NDSLogin

Version PK-5.50
(Nov 22, 1998)


 DISCLAIMER:
     THIS  PRODUCT  IS  SUPPLIED  "AS  IS".  DREAMLAN 
     DISCLAIMS ALL WARRANTIES,  EXPRESSED OR IMPLIED,
     INCLUDING, WITHOUT  LIMITATION,  THE  WARRANTIES
     OF  MERCHANTABILITY   AND  OF  FITNESS  FOR  ANY
     PURPOSE.   DREAMLAN  ASSUMES  NO  LIABILITY  FOR
     DAMAGES,  DIRECT  OR  CONSEQUENTIAL,  WHICH  MAY
     RESULT FROM THE USE OF THIS PRODUCT.

Introduction

NDSLogin is a DOS command-line utility that allows a user to log into a NetWare 4/5 NDS tree using simply a username, without having to know the context in which the username is located.

This feature is useful in installations where users do not wish to learn about the longer naming convention, or to simplify travelling users. In general, a name context is specified in the NET.CFG on each workstation. This helps the owner of the workstation to log in. However, if another user from a different department (context) needs to use this workstation to log into the network, it is a little more involved. It is the goal of NDSLogin to simplify such situations.

NDSLogin is simply a front-end utility to the standard NetWare LOGIN. NDSLogin takes the same arguments as LOGIN, but tries to parse out the username portion. Using the name, NDSLogin will search the NDS tree to locate user objects with this (common) name. If there are duplicates, the first 10 will be displayed and the user can choose from the displayed list.

Once the user object is located, and its context determined, NDSLogin passes control to NetWare LOGIN. Therefore, all login script commands will be processed.


What's New


Notes

  1. Y2K doesn't apply to NDSLogin as it uses no time information.
  2. NDSLogin should be installed into SYS:LOGIN and SYS:PUBLIC, where LOGIN.EXE is located or is on a search path. It also makes it easier for the utility to locate the needed Unicode files.

  3. Only the first 10 match in names will be displayed. It is unlikely that you will have more than 10 users with the same user object names within the tree.

  4. NDSLogin has only been tested with NetWare 4.10 and higher. It is not expected to be dependent on the version of NetWare, however, only testing will tell.

  5. If you load memory resident applications (TSRs) from the login script, extra configuration steps are required. This is to avoid DOS memory fragmentation.
  6. NDSLogin has not been tested with other LOGIN interfaces, such as Intel's LOGIN.COM. As a matter of fact, NDSLogin calls LOGIN.EXE explicitly, therefore, it is not compatible with Intel's LOGIN.COM.

  7. If you use the PREFERRED SERVER option in your NET.CFG (or /PS= with your VLM), the DEMO version may not be able to find a tree. You need to first establish a DS connection first; the PS option sets up a bindery connection. You can establish a DS connection in two ways: a) login to the server using LOGIN.EXE normally and logout; or b) use the PREFERRED TREE option (or /PT= with your VLM).

  8. It seems like there may be a bug with the NetWare Client API's search function. It is easier to explain this with an example. Consider a sample NDS tree:
                  [Root]
                     |
                 O=DreamLAN
                     |
                  ---+---
                 |       |
                      OU=NW4SG
                         |
                      ---+---
                     |       |
                  CN=Test  OU=NW4SG
                             |
                           CN=Test
    
    If you set the BaseContext to NW4SG.DreamLAN and give Test as the username to search for. NDSLogin will come back with 2 hits (correctly) but will show that both Test objects are in the first NW4SG container. However, if you set the BaseContext to DreamLAN, then the context of the found Test objects are reported correctly (Test.NW4SG and Test.NW4SG.NW4SG). If there is no two subsequent levels with the same name, the problem does not occur. Therefore, if the second NW4SG is changed the NW4SG-2, then the Test user objects are found with the correct context information. This problem may have been addressed with v1.12 of NDSLogin.

  9. If you specified the /B option as one of the options, that means you wish to log in using Bindery Services. In this situation, NDSLogin will not search the NDS tree for the user object name. Rather, it will simply pass the user object name, plus other "slash" parameters to LOGIN.EXE. It will be up to the server to determine if the specified user object exists within the bindery context of the server.

  10. Use of wildcard in the username is not supported.

  11. There is one report from a Token Ring site that NDSLogin will lock up the the workstation if the workstation was logged into the network before launching NDSLogin. However, we have been unable to reproduce this issue on other Token Ring or Ethernet networks. It may have something to do with this site's specific workstation configuration. This only happens when the colour support in NDSLogin is turned on. As a result, the colour mode (controlled by ColorMode in the CFG file) is OFF (False) by default.

