Add Set-LdapIdentitySource functionality

2021-02-17 10:10:39 +02:00
parent fa518f99ee
commit 16b3a0fe05
8 changed files with 154 additions and 23 deletions
--- a/Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psd1
+++ b/Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psd1
@@ -34,7 +34,7 @@ RequiredModules = @(
 )

 # Functions to export from this module
-FunctionsToExport = @('Connect-SsoAdminServer', 'Disconnect-SsoAdminServer', 'New-SsoPersonUser', 'Get-SsoPersonUser', 'Set-SsoPersonUser', 'Remove-SsoPersonUser', 'Get-SsoGroup', 'Get-SsoPasswordPolicy', 'Set-SsoPasswordPolicy', 'Get-SsoLockoutPolicy', 'Set-SsoLockoutPolicy', 'Get-SsoTokenLifetime', 'Set-SsoTokenLifetime', 'Get-IdentitySource', 'Add-ActiveDirectoryIdentitySource', 'Add-LDAPIdentitySource')
+FunctionsToExport = @('Connect-SsoAdminServer', 'Disconnect-SsoAdminServer', 'New-SsoPersonUser', 'Get-SsoPersonUser', 'Set-SsoPersonUser', 'Remove-SsoPersonUser', 'Get-SsoGroup', 'Get-SsoPasswordPolicy', 'Set-SsoPasswordPolicy', 'Get-SsoLockoutPolicy', 'Set-SsoLockoutPolicy', 'Get-SsoTokenLifetime', 'Set-SsoTokenLifetime', 'Get-IdentitySource', 'Add-ActiveDirectoryIdentitySource', 'Add-LDAPIdentitySource', 'Set-LDAPIdentitySource')

 # Cmdlets to export from this module
 CmdletsToExport = @()
--- a/Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psm1
+++ b/Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psm1
@@ -1355,18 +1355,6 @@ function Add-ExternalDomainIdentitySource {
      -Username 'sofPowercliAdmin' `
      -Password '$up3R$Tr0Pa$$w0rD'

-    .EXAMPLE
-   Add-ExternalDomainIdentitySource `
-      -Name 'sof-powercli' `
-      -DomainName 'sof-powercli.vmware.com' `
-      -DomainAlias 'sof-powercli' `
-      -PrimaryUrl 'ldap://sof-powercli.vmware.com:389' `
-      -BaseDNUsers 'CN=Users,DC=sof-powercli,DC=vmware,DC=com' `
-      -BaseDNGroups 'CN=Users,DC=sof-powercli,DC=vmware,DC=com' `
-      -Username 'sofPowercliAdmin' `
-      -Password '$up3R$Tr0Pa$$w0rD' `
-      -ServerType 'ActiveDirectory'
-
   Adds External Identity Source
 #>
 [CmdletBinding()]
@@ -1499,7 +1487,7 @@ function Add-LDAPIdentitySource {
   This function adds LDAP Identity Source of ActiveDirectory, OpenLDAP or NIS type.

   .PARAMETER Name
-   Name of the identity source
+   Friendly name of the identity source

   .PARAMETER DomainName
   Domain name
@@ -1533,6 +1521,18 @@ function Add-LDAPIdentitySource {
   If not specified the servers available in $global:DefaultSsoAdminServers variable will be used.

   Adds LDAP Identity Source
+
+   .EXAMPLE
+   Add-LDAPIdentitySource `
+      -Name 'sof-powercli' `
+      -DomainName 'sof-powercli.vmware.com' `
+      -DomainAlias 'sof-powercli' `
+      -PrimaryUrl 'ldap://sof-powercli.vmware.com:389' `
+      -BaseDNUsers 'CN=Users,DC=sof-powercli,DC=vmware,DC=com' `
+      -BaseDNGroups 'CN=Users,DC=sof-powercli,DC=vmware,DC=com' `
+      -Username 'sofPowercliAdmin@sof-powercli.vmware.com' `
+      -Password '$up3R$Tr0Pa$$w0rD' `
+      -Certificates 'C:\Temp\test.cer'
 #>
 [CmdletBinding()]
 param(
@@ -1605,15 +1605,6 @@ function Add-LDAPIdentitySource {
   $Password,

   [Parameter(
-      Mandatory=$true,
-      ValueFromPipeline=$false,
-      ValueFromPipelineByPropertyName=$false,
-      HelpMessage='Ldap Server type')]
-   [ValidateSet('ActiveDirectory')]
-   [string]
-   $ServerType,
-
-    [Parameter(
      Mandatory=$false,
      ValueFromPipeline=$false,
      ValueFromPipelineByPropertyName=$false,
@@ -1621,6 +1612,15 @@ function Add-LDAPIdentitySource {
   [System.Security.Cryptography.X509Certificates.X509Certificate2[]]
   $Certificates,

+   [Parameter(
+      Mandatory=$false,
+      ValueFromPipeline=$false,
+      ValueFromPipelineByPropertyName=$false,
+      HelpMessage='Ldap Server type')]
+   [ValidateSet('ActiveDirectory')]
+   [string]
+   $ServerType = 'ActiveDirectory',
+
   [Parameter(
      Mandatory=$false,
      ValueFromPipeline=$false,
@@ -1659,6 +1659,93 @@ function Add-LDAPIdentitySource {
   }
 }

