readme.txt for WaX500 version 2.05
*Updated: 17 May 1995
*Description
"Windows acess to X.500"
WaX500 is an application program that runs under Microsoft Windows version
3.1 or later.
WaX500 is an X.500 client (DUA or Directory User Agent) that allows you
to query various entries in the X.500 directory. Currently you can look
up people, groups, joinable groups, services, organizations, and documents.
Version 2.05 of WaX500 allows you to make modifications to current entries
and add new X.500 entries (groups for example).
*System Requirements:
386 cpu or better (will not run in Softwindows on a PowerMac)
tcp/ip connectivity (ethernet card, PPP, ...) with both tcp and udp ports
You must already have WINSOCK.DLL and whatever your tcp/ip
stack vendor requires beneath that installed. If you have other tcp/ip
utilities working, you probably already have this installed.
Your winsock implementation needs to do domain name resolution (most do).
*To Install:
1. get into DOS
2. unpack waxr205 into by typing:
waxr205.exe -o -d c:\wax500
or pkunzip -o -d waxr205.zip c:\wax500
This will put all the files in the standard directories (see list of
files below). The "-d" option creates all subdirectories needed. The
"-o" option allows us to overwrite any previously existing copies
of the distributed files.
3. add the lines in c:\wax500\install\autoexec.add to your c:\autoexec.bat
file. (Or make autoexe.add into a batch file if you prefer.)
if you didn't use the DEFAULT DIRECTORIES, you must change the
right hand side of the NDIR parameter that gets set in autoexec.bat to
be the directory you put wax500 in. The default is c:\wax500.
if you are NOT USING NOVELLs TCP/IP STACK or you are NOT IN THE UMCE
ENVIRONMENT, you must also set WSHELPER. See comments in autoexec.add.
4. make sure the lines in c:\wax500\install\services.add appear in your
"services" file so your system knows kerberos is on udp port 750.
(I also have provided c:\wax500\tcp\services
if you want to see what mine looks like.) For UM LanWorkPlace for DOS
users, the file you need to edit is c:\net\tcp\services. If you have
a recent enough version of DOS to have the FIND command you can type:
FIND /I "kerberos" \net\tcp\services
to see if the needed lines are already present. If they aren't you'll
need to edit the services file and add the needed lines.
5. make sure you have a resolv.cfg file with entries appropriate for your
network.
The file c:\wax500\tcp\resolv.cfg contains the
appropriate entries for the University of Michigan Computing
Environment. Lan WorkPlace for DOS users should expect this file to be
in c:\net\tcp\resolv.cfg. Other vendors put it in other places.
The environment variable WSHELPER needs to be set so wshelper.dll
can find resolv.cfg if it's not in c:\net\tcp\resolv.cfg. See the
comments in wax500\install\autoexec.add for further information.
6. reboot and restart windows.
This sets the new environment variables and allocates memory for
kerberos tickets. Watch the output to make sure this worked
correctly. There is a possiblity of running out of environment
space and/or being unable to allocate memory for tickets either
of which would prevent kerberos authentication from working.
7. Make sure the TIME on your machine is set as close as possible to the
public time service.
See "time" in the front of your phonebook, it's 665-1212 in
Ann Arbor. Kerberos requires that the TIME on your machine be
synchronized with the server and will NOT RESPOND if your TIME
is out of synch by more than 5 minutes.
8. add an icon in the Windows program manager to the group of your choice.
Under the "File" menu item select "New".
In the dialog box that appears, select "Program Item" and click "OK".
make "Command Line" c:\wax500\wax500.exe
make "Working Directory" c:\wax500
click OK to finish adding the icon
9. run wax500 by clicking on the icon you just made.
10. there are two levels of functionality to check.
1. look things up in the directory (read). To test this, type "babs
jensen" in the "Search For:" field of the Finder and hit the "Find"
button. After a while you should see a bunch of information about
the fictitious Babs.
2. authenticate using kerberos. To test this use the "Authenticate"
(or Reauthenticate) item in the "Server" menu on the Menu bar.
When prompted, type your uniqName and click on the OK button.
