diff --git a/Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psd1 b/Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psd1 index c7691a0..464c642 100644 --- a/Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psd1 +++ b/Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psd1 @@ -34,7 +34,7 @@ RequiredModules = @( ) # Functions to export from this module -FunctionsToExport = @('Connect-SsoAdminServer', 'Disconnect-SsoAdminServer', 'New-SsoPersonUser', 'Get-SsoPersonUser', 'Set-SsoPersonUser', 'Remove-SsoPersonUser', 'Get-SsoGroup', 'Get-SsoPasswordPolicy', 'Set-SsoPasswordPolicy', 'Get-SsoLockoutPolicy', 'Set-SsoLockoutPolicy', 'Get-SsoTokenLifetime', 'Set-SsoTokenLifetime', 'Get-IdentitySource', 'Add-ActiveDirectoryIdentitySource', 'Add-LDAPIdentitySource') +FunctionsToExport = @('Connect-SsoAdminServer', 'Disconnect-SsoAdminServer', 'New-SsoPersonUser', 'Get-SsoPersonUser', 'Set-SsoPersonUser', 'Remove-SsoPersonUser', 'Get-SsoGroup', 'Get-SsoPasswordPolicy', 'Set-SsoPasswordPolicy', 'Get-SsoLockoutPolicy', 'Set-SsoLockoutPolicy', 'Get-SsoTokenLifetime', 'Set-SsoTokenLifetime', 'Get-IdentitySource', 'Add-ActiveDirectoryIdentitySource', 'Add-LDAPIdentitySource', 'Set-LDAPIdentitySource') # Cmdlets to export from this module CmdletsToExport = @() diff --git a/Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psm1 b/Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psm1 index 4df050e..a292824 100644 --- a/Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psm1 +++ b/Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psm1 @@ -1355,18 +1355,6 @@ function Add-ExternalDomainIdentitySource { -Username 'sofPowercliAdmin' ` -Password '$up3R$Tr0Pa$$w0rD' - .EXAMPLE - Add-ExternalDomainIdentitySource ` - -Name 'sof-powercli' ` - -DomainName 'sof-powercli.vmware.com' ` - -DomainAlias 'sof-powercli' ` - -PrimaryUrl 'ldap://sof-powercli.vmware.com:389' ` - -BaseDNUsers 'CN=Users,DC=sof-powercli,DC=vmware,DC=com' ` - -BaseDNGroups 'CN=Users,DC=sof-powercli,DC=vmware,DC=com' ` - -Username 'sofPowercliAdmin' ` - -Password '$up3R$Tr0Pa$$w0rD' ` - -ServerType 'ActiveDirectory' - Adds External Identity Source #> [CmdletBinding()] @@ -1499,7 +1487,7 @@ function Add-LDAPIdentitySource { This function adds LDAP Identity Source of ActiveDirectory, OpenLDAP or NIS type. .PARAMETER Name - Name of the identity source + Friendly name of the identity source .PARAMETER DomainName Domain name @@ -1533,6 +1521,18 @@ function Add-LDAPIdentitySource { If not specified the servers available in $global:DefaultSsoAdminServers variable will be used. Adds LDAP Identity Source + + .EXAMPLE + Add-LDAPIdentitySource ` + -Name 'sof-powercli' ` + -DomainName 'sof-powercli.vmware.com' ` + -DomainAlias 'sof-powercli' ` + -PrimaryUrl 'ldap://sof-powercli.vmware.com:389' ` + -BaseDNUsers 'CN=Users,DC=sof-powercli,DC=vmware,DC=com' ` + -BaseDNGroups 'CN=Users,DC=sof-powercli,DC=vmware,DC=com' ` + -Username 'sofPowercliAdmin@sof-powercli.vmware.com' ` + -Password '$up3R$Tr0Pa$$w0rD' ` + -Certificates 'C:\Temp\test.cer' #> [CmdletBinding()] param( @@ -1605,15 +1605,6 @@ function Add-LDAPIdentitySource { $Password, [Parameter( - Mandatory=$true, - ValueFromPipeline=$false, - ValueFromPipelineByPropertyName=$false, - HelpMessage='Ldap Server type')] - [ValidateSet('ActiveDirectory')] - [string] - $ServerType, - - [Parameter( Mandatory=$false, ValueFromPipeline=$false, ValueFromPipelineByPropertyName=$false, @@ -1621,6 +1612,15 @@ function Add-LDAPIdentitySource { [System.Security.Cryptography.X509Certificates.X509Certificate2[]] $Certificates, + [Parameter( + Mandatory=$false, + ValueFromPipeline=$false, + ValueFromPipelineByPropertyName=$false, + HelpMessage='Ldap Server type')] + [ValidateSet('ActiveDirectory')] + [string] + $ServerType = 'ActiveDirectory', + [Parameter( Mandatory=$false, ValueFromPipeline=$false, @@ -1659,6 +1659,93 @@ function Add-LDAPIdentitySource { } } +function Set-LDAPIdentitySource { +<# + .NOTES + =========================================================================== + Created on: 2/17/2021 + Created by: Dimitar Milov + Twitter: @dimitar_milov + Github: https://github.com/dmilov + =========================================================================== + .DESCRIPTION + This function adds LDAP Identity Source of ActiveDirectory, OpenLDAP or NIS type. + + .PARAMETER IdentitySource + Identity Source to update + + .PARAMETER Certificates + List of X509Certicate2 LDAP certificates + + .PARAMETER Server + Specifies the vSphere Sso Admin Server on which you want to run the cmdlet. + If not specified the servers available in $global:DefaultSsoAdminServers variable will be used. + + Updates LDAP Identity Source + + .EXAMPLE + + Updates certificate of a LDAP identity source + + Get-IdentitySource -External | ` + Set-LDAPIdentitySource ` + -Certificates 