IdentitySource.ps1
|
<#
Copyright 2021 VMware, Inc. SPDX-License-Identifier: BSD-2-Clause #> function Add-ExternalDomainIdentitySource { <# .NOTES =========================================================================== Created on: 2/11/2021 Created by: Dimitar Milov Twitter: @dimitar_milov Github: https://github.com/dmilov =========================================================================== .DESCRIPTION This function adds Identity Source of ActiveDirectory, OpenLDAP or NIS type. .PARAMETER Name Name of the identity source .PARAMETER DomainName Domain name .PARAMETER DomainAlias Domain alias .PARAMETER PrimaryUrl Primary Server URL .PARAMETER BaseDNUsers Base distinguished name for users .PARAMETER BaseDNGroups Base distinguished name for groups .PARAMETER Username Domain authentication user name .PARAMETER Passowrd Domain authentication password .PARAMETER DomainServerType Type of the ExternalDomain, one of 'ActiveDirectory','OpenLdap','NIS' .PARAMETER Default Sets the Identity Source as the defualt for the SSO .PARAMETER Server Specifies the vSphere Sso Admin Server on which you want to run the cmdlet. If not specified the servers available in $global:DefaultSsoAdminServers variable will be used. .EXAMPLE Add-ExternalDomainIdentitySource ` -Name 'sof-powercli' ` -DomainName 'sof-powercli.vmware.com' ` -DomainAlias 'sof-powercli' ` -PrimaryUrl 'ldap://sof-powercli.vmware.com:389' ` -BaseDNUsers 'CN=Users,DC=sof-powercli,DC=vmware,DC=com' ` -BaseDNGroups 'CN=Users,DC=sof-powercli,DC=vmware,DC=com' ` -Username 'sofPowercliAdmin' ` -Password '$up3R$Tr0Pa$$w0rD' Adds External Identity Source #> [CmdletBinding()] [Alias("Add-ActiveDirectoryIdentitySource")] param( [Parameter( Mandatory = $true, ValueFromPipeline = $false, ValueFromPipelineByPropertyName = $false, HelpMessage = 'Friendly name of the identity source')] [ValidateNotNull()] [string] $Name, [Parameter( Mandatory = $true, ValueFromPipeline = $false, ValueFromPipelineByPropertyName = $false)] [ValidateNotNull()] [string] $DomainName, [Parameter( Mandatory = $false, ValueFromPipeline = $false, ValueFromPipelineByPropertyName = $false)] [string] $DomainAlias, [Parameter( Mandatory = $true, ValueFromPipeline = $false, ValueFromPipelineByPropertyName = $false)] [ValidateNotNull()] [string] $PrimaryUrl, [Parameter( Mandatory = $true, ValueFromPipeline = $false, ValueFromPipelineByPropertyName = $false, HelpMessage = 'Base distinguished name for users')] [ValidateNotNull()] [string] $BaseDNUsers, [Parameter( Mandatory = $true, ValueFromPipeline = $false, ValueFromPipelineByPropertyName = $false, HelpMessage = 'Base distinguished name for groups')] [ValidateNotNull()] [string] $BaseDNGroups, [Parameter( Mandatory = $true, ValueFromPipeline = $false, ValueFromPipelineByPropertyName = $false, HelpMessage = 'Domain authentication user name')] [ValidateNotNull()] [string] $Username, [Parameter( Mandatory = $true, ValueFromPipeline = $false, ValueFromPipelineByPropertyName = $false, HelpMessage = 'Domain authentication password')] [ValidateNotNull()] [string] $Password, [Parameter( Mandatory = $false, ValueFromPipeline = $false, ValueFromPipelineByPropertyName = $false, HelpMessage = 'External domain server type')] [ValidateSet('ActiveDirectory')] [string] $DomainServerType = 'ActiveDirectory', [Parameter( Mandatory = $false, ValueFromPipeline = $false, ValueFromPipelineByPropertyName = $false, HelpMessage = 'Sets the Identity Source as default')] [Switch] $Default, [Parameter( Mandatory = $false, ValueFromPipeline = $false, ValueFromPipelineByPropertyName = $false, HelpMessage = 'Connected SsoAdminServer object')] [ValidateNotNull()] [VMware.vSphere.SsoAdminClient.DataTypes.SsoAdminServer] $Server) $serversToProcess = $global:DefaultSsoAdminServers.ToArray() if ($Server -ne $null) { $serversToProcess = $Server } try { foreach ($connection in $serversToProcess) { if (-not $connection.IsConnected) { Write-Error "Server $connection is disconnected" continue } $connection.Client.AddActiveDirectoryExternalDomain( $DomainName, $DomainAlias, $Name, $PrimaryUrl, $BaseDNUsers, $BaseDNGroups, $Username, $Password, $DomainServerType); if ($Default) { $connection.Client.SetDefaultIdentitySource($Name) } } } catch { Write-Error (FormatError $_.Exception) } } function Add-LDAPIdentitySource { <# .NOTES =========================================================================== Created on: 2/11/2021 Created by: Dimitar Milov Twitter: @dimitar_milov Github: https://github.com/dmilov =========================================================================== .DESCRIPTION This function adds LDAP Identity Source of ActiveDirectory, OpenLDAP or NIS type. .PARAMETER Name Friendly name of the identity source .PARAMETER DomainName Domain name .PARAMETER DomainAlias Domain alias .PARAMETER PrimaryUrl Primary Server URL .PARAMETER SecondaryUrl Secondary Server URL .PARAMETER BaseDNUsers Base distinguished name for users .PARAMETER BaseDNGroups Base distinguished name for groups .PARAMETER Username Domain authentication user name .PARAMETER Passowrd Domain authentication password .PARAMETER Credential Domain authentication credential .PARAMETER ServerType Type of the ExternalDomain, one of 'ActiveDirectory','OpenLdap','NIS' .PARAMETER Certificates List of X509Certicate2 LDAP certificates .PARAMETER Default Sets the Identity Source as the defualt for the SSO .PARAMETER Server Specifies the vSphere Sso Admin Server on which you want to run the cmdlet. If not specified the servers available in $global:DefaultSsoAdminServers variable will be used. Adds LDAP Identity Source .EXAMPLE Add-LDAPIdentitySource ` -Name 'sof-powercli' ` -DomainName 'sof-powercli.vmware.com' ` -DomainAlias 'sof-powercli' ` -PrimaryUrl 'ldap://sof-powercli.vmware.com:389' ` -BaseDNUsers 'CN=Users,DC=sof-powercli,DC=vmware,DC=com' ` -BaseDNGroups 'CN=Users,DC=sof-powercli,DC=vmware,DC=com' ` -Username 'sofPowercliAdmin@sof-powercli.vmware.com' ` -Password '$up3R$Tr0Pa$$w0rD' ` -Certificates 'C:\Temp\test.cer' #> [CmdletBinding()] param( [Parameter( Mandatory = $true, ValueFromPipeline = $false, ValueFromPipelineByPropertyName = $false, HelpMessage = 'Friendly name of the identity source')] [ValidateNotNull()] [string] $Name, [Parameter( Mandatory = $true, ValueFromPipeline = $false, ValueFromPipelineByPropertyName = $false)] [ValidateNotNull()] [string] $DomainName, [Parameter( Mandatory = $false, ValueFromPipeline = $false, ValueFromPipelineByPropertyName = $false)] [string] $DomainAlias, [Parameter( Mandatory = $false, ValueFromPipeline = $false, ValueFromPipelineByPropertyName = $false)] [string] $SecondaryUrl, [Parameter( Mandatory = $true, ValueFromPipeline = $false, ValueFromPipelineByPropertyName = $false)] [ValidateNotNull()] [string] $PrimaryUrl, [Parameter( Mandatory = $true, ValueFromPipeline = $false, ValueFromPipelineByPropertyName = $false, HelpMessage = 'Base distinguished name for users')] [ValidateNotNull()] [string] $BaseDNUsers, [Parameter( Mandatory = $true, ValueFromPipeline = $false, ValueFromPipelineByPropertyName = $false, HelpMessage = 'Base distinguished name for groups')] [ValidateNotNull()] [string] $BaseDNGroups, [Parameter( Mandatory = $true, ValueFromPipeline = $false, ValueFromPipelineByPropertyName = $false, HelpMessage = 'Domain authentication user name', ParameterSetName = 'DomainAuthenticationPassword')] [ValidateNotNull()] [string] $Username, [Parameter( Mandatory = $true, ValueFromPipeline = $false, ValueFromPipelineByPropertyName = $false, HelpMessage = 'Domain authentication password', ParameterSetName = 'DomainAuthenticationPassword')] [ValidateNotNull()] [VMware.vSphere.SsoAdmin.Utils.StringToSecureStringArgumentTransformationAttribute()] [SecureString] $Password, [Parameter( Mandatory = $true, ValueFromPipeline = $false, ValueFromPipelineByPropertyName = $false, HelpMessage = 'PSCredential object to use for authenticating with the LDAP', ParameterSetName = 'DomainAuthenticationCredential')] [PSCredential] $Credential, [Parameter( Mandatory = $false, ValueFromPipeline = $false, ValueFromPipelineByPropertyName = $false, HelpMessage = 'Ldap Certificates')] [System.Security.Cryptography.X509Certificates.X509Certificate2[]] $Certificates, [Parameter( Mandatory = $false, ValueFromPipeline = $false, ValueFromPipelineByPropertyName = $false, HelpMessage = 'Ldap Server type')] [ValidateSet('ActiveDirectory', 'OpenLdap')] [string] $ServerType = 'ActiveDirectory', [Parameter( Mandatory = $false, ValueFromPipeline = $false, ValueFromPipelineByPropertyName = $false, HelpMessage = 'Sets the Identity Source as default')] [Switch] $Default, [Parameter( Mandatory = $false, ValueFromPipeline = $false, ValueFromPipelineByPropertyName = $false, HelpMessage = 'Connected SsoAdminServer object')] [ValidateNotNull()] [VMware.vSphere.SsoAdminClient.DataTypes.SsoAdminServer] $Server) $serversToProcess = $global:DefaultSsoAdminServers.ToArray() if ($Server -ne $null) { $serversToProcess = $Server } try { foreach ($connection in $serversToProcess) { if (-not $connection.IsConnected) { Write-Error "Server $connection is disconnected" continue } $authenticationUserName = "" $authenticationPassword = "" if ($PSBoundParameters.ContainsKey('Credential')) { $authenticationUserName = $Credential.UserName $authenticationPassword = $Credential.Password } else { $authenticationUserName = $Username $authenticationPassword = $Password } $connection.Client.AddLdapIdentitySource( $DomainName, $DomainAlias, $Name, $PrimaryUrl, $SecondaryUrl, $BaseDNUsers, $BaseDNGroups, $authenticationUserName, $authenticationPassword, $ServerType, $Certificates); if ($Default) { $connection.Client.SetDefaultIdentitySource($Name) } } } catch { Write-Error (FormatError $_.Exception) } } function Set-LDAPIdentitySource { <# .NOTES =========================================================================== Created on: 2/17/2021 Created by: Dimitar Milov Twitter: @dimitar_milov Github: https://github.com/dmilov =========================================================================== .DESCRIPTION This function adds LDAP Identity Source of ActiveDirectory, OpenLDAP or NIS type. .PARAMETER IdentitySource Identity Source to update .PARAMETER Certificates List of X509Certicate2 LDAP certificates .PARAMETER Username Domain authentication user name .PARAMETER Passowrd Domain authentication password .PARAMETER Credential Domain authentication credential .PARAMETER Default Sets the Identity Source as the defualt for the SSO .PARAMETER Server Specifies the vSphere Sso Admin Server on which you want to run the cmdlet. If not specified the servers available in $global:DefaultSsoAdminServers variable will be used. Updates LDAP Identity Source .EXAMPLE Updates certificate of a LDAP identity source Get-IdentitySource -External | ` Set-LDAPIdentitySource ` -Certificates 'C:\Temp\test.cer' .EXAMPLE Updates certificate of a LDAP identity source authentication password Get-IdentitySource -External | ` Set-LDAPIdentitySource ` -Username 'sofPowercliAdmin@sof-powercli.vmware.com' ` -Password '$up3R$Tr0Pa$$w0rD' #> [CmdletBinding()] param( [Parameter( Mandatory = $true, ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $false, HelpMessage = 'Identity source to update')] [ValidateNotNull()] [VMware.vSphere.SsoAdminClient.DataTypes.ActiveDirectoryIdentitySource] $IdentitySource, [Parameter( Mandatory = $true, ValueFromPipeline = $false, ValueFromPipelineByPropertyName = $false, HelpMessage = 'Ldap Certificates', ParameterSetName = 'UpdateCertificates')] [System.Security.Cryptography.X509Certificates.X509Certificate2[]] $Certificates, [Parameter( Mandatory = $true, ValueFromPipeline = $false, ValueFromPipelineByPropertyName = $false, HelpMessage = 'Domain authentication user name', ParameterSetName = 'DomainAuthenticationPassword')] [ValidateNotNull()] [string] $Username, [Parameter( Mandatory = $true, ValueFromPipeline = $false, ValueFromPipelineByPropertyName = $false, HelpMessage = 'Domain authentication password', ParameterSetName = 'DomainAuthenticationPassword')] [ValidateNotNull()] [VMware.vSphere.SsoAdmin.Utils.StringToSecureStringArgumentTransformationAttribute()] [SecureString] $Password, [Parameter( Mandatory = $true, ValueFromPipeline = $false, ValueFromPipelineByPropertyName = $false, HelpMessage = 'PSCredential object to use for authenticating with the LDAP', ParameterSetName = 'DomainAuthenticationCredential')] [PSCredential] $Credential, [Parameter( Mandatory = $false, ValueFromPipeline = $false, ValueFromPipelineByPropertyName = $false, ParameterSetName = 'SetAsDefault', HelpMessage = 'Sets the Identity Source as default')] [Switch] $Default, [Parameter( Mandatory = $false, ValueFromPipeline = $false, ValueFromPipelineByPropertyName = $false, HelpMessage = 'Connected SsoAdminServer object')] [ValidateNotNull()] [VMware.vSphere.SsoAdminClient.DataTypes.SsoAdminServer] $Server) Process { $serversToProcess = $global:DefaultSsoAdminServers.ToArray() if ($null -ne $Server) { $serversToProcess = $Server } try { foreach ($connection in $serversToProcess) { if (-not $connection.IsConnected) { Write-Error "Server $connection is disconnected" continue } if ($PSBoundParameters.ContainsKey('Certificates')) { $connection.Client.UpdateLdapIdentitySource( $IdentitySource.Name, $IdentitySource.FriendlyName, $IdentitySource.PrimaryUrl, $IdentitySource.FailoverUrl, $IdentitySource.UserBaseDN, $IdentitySource.GroupBaseDN, $Certificates); } $authenticationUserName = $null $authenticationPassword = $null if ($PSBoundParameters.ContainsKey('Credential')) { $authenticationUserName = $Credential.UserName $authenticationPassword = $Credential.Password } if ($PSBoundParameters.ContainsKey('Password')) { $authenticationUserName = $Username $authenticationPassword = $Password } if ($null -ne $authenticationPassword) { $connection.Client.UpdateLdapIdentitySourceAuthentication( $IdentitySource.Name, $authenticationUserName, $authenticationPassword); } if ($Default) { $connection.Client.SetDefaultIdentitySource($IdentitySource.Name) } } } catch { Write-Error (FormatError $_.Exception) } } } function Set-IdentitySource { <# .NOTES =========================================================================== Created on: 2/25/2022 Created by: Dimitar Milov Twitter: @dimitar_milov Github: https://github.com/dmilov =========================================================================== .DESCRIPTION Updates IDentitySource .PARAMETER IdentitySource Identity Source to update .PARAMETER Default Sets the Identity Source as the defualt for the SSO .PARAMETER Server Specifies the vSphere Sso Admin Server on which you want to run the cmdlet. If not specified the servers available in $global:DefaultSsoAdminServers variable will be used. Updates LDAP Identity Source .EXAMPLE Updates certificate of a LDAP identity source Get-IdentitySource -External | Set-IdentitySource -Default #> [CmdletBinding()] param( [Parameter( Mandatory = $true, ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $false, HelpMessage = 'Identity source to update')] [ValidateNotNull()] [VMware.vSphere.SsoAdminClient.DataTypes.IdentitySource] $IdentitySource, [Parameter( Mandatory = $false, ValueFromPipeline = $false, ValueFromPipelineByPropertyName = $false, HelpMessage = 'Sets the Identity Source as default')] [Switch] $Default, [Parameter( Mandatory = $false, ValueFromPipeline = $false, ValueFromPipelineByPropertyName = $false, HelpMessage = 'Connected SsoAdminServer object')] [ValidateNotNull()] [VMware.vSphere.SsoAdminClient.DataTypes.SsoAdminServer] $Server) Process { $serversToProcess = $global:DefaultSsoAdminServers.ToArray() if ($null -ne $Server) { $serversToProcess = $Server } try { foreach ($connection in $serversToProcess) { if (-not $connection.IsConnected) { Write-Error "Server $connection is disconnected" continue } if ($Default) { $connection.Client.SetDefaultIdentitySource($IdentitySource.Name) } } } catch { Write-Error (FormatError $_.Exception) } } } function Get-IdentitySource { <# .NOTES =========================================================================== Created on: 11/26/2020 Created by: Dimitar Milov Twitter: @dimitar_milov Github: https://github.com/dmilov =========================================================================== .DESCRIPTION This function gets Identity Source. .PARAMETER Localos Filter parameter to return only the localos domain identity source .PARAMETER System Filter parameter to return only the system domain identity source .PARAMETER External Filter parameter to return only the external domain identity