NDSRight

Version PK-2.20
(Apr 28, 1999)


 DISCLAIMER:
     THIS  PRODUCT  IS  SUPPLIED  "AS  IS".  DREAMLAN 
     DISCLAIMS ALL WARRANTIES,  EXPRESSED OR IMPLIED,
     INCLUDING, WITHOUT  LIMITATION,  THE  WARRANTIES
     OF  MERCHANTABILITY   AND  OF  FITNESS  FOR  ANY
     PURPOSE.   DREAMLAN  ASSUMES  NO  LIABILITY  FOR
     DAMAGES,  DIRECT  OR  CONSEQUENTIAL,  WHICH  MAY
     RESULT FROM THE USE OF THIS PRODUCT.

Introduction

NDSRight is a DOS command-line utility that allows a user to change the ACL assignments of any NDS objects. The use of wild card ("*") is supported. Therefore, you can batch-update/change ACL assignments. This is particularly useful if you have a large number of objects to manage.

You can also use NDSRight to report the ACL assignments for audit purposes. This utility is designed to be command-line based and perhaps invoked through batch files. Therefore, there is not much user-interface or fancy menu prompts is built into the utility.


What's New


Notes

  1. The names of the attributes are schema dependent. Therefore, you need to be careful when specifying the attribute names. A complete list of attribute names for NetWare 4.10's Organization, Organizational Unit, and User objects is provided with the documentation of the registered version of this utility. You can find the detailed listing of all attributes for NetWare 4.10 object types from either the Novell Development Kit (NDK) CD or Appendix B of "NDS Troubleshooting", New Riders Publishing; ISBN 1-56205-443-0.

  2. Because of a possible bug in the NetWare Client API, Country container has to be handled differently. To view ACL rights assigned to Country containers, you need to use "C=xx" or "C=A*" for the object name. That is to say, you either need to give the specific country code, or if you wish to use wild card, you must provide the first character. Fortunately, in most cases, you will not be working with Country container, therefore, this is just a mild inconvenience. You can not use "C=*" as it generates an illegal syntax error by the API.

  3. Wildcard in trustee name is not permitted.

  4. Wildcard in rights is permitted, but it must not be used in conjunction with other rights specified. For example, "-r *" is okay, but not "-r W*"; however, "-r *W" or any other combination that has the "*" first, a wildcard (i.e. all rights) will be assumed.
  5. It has been found that on rare occasions that if an object name is very close to or the same as that of a class name in the schema (e.g. an organizational unit called Organizational_Unit), the object may not be correctly located. There is no immediate workaround for this problem at this time. However, we believe this situation will be very rare, if at all in a production environment. On the other hand, depending on the operation you wish to perform, there may be a solution. For example if you are having problems removing a particular trustee assignment of a particular attribute, try removing ALL the trustee assignments, then add back the one you wish to keep. Of course, you can also do this using NETADMIN or NWAdmin.

  6. If you leave out any of the "Objectname", "Trustee", "Attribute" or "Rights" command-line parameters, you will be prompted. And if you simply press Enter or ESC, the program will exit.

  7. To override the default of the -Z option that clears ALL trustees from a given attribute, the -t option MUST be used if you wish to specify which trustee to be removed.

  8. There is currently no clean support to append the report log file to an existing one. I ran out of meaningful alphabet to use for this option so I am using -f (lowercase) for generating a new file, and -F (uppercase) for appending to an existing file.

  9. By default, NDSRight reports all ACL assignments to an object, which include both the object and attribute assignments. If you wish to only look at the object rights, use the -o switch.

  10. NDSRight does not attempt to resolve alias names when you are trying to remove a trustee assignment. You must use the "original" name. However, when you assign a trustee assignment, an alias may be used; but the NDS will record the trustee information using the "original" object name. Also see the -T Alias discussion below.


Installation

No special installation steps or program need to be used. Simply copy NDSRight to SYS:PUBLIC of your servers. You must have the Unicode files for the country code and code page that your workstation use available in the respective NLS directories, for example, SYS:PUBLIC\NLS.

Should you install NDSRight into a different directory, you may need a search path to the directory where the unicode files are located.


Usage

You can run NDSRight either with command-line parameters, or allow it to prompt you for input. The allowable command-line parameters are:

NDSRight [-5] [-a] [-c] [-f] [-F] [-n] [-o] [-r] [-s] [-t] [-T] [-v] [-x] [-Z]

where

All of the above parameters (except for -F, -f, -T, -t and -Z) are not case sensitive.


Configuration

n/a


Registration

Two variations of NDSRight are available. The version included here is a Freeware version. The following options are disabled in the Freeware version:

     1. -c for continuous scroll on output.
     2. -f for the generating of report log file.
     3. -s for the ability to search subcontainers.
     4. -x for the ability to clear a trustee assignment before a
           new one is assigned.
     5. -Z for the ability to remove a trustee assignment.
     6. For the ability to use wildcard on the "target object name".

The Freeware version does not include a complete list of attribute names for NetWare 4.10's Organization, Organizational Unit, and User objects.

You are granted an unlimited usage at no cost. However, you are not allowed to sell or package this utility as part of another software package or service contract. Bottom line: you can not make money using this Freeware version. All standard Freeware limitation applies.

The full version of NDSRight is available by registering on-line through the following Web sites:

The NDS tree name is required as it is used to generate a key. The registration cost is $99 US. Canadian registration is $135 CDN plus GST. All other countries, please remit in US funds.

You can also FAX a company Purchase Order to +1 (905) 887-3836. Please make sure you either include your tree name information on the FAX or send a follow up email.

Special site agreements for multiple trees and service providers are available. Although the license does not grant you the right to resell the program (for a profit; but you can charge the customer a service charge for your time). If you are a service provider, you can register copies on behave of your customers (by providing your customer's mailing information -- this is used only for tracking purposes). At the same time, we ask you to send us a separate email indicating that you are registering on behave of your customer and inciate in this email if further software upgrade (free or for a charge) be send to you or the customer directly, and an email address for that purpose.


Other Information

NDSRight is written in C using Microsoft C optimizing compiler and Novell Developer Kit. Some string manipulating routines are from the CXL library.

Inclusion of this utility on CD-ROMs (except for backup purposes) without permission from DreamLAN Network Consulting Ltd. is expressly prohibited.


Revision History