'C:\Temp\test.cer' +#> +[CmdletBinding()] + param( + [Parameter( + Mandatory=$true, + ValueFromPipeline=$true, + ValueFromPipelineByPropertyName=$false, + HelpMessage='Identity source to update')] + [ValidateNotNull()] + [VMware.vSphere.SsoAdminClient.DataTypes.ActiveDirectoryIdentitySource] + $IdentitySource, + + [Parameter( + Mandatory=$false, + ValueFromPipeline=$false, + ValueFromPipelineByPropertyName=$false, + HelpMessage='Ldap Certificates')] + [System.Security.Cryptography.X509Certificates.X509Certificate2[]] + $Certificates, + + [Parameter( + Mandatory=$false, + ValueFromPipeline=$false, + ValueFromPipelineByPropertyName=$false, + HelpMessage='Connected SsoAdminServer object')] + [ValidateNotNull()] + [VMware.vSphere.SsoAdminClient.DataTypes.SsoAdminServer] + $Server) + +Process { + $serversToProcess = $global:DefaultSsoAdminServers.ToArray() + if ($Server -ne $null) { + $serversToProcess = $Server + } + + try { + foreach ($connection in $serversToProcess) { + if (-not $connection.IsConnected) { + Write-Error "Server $connection is disconnected" + continue + } + + $connection.Client.UpdateLdapIdentitySource( + $IdentitySource.Name, + $IdentitySource.FriendlyName, + $IdentitySource.PrimaryUrl, + $IdentitySource.UserBaseDN, + $IdentitySource.GroupBaseDN, + $Certificates); + } + } catch { + Write-Error (FormatError $_.Exception) + } +} +} + function Get-IdentitySource { <# .NOTES diff --git a/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdmin.Utils.dll b/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdmin.Utils.dll index 62f6d27..885582d 100644 Binary files a/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdmin.Utils.dll and b/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdmin.Utils.dll differ diff --git a/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdminClient.dll b/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdminClient.dll index 489081c..3a302e2 100644 Binary files a/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdminClient.dll and b/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdminClient.dll differ diff --git a/Modules/VMware.vSphere.SsoAdmin/netcoreapp3.1/VMware.vSphere.SsoAdmin.Utils.dll b/Modules/VMware.vSphere.SsoAdmin/netcoreapp3.1/VMware.vSphere.SsoAdmin.Utils.dll index f14434c..afa1a0c 100644 Binary files a/Modules/VMware.vSphere.SsoAdmin/netcoreapp3.1/VMware.vSphere.SsoAdmin.Utils.dll and b/Modules/VMware.vSphere.SsoAdmin/netcoreapp3.1/VMware.vSphere.SsoAdmin.Utils.dll differ diff --git a/Modules/VMware.vSphere.SsoAdmin/netcoreapp3.1/VMware.vSphere.SsoAdminClient.dll b/Modules/VMware.vSphere.SsoAdmin/netcoreapp3.1/VMware.vSphere.SsoAdminClient.dll index bf3d0ee..1989553 100644 Binary files a/Modules/VMware.vSphere.SsoAdmin/netcoreapp3.1/VMware.vSphere.SsoAdminClient.dll and b/Modules/VMware.vSphere.SsoAdmin/netcoreapp3.1/VMware.vSphere.SsoAdminClient.dll differ diff --git a/Modules/VMware.vSphere.SsoAdmin/netcoreapp3.1/VMware.vSphere.SsoAdminClient.pdb b/Modules/VMware.vSphere.SsoAdmin/netcoreapp3.1/VMware.vSphere.SsoAdminClient.pdb new file mode 100644 index 0000000..d8ffd83 Binary files /dev/null and b/Modules/VMware.vSphere.SsoAdmin/netcoreapp3.1/VMware.vSphere.SsoAdminClient.pdb differ diff --git a/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/SsoAdminClient.cs b/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/SsoAdminClient.cs index 4500fea..9b071a6 100644 --- a/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/SsoAdminClient.cs +++ b/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/SsoAdminClient.cs @@ -714,6 +714,50 @@ namespace VMware.vSphere.SsoAdminClient } } + public void UpdateLdapIdentitySource( + string name, + string friendlyName, + string primaryUrl, + string baseDNUsers, + string baseDNGroups, + X509Certificate2[] ldapCertificates) { + + var authorizedInvocationContext = + CreateAuthorizedInvocationContext(); + + var adminLdapIdentitySourceDetails = new SsoAdminLdapIdentitySourceDetails { + friendlyName = friendlyName, + primaryUrl = primaryUrl, + userBaseDn = baseDNUsers, + groupBaseDn = baseDNGroups + }; + + if (ldapCertificates != null && ldapCertificates.Length > 0) { + var certificates = new List(); + foreach (var ldapCert in ldapCertificates) { + certificates.Add(Convert.ToBase64String(ldapCert.Export(X509ContentType.Cert), Base64FormattingOptions.InsertLineBreaks)); + } + + if (certificates.Count > 0) { + adminLdapIdentitySourceDetails.certificates = certificates.ToArray(); + } + } + + try { + authorizedInvocationContext. + InvokeOperation(() => + _ssoAdminBindingClient.UpdateLdapAsync( + new ManagedObjectReference { + type = "SsoAdminIdentitySourceManagementService", + Value = "identitySourceManagementService" + }, + name, + adminLdapIdentitySourceDetails)).Wait(); + } catch (AggregateException e) { + throw e.InnerException; + } + } + public IEnumerable GetDomains() { var authorizedInvocationContext = CreateAuthorizedInvocationContext();