  12. In a very large tree with multiple partitions, where some partitions are not local, be careful where you start the BaseContext search from in the configuration file. By default, the search starts at [Root]. If you do not have a copy of [Root] locally or there are remote partitions across slow WAN links, NDSLogin may appear to hang the workstation as it tries to tree-walk. In such situations, it is best to limit the scope of the search to local partitions or use IncludeContext in the CFG file to specify which containers to search the username.

  13. NDSLogin will accept parameters for LOGIN.EXE at both the command-line level or when you are prompted for the username. HOWEVER, if you specified /VER, /H, /?, or /HELP, the help screen for NDSLogin will be presented, instead that of LOGIN.EXE.

  14. If you specify any IncludeContext containers, the BaseContext parameter is ignored.

  15. You should give it some thought when using IncludeContext. You should not specify an IncludeContext that is a subordinate of another. For example, ".NW3.NW4.TopLevel" and ".NW4.TopLevel". If you do this, you may get double (or more) hits on the same username.

  16. Make sure the directory path into which you install NDSLOGIN.EXE does not exceed 65 characters in length. (It should not be a problem in general, but does not hurt to mention this limitation here.)

  17. NDSLogin does not currently handle a multi-tree environment. It will search for the user object in the tree the workstation is attached to. Therefore, if you have multiple trees, make sure you use the PREFERRED TREE option in your NET.CFG or /PT= option when loading VLM or Client32.

  18. Because NDSLogin does not support multiple trees, you cannot easily use treename/username to log into another tree using NDSLogin, unless the user you are logging is as happens to be in the same context on both trees. (Addressed in v5.00)

  19. The use of ExcludeContext is "local" to the container you specified. For example, if you specified ExcludeContext = ".NW4.TopLevel", user objects in .NW3.NW4.TopLevel will be found, but not user objects in .NW4.TopLevel. Therefore, if you need to exclude both .NW4.TopLevel and .NW3.NW4.TopLevel, ou need to specify two ExcludeContext entries.

  20. It seems the color routine used in the NDS ToolKit software is incompatible with certain video cards -- the screen will appear to be blank after the banner is displayed. If you do a CLS the color is restored. In such cases, turn OFF the color setting in the CFG file.

  21. There is NO easy way for the APIs to tell the difference between a server or a tree if the names are the same. Therefore, if you have an NDS tree called TEST1 and a NetWare server also called TEST1, NDSLogin may get confused. This problem will be addressed in a future version of NDSLogin.


Installation

No special installation steps or program need to be used. Simply copy NDSLOGIN.EXE and NDSLOGIN.CFG to SYS:LOGIN and SYS:PUBLIC of your servers. You must have the unicode files for the country code and code page that your workstation use available in the the respective NLS directories, for example, SYS:LOGIN\NLS.

Without a valid license (defined in the CFG file), this copy of NDSLOGIN.EXE runs in the demo mode. In the demo mode, the contents of NDSLOGIN.CFG (if present) is ignored.

If your workstation's AUTOEXEC.BAT calls LOGIN automatically, one way you can ease the transition to NDSLogin is to rename NDSLOGIN.EXE to LOGIN.COM and place that in the SYS:LOGIN and SYS:PUBLIC directory. If you do this, however, the CFG file will have to be named LOGIN.CFG. Basically, the CFG file will have to be named after whatever you renamed NDSLOGIN.EXE to be. If you are using Intel's LANDesk Manager, for example, there is already a LOGIN.COM. In such situation, you will have no choice but to update the workstations' AUTOEXEC.BAT files.

Upgrade to v5.00 and higher

For registered owners of previous versions of NDSLogin, you can use the same LiceneKey. However, because of a format change in the CFG file, you need to make a small change. For each NDS tree, you need to create a "section" for the parameters to be used for that tree. For example, for the NDS tree named DREAMLAN, the CFG file looks like this:

;---------------------------------------------------------------
[TreeName = DREAMLAN = xxxx]
LicensedTo = Internal Use Only
Banner2 = DreamLAN Network Consulting Ltd.
LoginLoop = 3
;---------------------------------------------------------------

where "xxxx" is the LicenseKey value. For more details, see Multi-Tree Support section below.


