readme.txt for WaX500 version 2.05 *Updated: 17 May 1995 *Description "Windows acess to X.500" WaX500 is an application program that runs under Microsoft Windows version 3.1 or later. WaX500 is an X.500 client (DUA or Directory User Agent) that allows you to query various entries in the X.500 directory. Currently you can look up people, groups, joinable groups, services, organizations, and documents. Version 2.05 of WaX500 allows you to make modifications to current entries and add new X.500 entries (groups for example). *System Requirements: 386 cpu or better (will not run in Softwindows on a PowerMac) tcp/ip connectivity (ethernet card, PPP, ...) with both tcp and udp ports You must already have WINSOCK.DLL and whatever your tcp/ip stack vendor requires beneath that installed. If you have other tcp/ip utilities working, you probably already have this installed. Your winsock implementation needs to do domain name resolution (most do). *To Install: 1. get into DOS 2. unpack waxr205 into by typing: waxr205.exe -o -d c:\wax500 or pkunzip -o -d waxr205.zip c:\wax500 This will put all the files in the standard directories (see list of files below). The "-d" option creates all subdirectories needed. The "-o" option allows us to overwrite any previously existing copies of the distributed files. 3. add the lines in c:\wax500\install\autoexec.add to your c:\autoexec.bat file. (Or make autoexe.add into a batch file if you prefer.) if you didn't use the DEFAULT DIRECTORIES, you must change the right hand side of the NDIR parameter that gets set in autoexec.bat to be the directory you put wax500 in. The default is c:\wax500. if you are NOT USING NOVELLs TCP/IP STACK or you are NOT IN THE UMCE ENVIRONMENT, you must also set WSHELPER. See comments in autoexec.add. 4. make sure the lines in c:\wax500\install\services.add appear in your "services" file so your system knows kerberos is on udp port 750. (I also have provided c:\wax500\tcp\services if you want to see what mine looks like.) For UM LanWorkPlace for DOS users, the file you need to edit is c:\net\tcp\services. If you have a recent enough version of DOS to have the FIND command you can type: FIND /I "kerberos" \net\tcp\services to see if the needed lines are already present. If they aren't you'll need to edit the services file and add the needed lines. 5. make sure you have a resolv.cfg file with entries appropriate for your network. The file c:\wax500\tcp\resolv.cfg contains the appropriate entries for the University of Michigan Computing Environment. Lan WorkPlace for DOS users should expect this file to be in c:\net\tcp\resolv.cfg. Other vendors put it in other places. The environment variable WSHELPER needs to be set so wshelper.dll can find resolv.cfg if it's not in c:\net\tcp\resolv.cfg. See the comments in wax500\install\autoexec.add for further information. 6. reboot and restart windows. This sets the new environment variables and allocates memory for kerberos tickets. Watch the output to make sure this worked correctly. There is a possiblity of running out of environment space and/or being unable to allocate memory for tickets either of which would prevent kerberos authentication from working. 7. Make sure the TIME on your machine is set as close as possible to the public time service. See "time" in the front of your phonebook, it's 665-1212 in Ann Arbor. Kerberos requires that the TIME on your machine be synchronized with the server and will NOT RESPOND if your TIME is out of synch by more than 5 minutes. 8. add an icon in the Windows program manager to the group of your choice. Under the "File" menu item select "New". In the dialog box that appears, select "Program Item" and click "OK". make "Command Line" c:\wax500\wax500.exe make "Working Directory" c:\wax500 click OK to finish adding the icon 9. run wax500 by clicking on the icon you just made. 10. there are two levels of functionality to check. 