Implement update authentication credential for LDAP identity sources (#516)
Signed-off-by: Dimitar Milov <dmilov@vmware.com>
This commit is contained in:
dmilov
GitHub
@@ -216,6 +216,9 @@ function Add-LDAPIdentitySource {
|
|||||||
.PARAMETER Passowrd
|
.PARAMETER Passowrd
|
||||||
Domain authentication password
|
Domain authentication password
|
||||||
|
|
||||||
|
.PARAMETER Credential
|
||||||
|
Domain authentication credential
|
||||||
|
|
||||||
.PARAMETER ServerType
|
.PARAMETER ServerType
|
||||||
Type of the ExternalDomain, one of 'ActiveDirectory','OpenLdap','NIS'
|
Type of the ExternalDomain, one of 'ActiveDirectory','OpenLdap','NIS'
|
||||||
|
|
||||||
@@ -303,7 +306,8 @@ function Add-LDAPIdentitySource {
|
|||||||
Mandatory = $true,
|
Mandatory = $true,
|
||||||
ValueFromPipeline = $false,
|
ValueFromPipeline = $false,
|
||||||
ValueFromPipelineByPropertyName = $false,
|
ValueFromPipelineByPropertyName = $false,
|
||||||
HelpMessage = 'Domain authentication user name')]
|
HelpMessage = 'Domain authentication user name',
|
||||||
|
ParameterSetName = 'DomainAuthenticationPassword')]
|
||||||
[ValidateNotNull()]
|
[ValidateNotNull()]
|
||||||
[string]
|
[string]
|
||||||
$Username,
|
$Username,
|
||||||
@@ -312,11 +316,22 @@ function Add-LDAPIdentitySource {
|
|||||||
Mandatory = $true,
|
Mandatory = $true,
|
||||||
ValueFromPipeline = $false,
|
ValueFromPipeline = $false,
|
||||||
ValueFromPipelineByPropertyName = $false,
|
ValueFromPipelineByPropertyName = $false,
|
||||||
HelpMessage = 'Domain authentication password')]
|
HelpMessage = 'Domain authentication password',
|
||||||
|
ParameterSetName = 'DomainAuthenticationPassword')]
|
||||||
[ValidateNotNull()]
|
[ValidateNotNull()]
|
||||||
[string]
|
[VMware.vSphere.SsoAdmin.Utils.StringToSecureStringArgumentTransformationAttribute()]
|
||||||
|
[SecureString]
|
||||||
$Password,
|
$Password,
|
||||||
|
|
||||||
|
[Parameter(
|
||||||
|
Mandatory = $true,
|
||||||
|
ValueFromPipeline = $false,
|
||||||
|
ValueFromPipelineByPropertyName = $false,
|
||||||
|
HelpMessage = 'PSCredential object to use for authenticating with the LDAP',
|
||||||
|
ParameterSetName = 'DomainAuthenticationCredential')]
|
||||||
|
[PSCredential]
|
||||||
|
$Credential,
|
||||||
|
|
||||||
[Parameter(
|
[Parameter(
|
||||||
Mandatory = $false,
|
Mandatory = $false,
|
||||||
ValueFromPipeline = $false,
|
ValueFromPipeline = $false,
|
||||||
@@ -355,6 +370,16 @@ function Add-LDAPIdentitySource {
|
|||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$authenticationUserName = ""
|
||||||
|
$authenticationPassword = ""
|
||||||
|
if ($PSBoundParameters.ContainsKey('Credential')) {
|
||||||
|
$authenticationUserName = $Credential.UserName
|
||||||
|
$authenticationPassword = $Credential.Password
|
||||||
|
} else {
|
||||||
|
$authenticationUserName = $Username
|
||||||
|
$authenticationPassword = $Password
|
||||||
|
}
|
||||||
|
|
||||||
$connection.Client.AddLdapIdentitySource(
|
$connection.Client.AddLdapIdentitySource(
|
||||||
$DomainName,
|
