The PIN Generator can receive a list of DNs to modify in a text file specified by the input argument. If an input file is specified, then the tool compares the DNs returned by the filtered to the ones in the input file and updates only those DNs that match in the input file.
The input enables the user to provide the PIN Generator with an exact list of DNs to modify; it is also possible to provide the PIN Generator with PINs in plain text for all DNs or for specific DNs.
There are two common situations when using an input file is useful:
If PINs have been set for all entries in the user directory, and new users join the organization. For the new users to get certificates, the directory must contain PINs. PINs should be generated for only those two entries without changing any of the other user entries. Instead of constructing a complex LDAP filter, using an input file allows using a general filter, and the modified entries are restricted to the DNs of the two users listed in the input file.
If a particular values, such as Social Security numbers, should be used as PINs, then the Social Security numbers can be put in the input file and provide those numbers as PINs to the PIN Generator. These are then stored as hashed values in the directory.
The format of the input file is the same as that of the output file (refer to Section 7.2.2, “Output File”) except for the status line. In the input file, PINs can be set for all the DNs in the file, for specific DNs, or for none of the DNs. If the PIN attribute is missing for a DN, the tool automatically generates a random PIN.
An input file looks like the following example:
dn:cn=user1, o=example.com dn:cn=user2, o=example.com ... dn:cn=user3, o=example.com
PINs can also be provided for the DNs in plain-text format; these PINs are hashed according to the command-line arguments.
dn:cn=user1, o=example.com pin:pl229Ab dn:cn=user2, o=example.com pin:9j65dSf ... dn:cn=user3, o=example.com pin:3knAg60
Hashed PINs cannot be provided to the tool.