Authenticating Against a Novell Directory Service

The Pharos NDS Logon Plug-in (ndslogonplugin.exe) is the Logon Plug-in that Pharos uses by default to authenticate users against one or more Novell NetWare Directory Services. It should be used in conjunction with the Pharos NDS Password Plug-in (ndspasswordplugin.exe). These files can be found at tools\plugins\nds on the Pharos disk image.

Using the Plug-in

Before installing the Plug-in, the following pre-requisites must be met:

  • The Pharos Print Server must be installed.
  • Novell NetWare Client for Windows must be installed on the Pharos Print Server.
  • The Novell Server must be version 4.00 or later.
  • The Preferred Tree for the Novell NetWare Client must be specified. To do this:
    1. From the Start button, select Settings > Control Panel > Network > Services tab.
    2. In the Network Services window, select Novell NetWare Client for Windows and click Properties.
    3. Select the Client tab and specify the Preferred Tree value.

To install the NDS Plug-in, copy the executables ndslogonplugin.exe and ndspasswordplugin.exe from the \tools\plugins\nds directory of the Pharos disk image to the pharos\bin directory of all Pharos servers.

To configure Pharos to use the NDS Plug-in:

  1. Create a new bank at System > Banks. Configure the Bank as follows:
  2. Select "ID and Password Dialog Box" for both the Source of Identification and Source of Payment.
  3. Set ndslogonplugin.exe as the Bank's Logon Plug-in.
  4. Set ndspasswordplugin.exe as the Bank's ChangePassword Plug-in.
  5. In the System > Server Configuration context, select the Print Server you want to use the Plug-in.
  6. Set the Bank property to the name of the bank created in the steps above.
  7. Click the Change Control button to propagate the changes to the servers.

Configuring the Plug-in

To configure the Plug-in from the command line, run:

NDSLogonPlugin.exe –config [SearchContainer] [SearchUserName] [SearchPassword] [PrefixLength]

from the directory that the Plug-in is installed in.

The configuration values should be enclosed in double quotes if they contain spaces. The configuration values will be stored in the registry at:

HKEY_LOCAL_MACHINE\SOFTWARE\Pharos\Plugins\NDS

The following table describes the configuration values:

Value

Type

Description

Examples

SearchContainer

String

Specifies the branch of the NDS tree, which will be used to start the search. All sub branches will be searched for the username.

 

o=pharos

ou=support.o=pharos

UserName

String

Name of the user the Plug-in will use to logon when performing search. The user needs to have enough permissions to search the NDS tree from the SearchPath down the branches. Note, that the name is specified in the relative format. If you need to specify the name in the absolute format, it should be ended with a period.

searchuser

cn=searchuser

cn=searchuser.o=pharos.

Password

String

Password of the above user.

 

PrefixLength

Integer

Optional. Relevant to NDS configurations where user accounts are separated into containers by first few characters of the username. For example all users accounts starting with “bob” will be placed in the container called “bob”. If this parameter is present, it specifies how many characters from the username to use as a prefix to locate the relevant container.

 

Testing the Plug-in

Test the Plug-in before using it with Pharos. To test the Plug-in from the command line:

  1. Make sure you are not logged on to Novell NDS; otherwise, an error message appears: "The supplied set of credentials conflict with the existing set of credentials."
  2. Type the following at the command prompt (from the directory that the Plug-in is installed in):

ndslogonplugin.exe [resultfile] [level] [username] [password]

Where:

    • [resultfile] is the full path of the file that results will be written to .
    • [level] is a Pharos access level. Currently, the Plug-in ignores this information, but it must be supplied.
    • [username] and [password] are the user name (Logon ID) and password respectively of a User account in the Pharos Database.
  1. Run the Plug-in with these parameters and then open the results file using Notepad. The file should display either "OK" or "FAIL". "OK" means the user has passed the authentication. "FAIL" means the user does not exist or the password is incorrect or there is some other error.

To view details of an error that may occur, activate logging for the Plug-in. Standard Pharos logging is used. Create a registry key to specify logging parameters.