$DomainName,
|
||||||
$DomainAlias,
|
$DomainAlias,
|
||||||
@@ -363,8 +388,8 @@ function Add-LDAPIdentitySource {
|
|||||||
$SecondaryUrl,
|
$SecondaryUrl,
|
||||||
$BaseDNUsers,
|
$BaseDNUsers,
|
||||||
$BaseDNGroups,
|
$BaseDNGroups,
|
||||||
$Username,
|
$authenticationUserName,
|
||||||
$Password,
|
$authenticationPassword,
|
||||||
$ServerType,
|
$ServerType,
|
||||||
$Certificates);
|
$Certificates);
|
||||||
}
|
}
|
||||||
@@ -392,6 +417,15 @@ function Set-LDAPIdentitySource {
|
|||||||
.PARAMETER Certificates
|
.PARAMETER Certificates
|
||||||
List of X509Certicate2 LDAP certificates
|
List of X509Certicate2 LDAP certificates
|
||||||
|
|
||||||
|
.PARAMETER Username
|
||||||
|
Domain authentication user name
|
||||||
|
|
||||||
|
.PARAMETER Passowrd
|
||||||
|
Domain authentication password
|
||||||
|
|
||||||
|
.PARAMETER Credential
|
||||||
|
Domain authentication credential
|
||||||
|
|
||||||
.PARAMETER Server
|
.PARAMETER Server
|
||||||
Specifies the vSphere Sso Admin Server on which you want to run the cmdlet.
|
Specifies the vSphere Sso Admin Server on which you want to run the cmdlet.
|
||||||
If not specified the servers available in $global:DefaultSsoAdminServers variable will be used.
|
If not specified the servers available in $global:DefaultSsoAdminServers variable will be used.
|
||||||
@@ -405,6 +439,15 @@ function Set-LDAPIdentitySource {
|
|||||||
Get-IdentitySource -External | `
|
Get-IdentitySource -External | `
|
||||||
Set-LDAPIdentitySource `
|
Set-LDAPIdentitySource `
|
||||||
-Certificates 'C:\Temp\test.cer'
|
-Certificates 'C:\Temp\test.cer'
|
||||||
|
|
||||||
|
.EXAMPLE
|
||||||
|
|
||||||
|
Updates certificate of a LDAP identity source authentication password
|
||||||
|
|
||||||
|
Get-IdentitySource -External | `
|
||||||
|
Set-LDAPIdentitySource `
|
||||||
|
-Username 'sofPowercliAdmin@sof-powercli.vmware.com' `
|
||||||
|
-Password '$up3R$Tr0Pa$$w0rD'
|
||||||
#>
|
#>
|
||||||
[CmdletBinding()]
|
[CmdletBinding()]
|
||||||
param(
|
param(
|
||||||
@@ -418,13 +461,44 @@ function Set-LDAPIdentitySource {
|
|||||||
$IdentitySource,
|
$IdentitySource,
|
||||||
|
|
||||||
[Parameter(
|
[Parameter(
|
||||||
Mandatory = $false,
|
Mandatory = $true,
|
||||||
ValueFromPipeline = $false,
|
ValueFromPipeline = $false,
|
||||||
ValueFromPipelineByPropertyName = $false,
|
ValueFromPipelineByPropertyName = $false,
|
||||||
HelpMessage = 'Ldap Certificates')]
|
HelpMessage = 'Ldap Certificates',
|
||||||
|
ParameterSetName = 'UpdateCertificates')]
|
||||||
[System.Security.Cryptography.X509Certificates.X509Certificate2[]]
|
[System.Security.Cryptography.X509Certificates.X509Certificate2[]]
|
||||||
$Certificates,
|
$Certificates,
|
||||||
|
|
||||||
|
[Parameter(
|
||||||
|
Mandatory = $true,
|
||||||
|
ValueFromPipeline = $false,
|
||||||
|
ValueFromPipelineByPropertyName = $false,
|
||||||
|
HelpMessage = 'Domain authentication user name',
|
||||||
|
ParameterSetName = 'DomainAuthenticationPassword')]
|
||||||
|
[ValidateNotNull()]
|
||||||
|
[string]
|
||||||
|
$Username,
|
||||||
|
|
||||||
|
[Parameter(
|
||||||
|
Mandatory = $true,
|
||||||
|
ValueFromPipeline = $false,
|
||||||
|
ValueFromPipelineByPropertyName = $false,
|
||||||
|
HelpMessage = 'Domain authentication password',
|
||||||
|
ParameterSetName = 'DomainAuthenticationPassword')]
|
||||||
|
[ValidateNotNull()]
|
||||||
|
[VMware.vSphere.SsoAdmin.Utils.StringToSecureStringArgumentTransformationAttribute()]
|
||||||
|
[SecureString]
|
||||||
|
$Password,
|
||||||
|
|
||||||
|
[Parameter(
|
||||||
|
Mandatory = $true,
|
||||||
|
ValueFromPipeline = $false,
|
||||||
|
ValueFromPipelineByPropertyName = $false,
|
||||||
|
HelpMessage = 'PSCredential object to use for authenticating with the LDAP',
|
||||||
|
ParameterSetName = 'DomainAuthenticationCredential')]
|
||||||
|
[PSCredential]
|
||||||
|
$Credential,
|
||||||
|
|
||||||
[Parameter(
|
[Parameter(
|
||||||
Mandatory = $false,
|
Mandatory = $false,
|
||||||
ValueFromPipeline = $false,
|
ValueFromPipeline = $false,
|
||||||
@@ -436,7 +510,7 @@ function Set-LDAPIdentitySource {
|
|||||||
|
|
||||||
Process {
|
Process {
|
||||||
$serversToProcess = $global:DefaultSsoAdminServers.ToArray()
|
$serversToProcess = $global:DefaultSsoAdminServers.ToArray()
|
||||||
if ($Server -ne $null) {
|
if ($null -ne $Server) {
|
||||||
$serversToProcess = $Server
|
$serversToProcess = $Server
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -447,14 +521,34 @@ function Set-LDAPIdentitySource {
|
|||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
||||||
$connection.Client.UpdateLdapIdentitySource(
|
if ($PSBoundParameters.ContainsKey('Certificates')) {
|
||||||
$IdentitySource.Name,
|
$connection.Client.UpdateLdapIdentitySource(
|
||||||
$IdentitySource.FriendlyName,
|
$IdentitySource.Name,
|
||||||
$IdentitySource.PrimaryUrl,
|
$IdentitySource.FriendlyName,
|
||||||
$IdentitySource.FailoverUrl,
|
$IdentitySource.PrimaryUrl,
|
||||||
$IdentitySource.UserBaseDN,
|
$IdentitySource.FailoverUrl,
|
||||||
$IdentitySource.GroupBaseDN,
|
$IdentitySource.UserBaseDN,
|
||||||
$Certificates);
|
$IdentitySource.GroupBaseDN,
|
||||||
|
$Certificates);
|
||||||
|
}
|
||||||
|
|
||||||
|
$authenticationUserName = $null
|
||||||
|
$authenticationPassword = $null
|
||||||
|
if ($PSBoundParameters.ContainsKey('Credential')) {
|
||||||
|
$authenticationUserName = $Credential.UserName
|
||||||
|
$authenticationPassword = $Credential.Password
|
||||||
|
}
|
||||||
|
if ($PSBoundParameters.ContainsKey('Password')) {
|
||||||
|
$authenticationUserName = $Username
|
||||||
|
$authenticationPassword = $Password
|
||||||
|
}
|
||||||
|
|
||||||
|
if ($null -ne $authenticationPassword) {
|
||||||
|
$connection.Client.UpdateLdapIdentitySourceAuthentication(
|
||||||
|
$IdentitySource.Name,
|
||||||
|
$authenticationUserName,
|
||||||
|
$authenticationPassword);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
catch {
|
catch {
|
||||||
|
|||||||
@@ -12,7 +12,7 @@
|
|||||||
RootModule = 'VMware.vSphere.SsoAdmin.psm1'
|
RootModule = 'VMware.vSphere.SsoAdmin.psm1'