1. look things up in the directory (read). To test this, type "babs jensen" in the "Search For:" field of the Finder and hit the "Find" button. After a while you should see a bunch of information about the fictitious Babs. 2. authenticate using kerberos. To test this use the "Authenticate" (or Reauthenticate) item in the "Server" menu on the Menu bar. When prompted, type your uniqName and click on the OK button. If you are offered a choice of how to authenticate, select the "Kerberos/uniqname" option, and click the OK button. Then the authentication dialog box appears (titled "UMCE IAA Services"), this won't go away until you either successfully authenticate, or hit the "Cancel" button. You must click OK to be able to type your password. Type your password, and click OK again. If it works, the "UMCE IAA Services" dialog will disappear, if not, try again or cancel. *Files & heirarchy on distribution disk: \wax500\install\readme.txt \wax500\install\services.add \wax500\install\autoexec.add \wax500\kerb\krb.con \wax500\kerb\krbrealm.con \wax500\kerb\kerbmem.exe \wax500\tcp\resolv.cfg \wax500\tcp\services \wax500\authlib.dll \wax500\disptmpl.cfg \wax500\kerberos.hlp \wax500\krbv4win.dll \wax500\ldfilter.cfg \wax500\ldfriend.cfg \wax500\libldap.dll \wax500\srchpref.cfg \wax500\wax500.exe \wax500\wax500.hlp \wax500\wshelper.dll *What are all those files for? c:\wax500\install\readme.txt the file you're reading now (see recursive) c:\wax500\install\services.add see step 4 above. c:\wax500\install\autoexec.add see step 3 above. c:\wax500\kerb\krb.con first line is default realm, rest list kerberos key distribution centers in various realms c:\wax500\kerb\krbrealm.con maps host names and name suffixes to realms c:\wax500\kerb\kerbmem.exe allocates memory to hold kerberos tickets (must use parameter 128 or larger to have enough space for all the tickets you'll need). Too little space is silently fatal, default is 16 which isn't enough. Units are "paragraphs" of 16 bytes each. c:\wax500\tcp\resolv.cfg needed by WSHelper for gethostbyaddr() calls. Contains addresses of domain name service servers in your environment. See comments in wax500\install\autoexec.add. c:\wax500\tcp\services see step 4 above. c:\wax500\authlib.dll authman interface to MIT's kerberos routines c:\wax500\disptmpl.cfg config file for display templates which control how to present what's found in the directory (named ldaptemplates.conf in the ldap distribution) c:\wax500\kerberos.hlp windows help file for kerberos authentication dialog c:\wax500\krbv4win.dll MIT's kerberos authentication interface for windows c:\wax500\ldfilter.cfg config file for ldap search filter routines (named ldapfilter.conf in the ldap distribution) c:\wax500\ldfriend.cfg config file for friendly mapping of CH to Switzerland, etc. (named ldapfriendly in the ldap distribution) c:\wax500\libldap.dll ldap (light weight directory access protocol) interface to the X.500 directory. (You MUST use this file, other versions of libldap will NOT WORK correctly with WaX500. Accept no substitutes!) c:\wax500\srchpref.cfg config file for search options (finder) dialog (named ldapsearchprefs.conf in the ldap distribution) c:\wax500\wax500.exe the main program, what you run via File manager icon. c:\wax500\wax500.hlp windows help file for wax500 c:\wax500\wshelper.dll winsock helper (like hamburger helper), does DNS gethostbyaddr() calls correctly because some vendors don't *Mailing Lists To receive announcements of new releases and such things: join wax500.announce@umich.edu (see "Modifying an X.500 Entry" in wax500's help, and modify the "Member of Group" attribute of YOUR NAME). if you want to join, but can't, send email to (note the "-request" part): wax500.announce-request@umich.edu To report bugs in or make suggestions for waX.500, send e-mail to: wax500.bugs@umich.edu If you are interested in beta testing new versions of waX.500 or otherwise contributing to the development of waX.500, send e-mail to: wax500.testers-request@umich.edu *Non-UM sites The default behaviour of WaX500 is to connect to port 389 on the server machine ldap.itd.umich.edu as "cn=wax500, ou=Miscellaneous Servers, o=University of Michigan, c=US" with a the searchBase set to "o=University of Michigan, c=US". If you are not affiliated with the University of Michigan, and want to change these defaults. 