If you are offered a choice of how to authenticate, select the
"Kerberos/uniqname" option, and click the OK button. Then the
authentication dialog box appears (titled "UMCE IAA Services"),
this won't go away until you either successfully authenticate,
or hit the "Cancel" button. You must click OK to be able to type
your password. Type your password, and click OK again. If it works,
the "UMCE IAA Services" dialog will disappear, if not, try again or
cancel.
*Files & heirarchy on distribution disk:
\wax500\install\readme.txt
\wax500\install\services.add
\wax500\install\autoexec.add
\wax500\kerb\krb.con
\wax500\kerb\krbrealm.con
\wax500\kerb\kerbmem.exe
\wax500\tcp\resolv.cfg
\wax500\tcp\services
\wax500\authlib.dll
\wax500\disptmpl.cfg
\wax500\kerberos.hlp
\wax500\krbv4win.dll
\wax500\ldfilter.cfg
\wax500\ldfriend.cfg
\wax500\libldap.dll
\wax500\srchpref.cfg
\wax500\wax500.exe
\wax500\wax500.hlp
\wax500\wshelper.dll
*What are all those files for?
c:\wax500\install\readme.txt the file you're reading now (see recursive)
c:\wax500\install\services.add see step 4 above.
c:\wax500\install\autoexec.add see step 3 above.
c:\wax500\kerb\krb.con first line is default realm, rest list
kerberos key distribution centers in various
realms
c:\wax500\kerb\krbrealm.con maps host names and name suffixes to realms
c:\wax500\kerb\kerbmem.exe allocates memory to hold kerberos tickets
(must use parameter 128 or larger to have
enough space for all the tickets you'll need).
Too little space is silently fatal, default
is 16 which isn't enough. Units are
"paragraphs" of 16 bytes each.
c:\wax500\tcp\resolv.cfg needed by WSHelper for gethostbyaddr() calls.
Contains addresses of domain name service
servers in your environment. See comments
in wax500\install\autoexec.add.
c:\wax500\tcp\services see step 4 above.
c:\wax500\authlib.dll authman interface to MIT's kerberos routines
c:\wax500\disptmpl.cfg config file for display templates which
control how to present what's found in the
directory (named ldaptemplates.conf in the
ldap distribution)
c:\wax500\kerberos.hlp windows help file for kerberos authentication
dialog
c:\wax500\krbv4win.dll MIT's kerberos authentication interface for
windows
c:\wax500\ldfilter.cfg config file for ldap search filter routines
(named ldapfilter.conf in the ldap
distribution)
c:\wax500\ldfriend.cfg config file for friendly mapping of CH to
Switzerland, etc. (named ldapfriendly in the
ldap distribution)
c:\wax500\libldap.dll ldap (light weight directory access protocol)
interface to the X.500 directory. (You MUST
use this file, other versions of libldap
will NOT WORK correctly with WaX500. Accept
no substitutes!)
c:\wax500\srchpref.cfg config file for search options (finder)
dialog (named ldapsearchprefs.conf in the
ldap distribution)
c:\wax500\wax500.exe the main program, what you run via File manager
icon.
c:\wax500\wax500.hlp windows help file for wax500
c:\wax500\wshelper.dll winsock helper (like hamburger helper), does
DNS gethostbyaddr() calls correctly because
some vendors don't
*Mailing Lists
To receive announcements of new releases and such things:
join wax500.announce@umich.edu
(see "Modifying an X.500 Entry" in wax500's help, and modify the
"Member of Group" attribute of YOUR NAME).
if you want to join, but can't, send email to (note the "-request" part):
wax500.announce-request@umich.edu
To report bugs in or make suggestions for waX.500, send e-mail to:
wax500.bugs@umich.edu
If you are interested in beta testing new versions of waX.500 or otherwise
contributing to the development of waX.500, send e-mail to:
wax500.testers-request@umich.edu
*Non-UM sites
The default behaviour of WaX500 is to connect to port 389 on the
server machine ldap.itd.umich.edu as "cn=wax500, ou=Miscellaneous
Servers, o=University of Michigan, c=US" with a the searchBase set to
"o=University of Michigan, c=US".
