Proof of Concept: NFS Attributes Editor

  • Article

Proof of Concept: NFS Attributes Editor

We come across a lot of people who have IdMU tools installed even though they don't use the NIS authentication. This, primarily, happens because they have NFS in their environment and with Windows Vista and later, the only way to get identities mapped is by way of Active Directory Lookup. Since, IdMU and NFS both use RFC2307 attributes in Active Directory and only IdMU provides a graphical tool to populate the RFC2307 attributes for users and group objects, they prefer to install IdMU tools just to get that GUI and use it over the scripts or other cumbersome methods.

Some environments do not allow installation of components that are not used for security reasons and in those cases, it really becomes a problem.

I have come up with a proof of concept tools to populate the uidNumber and gidNumber attributes for users and groups in Active Directory. I have used AutoScript to write this and used the ADFunctions library by Jonthan Clelland. I had to make some modifications to the library because I plan to extend this tool to become fully interoperable for NIS users and groups as well. That would mean that it should be possible to replace the IdMU UNIX Attributes tab with this tool in the longer run.

For now, it only populates the uidNumber and gidNumber attributes for user objects and gidNumber attributes for group objects. When you run it for the first time, it creates a SETUP.INI file where it stores the Base DN, uidNumber and gidNumber values to be used as a starting point. You can customize these values based on your requirements.

The source code for the NFS Attributes Editor is here - https://blogs.msdn.com/cfs-filesystemfile.ashx/__key/CommunityServer-Blogs-Components-WeblogFiles/00-00-00-81-91-NFSAttrEditor/2474.NFSAttrEditor.txt

The adfunctions library that I used is here - https://blogs.msdn.com/cfs-file.ashx/__key/CommunityServer-Blogs-Components-WeblogFiles/00-00-00-81-91-NFSAttrEditor/8446.adfunctions.txt

You will need to intall AutoIt (www.autoitscript.com) on your system before you can use it. After that you can download the files and change the extension to AU3 and then compile them to be used on any other system without installing AutoIt on them.

NOTE: The only change that I have made to this library is on line 248 to the function _ADModifyAttribute to make it accept an additional argument.