MakeSU

Version PK-4.60
(Nov 22, 1998)


 DISCLAIMER:
     THIS  PRODUCT  IS  SUPPLIED  "AS  IS".  DREAMLAN 
     DISCLAIMS ALL WARRANTIES,  EXPRESSED OR IMPLIED,
     INCLUDING, WITHOUT  LIMITATION,  THE  WARRANTIES
     OF  MERCHANTABILITY   AND  OF  FITNESS  FOR  ANY
     PURPOSE.  DREAMALN   ASSUMES  NO  LIABILITY  FOR
     DAMAGES,  DIRECT  OR  CONSEQUENTIAL,  WHICH  MAY
     RESULT FROM THE USE OF THIS PRODUCT.

Introduction

MakeSU [Make-S-U] is a NetWare NLM utility that allows you to create a new DS user that has Supervisor rights to the [Root] object. You don't have to first authenicate into the NDS tree as Admin -- this is useful when the Admin user object is lost and you can no longer manage the tree.

Instead of to the [Root], MakeSU can grant this new user object full object rights (Supervisor, Browse, Create, Delete, Rename; plus Inheritable in NetWare 5) to any other NDS objects within the tree. This gets around any IRF block that may be placed on a container or object.


What's New


Notes

  1. The target container name can be given in fully distinguished name or typeless name. You do not need to specify the leading period to indicate absolute path. For example,

    OU=org_unit_name.O=org_name
    org_unit_name.org_name
    .org_unit_name.org_name

    are considered to be the same.

  2. Because this utility can create a user with S rights to the [Root], as a security precaution, MakeSU can only be loaded and executed from a diskette (drive A: or B:). It cannot be loaded from C: or a NetWare volume.

    This provides a small security measure against someone from changing the passwords who has no physical access to the server. You can also minimize the risk by doing a REMOVE DOS on the server console so that DOS devices cannot be accessed unless the server is restarted. The use of SECURE CONSOLE will restrict the loading of NLMs to SYS:SYSTEM (and search paths established prior to SECURE CONSOLE, as allowed by the latest Service Packs).

  3. This utility has not been fully tested with SFT III servers but have been used successfully. If you need to use it on a SFT III system, try it on the MSEngine.

  4. The utility is keyed to the name of your NDS tree. Therefore, it will not work on a different tree. This is another small security measure we took to prevent someone from coming into your site with a copy of this utility obtained eleswhere.

  5. A free connection slot is needed on the server for the utility to load.

  6. MakeSU has been tested with the latest DS.NLM on NetWare 4.10, NetWare 4.11, and on NetWare 5.

  7. It was reported by one site that on occassion, MakeSU will report [Root] not found when the NLM is trying to assign rights. This may be due to either the DS or the server being busy, and the created user object (rather than the [Root] object) has not be fully sync'ed with other replicas yet. In v1.06, a 30 second pause has been inserted into the NLM to hopefully address this issue. Sometimes, if it is a busy server, try loading the NLM the second time. That seems to work for some sites too.

  8. There must be a valid license (even if a 2-user) installed on the server for the NLM to load correctly.


Installation

No special installation steps or program need to be used. Simply copy the MAKESU.NLM to a diskette. Make sure the MAKESU.LIC (license file) is located in the same directory as the NLM.

Without a valid MakeSU license, the MAKESU.NLM runs in the demo mode. It will create an user NDS object with only Browse object rights to [Root]. You can verify the result using NWAdmin or NETADMIN, however, you will not be able to log in using this user object as a password is randomly assigned. In the registered version, you will be provided with the password for this object or you can assign one.


Usage

If MAKESU.NLM is loaded without any parameters, a menu screen is displayed and you can proceed interactively (if you load the NLM with the -A (not supported in demo mode) option, addtional functions will be enabled). This is the preferred method. You can also load MakeSU with the following command-line parameters:

LOAD MAKESU org_unit_name.org_name new_user_name [target_obj_name]

This creates a user (called new_user_name) in the container called org_unit_name.org_name. If the optional target_obj_name is not given, full object rights to the [Root] is granted. Otherwise, full object rights is granted to this target_oject_name instead.

You will be prompted to enter a password. This provides a simple protection should someone at your site somehow got a hold of this utility and also have physical access to a server. The password is ----- (not shown here). Note the case.

The default password for the newly created user object is SuperUser (this is not case-sensitive).

You should keep this file in a safe place, and separate from the software.

If you encounter an error message similar to the following about fmod, ensure MATHLIB.NLM is loaded (it is not auto-loaded by the NLM):

Server-4.10-1586: Loader cannot find public symbol: fmod


Configuration

n/a


Registration

The full version of MAKESU.NLM is available by registering on-line through the following Web sites:

The NDS tree name is required as it is used to generate a key. The registration cost is $99 US. Canadian registration is $135 CDN plus GST. All other countries, please remit in US funds.

You can also FAX a company Purchase Order to +1 (905) 887-3836. Please make sure you either include your tree name information on the FAX or send a follow up email.

Special site agreements for multiple trees and service providers are available. Although the license does not grant you the right to resell the program (for a profit; but you can charge the customer a service charge for your time). If you are a service provider, you can register copies on behave of your customers (by providing your customer's mailing information -- this is used only for tracking purposes). At the same time, we ask you to send us a separate email indicating that you are registering on behave of your customer and inciate in this email if further software upgrade (free or for a charge) be send to you or the customer directly, and an email address for that purpose.

Because of the security implication, we may request you to FAX us a cover letter using your company's letterhead for verification or request other means of verification that your need is authentic.


Other Information

MakeSU is written in C using WatCOM C v10.0a optimizing compiler and Novell Developert Kit. No undocumented APIs are used.

Inclusion of this utility on CD-ROMs (except for backup purposes) without permission from DreamLAN Network Consulting Ltd. is expressly prohibited.


Revision History