If you are not affiliated with the University of Michigan, and want
to change these defaults.
1) run WaX500 once to create the default ini file.
2) exit WaX500
3) edit \wax500\wax500.ini
4) in the [Configuration] section, change "LDAPBindAs=" to whatever
you want (it's up to you to make sure what you put here will work).
5) in the [Current] section, change "SearchBase=" and/or "LDAPServer="
to whatever you want (again it's up to you to make sure what you put
here will work).
6) You can also change the LDAPServer on the fly from the preferences
screen of WaX500. You can change the searchbase via the browser.
7) I also suggest you NOT change the [Defaults] section, at least until
you are sure the changes you made to the [Current] section work. You
can always revert to the [Defaults] values in the preferences screen
by hitting the "Restore Defaults" button. Or if worse comes to worse,
delete the ini file and WaX500 will recreate it.
See comments about Wshelper.dll in autoexec.add, set WSHELPER environment
variable to point to a resolv.cfg file that is configured for your environment.
If you have no use for the kerberos authentication portion of Wax500, you
can delete \wax500\authlib.dll and \wax500\krbv4win.dll. WaX500 will realize
they aren't available and infer that kerberos is not available.
Non UM sites will need to tailor the following things for their local environment.
resolv.cfg
krbrealm.con
krb.con
TZ in the autoexec.bat file
*Where did this come from:
You may aquire the latest version of wax500 via either FTP or the web (WWW).
The web page I keep up to date is:
http://www.umich.edu/~sgr/wax500.html
The FTP (file transfer protocol) site is:
---host--- ---file---
terminator.rs.itd.umich.edu ~ftp/x500/wax500/waxr2xx.exe
If you are connected to the University of Michigan's Institutional File
System look in the directory:
/afs/umich.edu/group/itd/swdist/w/wax500/
for the file:
waxr2xx.exe
where xx will be the latest version number, for example waxr203.exe.
*Update history
2.00 - initial beta release
2.01 - o fixed bug in preference window having to do with changing the
server
o new krbv4win.dll, no bugs, unexplained size difference, this
is the right one.
2.02 - o remove attempt to use BOLD font for labels in result view.
the labels were overwriting the content for some users.
o make Enter key expand/contract current item in browser.
2.03 - o browser enhanced, behaves more like file manager
enter does expand/collapse
char keys move you to next item that starts with char typed
o fixed bug in adding x500 members to groups
o fixed bug in authlib.dll so it uses NDIR environment variable
to find kerb\krb.con file as krbv4win.dll does.
o installation procedures drastically simplified and total # of
files reduced.
o ini file now lives in same directory as wax500, not \windows
so wax500 is completely self contained, and uninstallable
o kerberos now works over a PPP connection
o corrected bug where libldap didn't ever free authlib.dll.
o added Defaults/LDAPPort to INI file so users can change it.
o ini file name as parm on invocation
o searchbase and server on invocation line
o made "Also Known As" read only in disptmpl config until I
implement ModRDN
o fixed bug in set searchbase that made finder the active, but
not highlighted window i.e. cursor and tab were in finder
which was dimmed and beneath browser.
o DNPiecesDisplayed from INI file now, so users can control how
many levels of DNs are displayed
o double click in authas selects item clicked on and implies OK
o use case sensitive comparison in CIS (all but DN) to see if
user changed something during edit so changes should be saved
o fixed bug that falsely reported changes were successfull
o put version number in ini file. rewrite based on this.
2.04 - o fixed last line of text not visible during edit bug
o fixed discard auth GPF in retail version
o detect and close edit box, detect changes, prompt user to
save or no on document close
o new krbv4win.dll works over PPP, iterates over alternate hosts,
uses same string-to-key fcn to encode new password that old
password was encrypted with, requires WSHELPER which requires
access to "resolv.cfg" file
2.05 - o enforce rule that memberOfGroup items must be groups
o warn users if group joined is not currently "joinable"
o warn users that server will/may ignore case change
o add "expires" to disptmpl.cfg for um person