+function Set-LDAPIdentitySource {
+<#
+   .NOTES
+   ===========================================================================
+   Created on:   	2/17/2021
+   Created by:   	Dimitar Milov
+    Twitter:       @dimitar_milov
+    Github:        https://github.com/dmilov
+   ===========================================================================
+   .DESCRIPTION
+   This function adds LDAP Identity Source of ActiveDirectory, OpenLDAP or NIS type.
+
+   .PARAMETER IdentitySource
+   Identity Source to update
+
+   .PARAMETER Certificates
+   List of X509Certicate2 LDAP certificates
+
+   .PARAMETER Server
+   Specifies the vSphere Sso Admin Server on which you want to run the cmdlet.
+   If not specified the servers available in $global:DefaultSsoAdminServers variable will be used.
+
+   Updates LDAP Identity Source
+
+   .EXAMPLE
+
+   Updates certificate of a LDAP identity source
+
+   Get-IdentitySource -External | `
+   Set-LDAPIdentitySource `
+      -Certificates 'C:\Temp\test.cer'
+#>
+[CmdletBinding()]
+ param(
+   [Parameter(
+      Mandatory=$true,
+      ValueFromPipeline=$true,
+      ValueFromPipelineByPropertyName=$false,
+      HelpMessage='Identity source to update')]
+   [ValidateNotNull()]
+   [VMware.vSphere.SsoAdminClient.DataTypes.ActiveDirectoryIdentitySource]
+   $IdentitySource,
+
+   [Parameter(
+      Mandatory=$false,
+      ValueFromPipeline=$false,
+      ValueFromPipelineByPropertyName=$false,
+      HelpMessage='Ldap Certificates')]
+   [System.Security.Cryptography.X509Certificates.X509Certificate2[]]
+   $Certificates,
+
+   [Parameter(
+      Mandatory=$false,
+      ValueFromPipeline=$false,
+      ValueFromPipelineByPropertyName=$false,
+      HelpMessage='Connected SsoAdminServer object')]
+   [ValidateNotNull()]
+   [VMware.vSphere.SsoAdminClient.DataTypes.SsoAdminServer]
+   $Server)
+
+Process {
+   $serversToProcess = $global:DefaultSsoAdminServers.ToArray()
+   if ($Server -ne $null) {
+      $serversToProcess = $Server
+   }
+
+   try {
+      foreach ($connection in $serversToProcess) {
+         if (-not $connection.IsConnected) {
+            Write-Error "Server $connection is disconnected"
+            continue
+         }
+
+         $connection.Client.UpdateLdapIdentitySource(
+            $IdentitySource.Name,
+            $IdentitySource.FriendlyName,
+            $IdentitySource.PrimaryUrl,
+            $IdentitySource.UserBaseDN,
+            $IdentitySource.GroupBaseDN,
+            $Certificates);
+      }
+   } catch {
+      Write-Error (FormatError $_.Exception)
+   }
+}
+}
+
 function Get-IdentitySource {
 <#
   .NOTES
--- a/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdmin.Utils.dll
+++ b/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdmin.Utils.dll
--- a/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdminClient.dll
+++ b/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdminClient.dll
--- a/Modules/VMware.vSphere.SsoAdmin/netcoreapp3.1/VMware.vSphere.SsoAdmin.Utils.dll
+++ b/Modules/VMware.vSphere.SsoAdmin/netcoreapp3.1/VMware.vSphere.SsoAdmin.Utils.dll
--- a/Modules/VMware.vSphere.SsoAdmin/netcoreapp3.1/VMware.vSphere.SsoAdminClient.dll
+++ b/Modules/VMware.vSphere.SsoAdmin/netcoreapp3.1/VMware.vSphere.SsoAdminClient.dll
--- a/Modules/VMware.vSphere.SsoAdmin/netcoreapp3.1/VMware.vSphere.SsoAdminClient.pdb
+++ b/Modules/VMware.vSphere.SsoAdmin/netcoreapp3.1/VMware.vSphere.SsoAdminClient.pdb
--- a/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/SsoAdminClient.cs
+++ b/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/SsoAdminClient.cs
@@ -714,6 +714,50 @@ namespace VMware.vSphere.SsoAdminClient
         }
      }

+      public void UpdateLdapIdentitySource(
+         string name,         
+         string friendlyName,
+         string primaryUrl,
+         string baseDNUsers,
+         string baseDNGroups,         
+         X509Certificate2[] ldapCertificates) {
+                  
+         var authorizedInvocationContext =
+            CreateAuthorizedInvocationContext();
+
+         var adminLdapIdentitySourceDetails = new SsoAdminLdapIdentitySourceDetails {
+            friendlyName = friendlyName,
+            primaryUrl = primaryUrl,
+            userBaseDn = baseDNUsers,
+            groupBaseDn = baseDNGroups
+         };
+
+         if (ldapCertificates != null && ldapCertificates.Length > 0) {
+            var certificates = new List<string>();
+            foreach (var ldapCert in ldapCertificates) {
+               certificates.Add(Convert.ToBase64String(ldapCert.Export(X509ContentType.Cert), Base64FormattingOptions.InsertLineBreaks));
+            }
+
+            if (certificates.Count > 0) {
+               adminLdapIdentitySourceDetails.certificates = certificates.ToArray();
+            }
+         }
+
+         try {
+            authorizedInvocationContext.
+            InvokeOperation(() =>
+               _ssoAdminBindingClient.UpdateLdapAsync(
+                  new ManagedObjectReference {
+                     type = "SsoAdminIdentitySourceManagementService",
+                     Value = "identitySourceManagementService"
+                  },
+                  name,
+                  adminLdapIdentitySourceDetails)).Wait();
+         } catch (AggregateException e) {
+            throw e.InnerException;
+         }
+      }
+
      public IEnumerable<IdentitySource> GetDomains() {
         var authorizedInvocationContext =
            CreateAuthorizedInvocationContext();