Skip to main content

Configuring Bravura Pass batch files

Depending on your infrastructure, you may need to write a batch file to retrieve and deliver ID files from users’ PCs or a network share. You include the batch file as an option in the target configuration file .

Note

This is not required if you are using the Bravura Security s Lotus Notes extension.

Write a batch file to match your local business process, and copy it into the \<instance>\script\ directory. The batch file will be invoked by Bravura Pass during password and reset operations with three arguments:

  • %1 The word GET or PUT . GET means that Bravura Pass needs to retrieve an ID file from the user (for example, to help construct the repository), and PUT means that Bravura Pass needs to deliver a new ID file to the user.

  • %2 The user’s network login ID (short name).

  • %3 The location on the Bravura Pass server where the ID file is temporarily kept.

The following is an example of a batch file that Bravura Pass will run to publish ID files to a local web site on the Bravura Pass server:

NET USE x: \\FILESERVER\%2$ /user:psadmin psadminpassword
if /I %1==GET  (
copy /Y "x:\%2.id" "%3"
) else (
if /I %1==PUT (
copy /Y "%3" "x:\%2.id"
) else (
echo "Action must be GET or PUT."
)
)
NET USE x: /delete /yes

In the example, Bravura Pass retrieves ID files from a specified network share when it updates the repository (for example, during a verify or reset operation), and installs new ID files in the specified network share after extracting them from the repository and changing their password. If successful, Bravura Pass resets the password against the retrieved ID file; otherwise the password is reset against the repository’s ID file.

The file assumes that each user has a hidden share named after their Lotus Notes ShortName and that share already exists on the FILESERVER , and it also assumes that the Bravura Pass IDs are the same as the Lotus Notes ShortName.

See the figures below for details on the verify and reset processes when using a batch file.

Verify operation via batch file

agtdmno-batchfileverify.png

Reset operation via batch file

agtdmno-batchfilereset.png

Creating or modifying network login scripts

Retrieving new ID files from a web server

Users can automatically receive new ID files from the Bravura Pass web server by adding the urlget command to their network login scripts, as follows:

\\ mercury\public\urlget -user -url http://mercury/idfiles/-file c:\notes\data%u.id

Retrieving new ID files from a home directory

The nidcopy command can be used to synchronize a user’s ID file on his PC with his ID file on a network home directory. If one of the files changes (for example, due to a local or Bravura Pass password change), the other can be automatically updated. The nidcopy command is normally invoked from the user’s network login script, as follows:

rem The following line maps the shared folder to the local workstation rem so that nidcopy can access that shared folder.

net use <drive letter> \\<server>\<shared folder> <user password> /user:<user>

rem The following command should be made as a single line:

\\<server>\<shared folder>\nidcopy -i 1 ’c:\Program Files\lotus\notes\’ -server 10.0.45.1 sharedIDfolder
In this section: