diff --git a/Modules/VMware.vSphere.SsoAdmin/IdentitySource.ps1 b/Modules/VMware.vSphere.SsoAdmin/IdentitySource.ps1 index 2f83b76..9dbad38 100644 --- a/Modules/VMware.vSphere.SsoAdmin/IdentitySource.ps1 +++ b/Modules/VMware.vSphere.SsoAdmin/IdentitySource.ps1 @@ -216,6 +216,9 @@ function Add-LDAPIdentitySource { .PARAMETER Passowrd Domain authentication password + .PARAMETER Credential + Domain authentication credential + .PARAMETER ServerType Type of the ExternalDomain, one of 'ActiveDirectory','OpenLdap','NIS' @@ -303,7 +306,8 @@ function Add-LDAPIdentitySource { Mandatory = $true, ValueFromPipeline = $false, ValueFromPipelineByPropertyName = $false, - HelpMessage = 'Domain authentication user name')] + HelpMessage = 'Domain authentication user name', + ParameterSetName = 'DomainAuthenticationPassword')] [ValidateNotNull()] [string] $Username, @@ -312,11 +316,22 @@ function Add-LDAPIdentitySource { Mandatory = $true, ValueFromPipeline = $false, ValueFromPipelineByPropertyName = $false, - HelpMessage = 'Domain authentication password')] + HelpMessage = 'Domain authentication password', + ParameterSetName = 'DomainAuthenticationPassword')] [ValidateNotNull()] - [string] + [VMware.vSphere.SsoAdmin.Utils.StringToSecureStringArgumentTransformationAttribute()] + [SecureString] $Password, + [Parameter( + Mandatory = $true, + ValueFromPipeline = $false, + ValueFromPipelineByPropertyName = $false, + HelpMessage = 'PSCredential object to use for authenticating with the LDAP', + ParameterSetName = 'DomainAuthenticationCredential')] + [PSCredential] + $Credential, + [Parameter( Mandatory = $false, ValueFromPipeline = $false, @@ -355,6 +370,16 @@ function Add-LDAPIdentitySource { continue } + $authenticationUserName = "" + $authenticationPassword = "" + if ($PSBoundParameters.ContainsKey('Credential')) { + $authenticationUserName = $Credential.UserName + $authenticationPassword = $Credential.Password + } else { + $authenticationUserName = $Username + $authenticationPassword = $Password + } + $connection.Client.AddLdapIdentitySource( $DomainName, $DomainAlias, @@ -363,8 +388,8 @@ function Add-LDAPIdentitySource { $SecondaryUrl, $BaseDNUsers, $BaseDNGroups, - $Username, - $Password, + $authenticationUserName, + $authenticationPassword, $ServerType, $Certificates); } @@ -392,6 +417,15 @@ function Set-LDAPIdentitySource { .PARAMETER Certificates List of X509Certicate2 LDAP certificates + .PARAMETER Username + Domain authentication user name + + .PARAMETER Passowrd + Domain authentication password + + .PARAMETER Credential + Domain authentication credential + .PARAMETER Server Specifies the vSphere Sso Admin Server on which you want to run the cmdlet. If not specified the servers available in $global:DefaultSsoAdminServers variable will be used. @@ -405,6 +439,15 @@ function Set-LDAPIdentitySource { Get-IdentitySource -External | ` Set-LDAPIdentitySource ` -Certificates 'C:\Temp\test.cer' + + .EXAMPLE + + Updates certificate of a LDAP identity source authentication password + + Get-IdentitySource -External | ` + Set-LDAPIdentitySource ` + -Username 'sofPowercliAdmin@sof-powercli.vmware.com' ` + -Password '$up3R$Tr0Pa$$w0rD' #> [CmdletBinding()] param( @@ -418,13 +461,44 @@ function Set-LDAPIdentitySource { $IdentitySource, [Parameter( - Mandatory = $false, + Mandatory = $true, ValueFromPipeline = $false, ValueFromPipelineByPropertyName = $false, - HelpMessage = 'Ldap Certificates')] + HelpMessage = 'Ldap Certificates', + ParameterSetName = 'UpdateCertificates')] [System.Security.Cryptography.X509Certificates.X509Certificate2[]] $Certificates, + [Parameter( + Mandatory = $true, + ValueFromPipeline = $false, + ValueFromPipelineByPropertyName = $false, + HelpMessage = 'Domain authentication user name', + ParameterSetName = 'DomainAuthenticationPassword')] + [ValidateNotNull()] + [string] + $Username, + + [Parameter( + Mandatory = $true, + ValueFromPipeline = $false, + ValueFromPipelineByPropertyName = $false, + HelpMessage = 'Domain authentication password', + ParameterSetName = 'DomainAuthenticationPassword')] + [ValidateNotNull()] + [VMware.vSphere.SsoAdmin.Utils.StringToSecureStringArgumentTransformationAttribute()] + [SecureString] + $Password, + + [Parameter( + Mandatory = $true, + ValueFromPipeline = $false, + ValueFromPipelineByPropertyName = $false, + HelpMessage = 'PSCredential object to use for authenticating with the LDAP', + ParameterSetName = 'DomainAuthenticationCredential')] + [PSCredential] + $Credential, + [Parameter( Mandatory = $false, ValueFromPipeline = $false, @@ -436,7 +510,7 @@ function Set-LDAPIdentitySource { Process { $serversToProcess = $global:DefaultSsoAdminServers.ToArray() - if ($Server -ne $null) { + if ($null -ne $Server) { $serversToProcess = $Server } @@ -447,14 +521,34 @@ function Set-LDAPIdentitySource { continue } - $connection.Client.UpdateLdapIdentitySource( - $IdentitySource.Name, - $IdentitySource.FriendlyName, - $IdentitySource.PrimaryUrl, - $IdentitySource.FailoverUrl, - $IdentitySource.UserBaseDN, - $IdentitySource.GroupBaseDN, - $Certificates); + if ($PSBoundParameters.ContainsKey('Certificates')) { + $connection.Client.UpdateLdapIdentitySource( + $IdentitySource.Name, + $IdentitySource.FriendlyName, + $IdentitySource.PrimaryUrl, + $IdentitySource.FailoverUrl, + $IdentitySource.UserBaseDN, + $IdentitySource.GroupBaseDN, + $Certificates); + } + + $authenticationUserName = $null + $authenticationPassword = $null + if ($PSBoundParameters.ContainsKey('Credential')) { + $authenticationUserName = $Credential.UserName + $authenticationPassword = $Credential.Password + } + if ($PSBoundParameters.ContainsKey('Password')) { + $authenticationUserName = $Username + $authenticationPassword = $Password + } + + if ($null -ne $authenticationPassword) { + $connection.Client.UpdateLdapIdentitySourceAuthentication( + $IdentitySource.Name, + $authenticationUserName, + $authenticationPassword); + } } } catch { diff --git a/Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psd1 b/Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psd1 index 17eccd5..f9dbd9c 100644 --- a/Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psd1 +++ b/Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psd1 @@ -12,7 +12,7 @@ RootModule = 'VMware.vSphere.SsoAdmin.psm1' # Version number of this module. -ModuleVersion = '1.3.6' +ModuleVersion = '1.3.7' # Supported PSEditions # CompatiblePSEditions = @() diff --git a/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.LsClient.dll b/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.LsClient.dll index 65d1bad..5058ef5 100644 Binary files a/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.LsClient.dll and b/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.LsClient.dll differ diff --git a/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdmin.Utils.dll b/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdmin.Utils.dll index db5e649..3f0ed2e 100644 Binary files a/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdmin.Utils.dll and b/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdmin.Utils.dll differ diff --git a/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdminClient.dll b/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdminClient.dll index 3ba81f1..96edd72 100644 Binary files a/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdminClient.dll and b/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdminClient.dll differ diff --git a/Modules/VMware.vSphere.SsoAdmin/netcoreapp3.1/VMware.vSphere.LsClient.dll b/Modules/VMware.vSphere.SsoAdmin/netcoreapp3.1/VMware.vSphere.LsClient.dll index 783c77f..74d57a7 100644 Binary files a/Modules/VMware.vSphere.SsoAdmin/netcoreapp3.1/VMware.vSphere.LsClient.dll and b/Modules/VMware.vSphere.SsoAdmin/netcoreapp3.1/VMware.vSphere.LsClient.dll differ diff --git a/Modules/VMware.vSphere.SsoAdmin/netcoreapp3.1/VMware.vSphere.SsoAdmin.Utils.dll b/Modules/VMware.vSphere.SsoAdmin/netcoreapp3.1/VMware.vSphere.SsoAdmin.Utils.dll index 69ff0cd..5c7af12 100644 Binary files a/Modules/VMware.vSphere.SsoAdmin/netcoreapp3.1/VMware.vSphere.SsoAdmin.Utils.dll and b/Modules/VMware.vSphere.SsoAdmin/netcoreapp3.1/VMware.vSphere.SsoAdmin.Utils.dll differ diff --git a/Modules/VMware.vSphere.SsoAdmin/netcoreapp3.1/VMware.vSphere.SsoAdminClient.dll b/Modules/VMware.vSphere.SsoAdmin/netcoreapp3.1/VMware.vSphere.SsoAdminClient.dll index 89f310d..c42029d 100644 Binary files a/Modules/VMware.vSphere.SsoAdmin/netcoreapp3.1/VMware.vSphere.SsoAdminClient.dll and b/Modules/VMware.vSphere.SsoAdmin/netcoreapp3.1/VMware.vSphere.SsoAdminClient.dll differ diff --git a/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/SsoAdminClient.cs b/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/SsoAdminClient.cs index c625155..288acc3 100644 --- a/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/SsoAdminClient.cs +++ b/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/SsoAdminClient.cs @@ -1113,7 +1113,7 @@ namespace VMware.vSphere.SsoAdminClient string baseDNUsers, string baseDNGroups, string authenticationUserName, - string authenticationPassword, + SecureString authenticationPassword, string serverType, X509Certificate2[] ldapCertificates) { @@ -1163,7 +1163,7 @@ namespace VMware.vSphere.SsoAdminClient new SsoAdminIdentitySourceManagementServiceAuthenticationCredentials { username = authenticationUserName, - password = authenticationPassword + password = SecureStringToString(authenticationPassword) })).Wait(); } catch (AggregateException e) @@ -1227,6 +1227,40 @@ namespace VMware.vSphere.SsoAdminClient } } + public void UpdateLdapIdentitySourceAuthentication( + string name, + string authenticationUserName, + SecureString authenticationPassword) + { + + string authenticationType = "password"; + var authorizedInvocationContext = + CreateAuthorizedInvocationContext(); + + try + { + authorizedInvocationContext. + InvokeOperation(() => + _ssoAdminBindingClient.UpdateLdapAuthnTypeAsync( + new ManagedObjectReference + { + type = "SsoAdminIdentitySourceManagementService", + Value = "identitySourceManagementService" + }, + name, + authenticationType, + new SsoAdminIdentitySourceManagementServiceAuthenticationCredentials + { + username = authenticationUserName, + password = SecureStringToString(authenticationPassword) + })).Wait(); + } + catch (AggregateException e) + { + throw e.InnerException; + } + } + public IEnumerable GetDomains() { var authorizedInvocationContext =