain Domain1 row_offset 3000 row_count 1000}]

    Cet article vous a-t-il été utile ?
    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout
    ESC

    Ozzy, facilitant la découverte de connaissances grâce à l’intelligence conversationnelle