sources .PARAMETER Default Filter parameter to return only the default domain identity sources .PARAMETER Server Specifies the vSphere Sso Admin Server on which you want to run the cmdlet. If not specified the servers available in $global:DefaultSsoAdminServers variable will be used. .EXAMPLE Get-IdentitySource -External Gets all external domain identity source #> [CmdletBinding()] param( [Parameter( Mandatory = $false, ValueFromPipeline = $false, ValueFromPipelineByPropertyName = $false, HelpMessage = 'Returns only the localos domain identity source')] [Switch] $Localos, [Parameter( Mandatory = $false, ValueFromPipeline = $false, ValueFromPipelineByPropertyName = $false, HelpMessage = 'Returns only the system domain identity source')] [Switch] $System, [Parameter( Mandatory = $false, ValueFromPipeline = $false, ValueFromPipelineByPropertyName = $false, HelpMessage = 'Returns only the external domain identity sources')] [Switch] $External, [Parameter( Mandatory = $false, ValueFromPipeline = $false, ValueFromPipelineByPropertyName = $false, HelpMessage = 'Returns only the default domain identity sources')] [Switch] $Default, [Parameter( Mandatory = $false, ValueFromPipeline = $false, ValueFromPipelineByPropertyName = $false, HelpMessage = 'Connected SsoAdminServer object')] [ValidateNotNull()] [VMware.vSphere.SsoAdminClient.DataTypes.SsoAdminServer] $Server) $serversToProcess = $global:DefaultSsoAdminServers.ToArray() if ($Server -ne $null) { $serversToProcess = $Server } foreach ($connection in $serversToProcess) { if (-not $connection.IsConnected) { Write-Error "Server $connection is disconnected" continue } $resultIdentitySources = @() $allIdentitySources = $connection.Client.GetDomains() if (-not $Localos -and -not $System -and -not $External) { $resultIdentitySources = $allIdentitySources } if ($Localos) { $resultIdentitySources += $allIdentitySources | Where-Object { $_ -is [VMware.vSphere.SsoAdminClient.DataTypes.LocalOSIdentitySource] } } if ($System) { $resultIdentitySources += $allIdentitySources | Where-Object { $_ -is [VMware.vSphere.SsoAdminClient.DataTypes.SystemIdentitySource] } } if ($External) { $resultIdentitySources += $allIdentitySources | Where-Object { $_ -is [VMware.vSphere.SsoAdminClient.DataTypes.ActiveDirectoryIdentitySource] } } if ($Default) { $resultIdentitySources = @() $defaultDomainName = $connection.Client.GetDefaultIdentitySourceDomainName() $resultIdentitySources = $allIdentitySources | Where-Object { $_.Name -eq $defaultDomainName } } #Return result $resultIdentitySources } } function Remove-IdentitySource { <# .NOTES =========================================================================== Created on: 03/19/2021 Created by: Dimitar Milov Twitter: @dimitar_milov Github: https://github.com/dmilov =========================================================================== .DESCRIPTION This function removes Identity Source. .PARAMETER IdentitySource The identity source to remove .PARAMETER Server Specifies the vSphere Sso Admin Server on which you want to run the cmdlet. If not specified the servers available in $global:DefaultSsoAdminServers variable will be used. .EXAMPLE Get-IdentitySource -External | Remove-IdentitySource Removes all external domain identity source #> [CmdletBinding()] param( [Parameter( Mandatory = $true, ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $false, HelpMessage = 'Identity source to remove')] [ValidateNotNull()] [VMware.vSphere.SsoAdminClient.DataTypes.IdentitySource] $IdentitySource, [Parameter( Mandatory = $false, ValueFromPipeline = $false, ValueFromPipelineByPropertyName = $false, HelpMessage = 'Connected SsoAdminServer object')] [ValidateNotNull()] [VMware.vSphere.SsoAdminClient.DataTypes.SsoAdminServer] $Server) Process { $serversToProcess = $global:DefaultSsoAdminServers.ToArray() if ($Server -ne $null) { $serversToProcess = $Server } try { foreach ($connection in $serversToProcess) { if (-not $connection.IsConnected) { Write-Error "Server $connection is disconnected" continue } $connection.Client.DeleteDomain($IdentitySource.Name) } } catch { Write-Error (FormatError $_.Exception) } } } |