|
||||||
|
|
||||||
# Version number of this module.
|
# Version number of this module.
|
||||||
ModuleVersion = '1.3.6'
|
ModuleVersion = '1.3.7'
|
||||||
|
|
||||||
# Supported PSEditions
|
# Supported PSEditions
|
||||||
# CompatiblePSEditions = @()
|
# CompatiblePSEditions = @()
|
||||||
|
|||||||
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
@@ -1113,7 +1113,7 @@ namespace VMware.vSphere.SsoAdminClient
|
|||||||
string baseDNUsers,
|
string baseDNUsers,
|
||||||
string baseDNGroups,
|
string baseDNGroups,
|
||||||
string authenticationUserName,
|
string authenticationUserName,
|
||||||
string authenticationPassword,
|
SecureString authenticationPassword,
|
||||||
string serverType,
|
string serverType,
|
||||||
X509Certificate2[] ldapCertificates)
|
X509Certificate2[] ldapCertificates)
|
||||||
{
|
{
|
||||||
@@ -1163,7 +1163,7 @@ namespace VMware.vSphere.SsoAdminClient
|
|||||||
new SsoAdminIdentitySourceManagementServiceAuthenticationCredentials
|
new SsoAdminIdentitySourceManagementServiceAuthenticationCredentials
|
||||||
{
|
{
|
||||||
username = authenticationUserName,
|
username = authenticationUserName,
|
||||||
password = authenticationPassword
|
password = SecureStringToString(authenticationPassword)
|
||||||
})).Wait();
|
})).Wait();
|
||||||
}
|
}
|
||||||
catch (AggregateException e)
|
catch (AggregateException e)
|
||||||
@@ -1227,6 +1227,40 @@ namespace VMware.vSphere.SsoAdminClient
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public void UpdateLdapIdentitySourceAuthentication(
|
||||||
|
string name,
|
||||||
|
string authenticationUserName,
|
||||||
|
SecureString authenticationPassword)
|
||||||
|
{
|
||||||
|
|
||||||
|
string authenticationType = "password";
|
||||||
|
var authorizedInvocationContext =
|
||||||
|
CreateAuthorizedInvocationContext();
|
||||||
|
|
||||||
|
try
|
||||||
|
{
|
||||||
|
authorizedInvocationContext.
|
||||||
|
InvokeOperation(() =>
|
||||||
|
_ssoAdminBindingClient.UpdateLdapAuthnTypeAsync(
|
||||||
|
new ManagedObjectReference
|
||||||
|
{
|
||||||
|
type = "SsoAdminIdentitySourceManagementService",
|
||||||
|
Value = "identitySourceManagementService"
|
||||||
|
},
|
||||||
|
name,
|
||||||
|
authenticationType,
|
||||||
|
new SsoAdminIdentitySourceManagementServiceAuthenticationCredentials
|
||||||
|
{
|
||||||
|
username = authenticationUserName,
|
||||||
|
password = SecureStringToString(authenticationPassword)
|
||||||
|
})).Wait();
|
||||||
|
}
|
||||||
|
catch (AggregateException e)
|
||||||
|
{
|
||||||
|
throw e.InnerException;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
public IEnumerable<IdentitySource> GetDomains()
|
public IEnumerable<IdentitySource> GetDomains()
|
||||||
{
|
{
|
||||||
var authorizedInvocationContext =
|
var authorizedInvocationContext =
|
||||||
|
|||||||
Reference in New Issue
Block a user