Usage

You use NDSLogin just like you would with LOGIN:

NDSLOGIN username [other LOGIN.EXE parameters] [-Q]

If you specify a context with the username, NDSLogin will not search the tree, but will simply pass the information on to LOGIN.

If you are using NDSLogin as part of a batch file and would like to suppress the display of the copyright information, use the -Q (Quiet) option.

If your login script loads any TSRs, you need to create a batch file, similar to the following, to use NDSLogin:

     @Echo off
     NDSLOGIN %1
     CALL C:\LOGIN_DS.BAT
     DEL C:\LOGIN_DS.BAT

and you will need to create a NDSLOGIN.CFG file and specify HasTSR to TRUE (see below). The reason for doing this is to prevent DOS memory fragmentation of loading a TSR while NDSLOGIN spawns a process to run LOGIN.EXE.

You can use the same technique if NDSLOGIN/LOGIN reports insufficient memory to execute some external program. During testing, we have not come across any insufficient memory problem.

The NDSLOGIN.CFG file must be in the same directory as where you have NDSLOGIN.EXE. Therefore, if you installed the EXE into both SYS:PUBLIC and SYS:LOGIN, a copy of the CFG must be in each directory.


Configuration

You can control the following functions of NDSLogin using a NDSLOGIN.CFG (or whatever.CFG if you renamed NDSLOGIN.EXE to whatever) file:

     1. Banner1        = text          (no default)
     2. Banner2        = text          (no default)
     3. Banner3        = text          (no default)
     4. BaseContext    = contextname   (default is [Root])
     5. ColorMode      = TRUE or FALSE (default is FALSE)
     6. ExcludeContext = contextname   (no default)
     7. HasTSR         = TRUE or FALSE (default is FALSE)
     8. IncludeContext = contextname   (no default)
     9. LocalMode      = TRUE or FALSE (default is FALSE)
    10. LoginLoop      = 'number'      (default 1; max 5)
    11. NoLogo         = TRUE or FALSE (default is FALSE)
    12. Quiet                          (no parameter; is a "toggle")
    13. SecureLogin    = TRUE or FALSE (default is FALSE)
    14. SetContext     = TRUE or FALSE (default is FALSE)

Banner1 through Banner3 (BannerX) allows you to configure a simple 3-line banner. Use Banner1 for the first line, Banner2 for the second, and Banner3 for the third line. Each line is limited to 80 characters, and will be automatically centered.

The BaseContext setting allows you to specify from which container NDSLogin will start searching from. This is useful if you have a large tree or if you do not have local replicas of the partitions. This will speed up the search time considerably. The drawback is that you have limited the scope of the search. The context name is relative to [Root], therefore, you should not place a period in the beginning.

The ColorMode flag indicates if NDSLogin should use colour on the display or not. The default is black/white.

The ExcludeContext option allows you to specify which containers will the userids not be included as "hits" in the search. These containers are still searched for the object, but any hits will be discarded. Opposite in function to the IncludeContext option (see below). There may be times that rather than including 7 containers, you may be able to exclude 2 containers instead. Up to 10 ExcludeContext entries may be specified.

The HasTSR flag indicates to NDSLogin if the external batch file (C:\NDSLOGIN.BAT) is to be created or not. Using this option will cause the workstation's name context to be switched to where the user object name is located. But the batch file created by NDSLogin (i.e. C:\LOGIN_DS.BAT) will restore the workstation's context back to where it was before with a CX command.

The IncludeContext option allows you to select the starting container from which NDSLogin will search for usernames. Up to 10 may be used. The BaseContext option is ignored if IncludeContext is used.

The LocalMode option will limit the search to terminate at the first hit. This is useful if you have specified multiple contexts to search as this will return the result faster. This is especially useful if some of your contexts are across WANs and you do not have a local replica.

The LoginLoop option allows the login program to "loop" a number of times in case the login was not successful. This is useful in "locking" the user in the login mode without having to specify the login name again. However, this option is only useful if you are _not_ using the HasTSR option. If you are using the HasTSR option, you need to modify the batch file that calls LOGIN_DS.BAT and test for ErrorLevel - a non-successful login will return a non-zero value.

By setting the NoLogo option to TRUE, the red "Novell NetWare" banner from the LOGIN.EXE is not displayed. This option is set to TRUE if you specified the BannerX (see above) flags. Or you can set this to TRUE without using any of the BannerX flags.

The Quiet option (no parameters) will turn off the copyright information being displayed during the initial screen.

By setting SecureLogin to TRUE, NDSLogin will disallow the use of /NS and execute LOGIN.EXE from a directory called NDSL under your current working directory. You can flag NDSL hidden to prevent the user from finding where LOGIN.EXE is placed. When you place LOGIN.EXE in the NDSL directory, you also need to place a copy of LOGIN.MSG there as well. If you use this option, you should make sure if you are using the batch file to launch NDSLogin (because of TSRs) the batch file deletes the LOGIN_DS.BAT file as it contains the location of the hidden directory. Some drawbacks of this option:

Therefore, this option is not fool-proof, but it offers additional security.

The SetContext option changes the workstation's context to where the user object id is located.

None of the commands are case sensitive.

NDSLogin does not check the validity of the context name you entered.

Multi-Tree Support

For each NDS tree, you need to create a "section" for the parameters to be used for that tree. For example, for the NDS tree named DREAMLAN, the CFG file looks like this:

;---------------------------------------------------------------
[TreeName = DREAMLAN = xxxx]
LicensedTo = Internal Use Only
Banner2 = DreamLAN Network Consulting Ltd.
LoginLoop = 3
;---------------------------------------------------------------

where "xxxx" is the LicenseKey value. If you have multiple tree licenses, create a section for each tree. NDSLogin will use the workstation's preferred tree to determine which section of the CFG file is used. You can log into a different tree using the syntax:

ndslogin tree_name/user_name

Ensure there is a section for the "tree_name" in the CFG file. The following is a sample CFG file for three trees:

;---------------------------------------------------------------
[TreeName = DREAMLAN = xxxx]
LicensedTo = Production Tree
Banner2 = DreamLAN Network Consulting Ltd.
LoginLoop = 3

[TreeName = WEBSITE_TREE = yyyy]
LicensedTo = Web Server Tree
Banner2 = DreamLAN Network Consulting Ltd. (Web)
LoginLoop = 2

[TreeName = TEST_TREE = zzzz]
LicensedTo = Development Test Tree
Banner2 = DreamLAN Network Consulting Ltd. (Test)
LoginLoop = 3
;---------------------------------------------------------------

If you do not have a valid license for a given tree name, but would like to evaluate NDSLogin in a mutli-tree environment, set the LicenseKey to 0. For example, the following is a sample CFG for two trees, one licensed (DREAMLAN) and one is not (TEST_TREE):

;---------------------------------------------------------------
[TreeName = DREAMLAN = xxxx]
LicensedTo = Production Tree
Banner2 = DreamLAN Network Consulting Ltd.
LoginLoop = 3

[TreeName = TEST_TREE = 0]
LicensedTo = Web Server Test Tree
Banner2 = DreamLAN Network Consulting Ltd. (Web)
LoginLoop = 2
;---------------------------------------------------------------

You may notice some screen color inconsistencies if switching between a licensed tree and an unlicensed tree (because color is not supported on unlicensed trees).


Registration

The version included here is a Shareware/Evaluation version. It does not read the NDSLOGIN.CFG file. That means the search will ALWAYS start from the [Root]; it does not support the loading of TSRs in the login script; and the screen will only be in black/white. The unregisted version will not handle duplicate names; the first hit will be returned. (See what else it will not do by referring to the Configuration section above.)

You are granted 30-day Evaluation License to the Shareware version. You are not allowed to sell or package this utility as part of another software package.

The full version of NDSLogin is available by registering on-line through the following Web sites:

The NDS tree name is required as it is used to generate a key. The registration cost is $99 US. Canadian registration is $135 CDN plus GST. All other countries, please remit in US funds.

You can also FAX a company Purchase Order to +1 (905) 887-3836. Please make sure you either include your tree name information on the FAX or send a follow up email.

Special site agreements for multiple trees and service providers are available. Although the license does not grant you the right to resell the program (for a profit; but you can charge the customer a service charge for your time). If you are a service provider, you can register copies on behave of your customers (by providing your customer's mailing information -- this is used only for tracking purposes). At the same time, we ask you to send us a separate email indicating that you are registering on behave of your customer and inciate in this email if further software upgrade (free or for a charge) be send to you or the customer directly, and an email address for that purpose.


Other Information

NDSLogin is written in C using Microsoft C optimizing compiler and Novell Developer Kit. Some string manipulating routines are from the CXL library and some color routines are from TCIO library.

Inclusion of this utility on CD-ROMs (except for backup purposes) without permission from DreamLAN Network Consulting Ltd. is expressly prohibited.


Revision History