1) run WaX500 once to create the default ini file. 2) exit WaX500 3) edit \wax500\wax500.ini 4) in the [Configuration] section, change "LDAPBindAs=" to whatever you want (it's up to you to make sure what you put here will work). 5) in the [Current] section, change "SearchBase=" and/or "LDAPServer=" to whatever you want (again it's up to you to make sure what you put here will work). 6) You can also change the LDAPServer on the fly from the preferences screen of WaX500. You can change the searchbase via the browser. 7) I also suggest you NOT change the [Defaults] section, at least until you are sure the changes you made to the [Current] section work. You can always revert to the [Defaults] values in the preferences screen by hitting the "Restore Defaults" button. Or if worse comes to worse, delete the ini file and WaX500 will recreate it. See comments about Wshelper.dll in autoexec.add, set WSHELPER environment variable to point to a resolv.cfg file that is configured for your environment. If you have no use for the kerberos authentication portion of Wax500, you can delete \wax500\authlib.dll and \wax500\krbv4win.dll. WaX500 will realize they aren't available and infer that kerberos is not available. Non UM sites will need to tailor the following things for their local environment. resolv.cfg krbrealm.con krb.con TZ in the autoexec.bat file *Where did this come from: You may aquire the latest version of wax500 via either FTP or the web (WWW). The web page I keep up to date is: http://www.umich.edu/~sgr/wax500.html The FTP (file transfer protocol) site is: ---host--- ---file--- terminator.rs.itd.umich.edu ~ftp/x500/wax500/waxr2xx.exe If you are connected to the University of Michigan's Institutional File System look in the directory: /afs/umich.edu/group/itd/swdist/w/wax500/ for the file: waxr2xx.exe where xx will be the latest version number, for example waxr203.exe. *Update history 2.00 - initial beta release 2.01 - o fixed bug in preference window having to do with changing the server o new krbv4win.dll, no bugs, unexplained size difference, this is the right one. 2.02 - o remove attempt to use BOLD font for labels in result view. the labels were overwriting the content for some users. o make Enter key expand/contract current item in browser. 2.03 - o browser enhanced, behaves more like file manager enter does expand/collapse char keys move you to next item that starts with char typed o fixed bug in adding x500 members to groups o fixed bug in authlib.dll so it uses NDIR environment variable to find kerb\krb.con file as krbv4win.dll does. o installation procedures drastically simplified and total # of files reduced. o ini file now lives in same directory as wax500, not \windows so wax500 is completely self contained, and uninstallable o kerberos now works over a PPP connection o corrected bug where libldap didn't ever free authlib.dll. o added Defaults/LDAPPort to INI file so users can change it. o ini file name as parm on invocation o searchbase and server on invocation line o made "Also Known As" read only in disptmpl config until I implement ModRDN o fixed bug in set searchbase that made finder the active, but not highlighted window i.e. cursor and tab were in finder which was dimmed and beneath browser. o DNPiecesDisplayed from INI file now, so users can control how many levels of DNs are displayed o double click in authas selects item clicked on and implies OK o use case sensitive comparison in CIS (all but DN) to see if user changed something during edit so changes should be saved o fixed bug that falsely reported changes were successfull o put version number in ini file. rewrite based on this. 2.04 - o fixed last line of text not visible during edit bug o fixed discard auth GPF in retail version o detect and close edit box, detect changes, prompt user to save or no on document close o new krbv4win.dll works over PPP, iterates over alternate hosts, uses same string-to-key fcn to encode new password that old password was encrypted with, requires WSHELPER which requires access to "resolv.cfg" file 2.05 - o enforce rule that memberOfGroup items must be groups o warn users if group joined is not currently "joinable" o warn users that server will/may ignore case change o add "expires" to disptmpl.cfg for um person