Implement Add-LDAPIdentitySource

Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psd1

@@ -11,7 +11,7 @@
 RootModule = 'VMware.vSphere.SsoAdmin.psm1'
 
 # Version number of this module.
-ModuleVersion = '1.1.0'
+ModuleVersion = '1.2.0'
 
 # ID used to uniquely identify this module
 GUID = 'b3e25326-e809-4d68-a252-ca5fcaf1eb8b'
@@ -34,7 +34,7 @@ RequiredModules = @(
 )
 
 # Functions to export from this module
-FunctionsToExport = @('Connect-SsoAdminServer', 'Disconnect-SsoAdminServer', 'New-SsoPersonUser', 'Get-SsoPersonUser', 'Set-SsoPersonUser', 'Remove-SsoPersonUser', 'Get-SsoGroup', 'Get-SsoPasswordPolicy', 'Set-SsoPasswordPolicy', 'Get-SsoLockoutPolicy', 'Set-SsoLockoutPolicy', 'Get-SsoTokenLifetime', 'Set-SsoTokenLifetime', 'Add-ExternalDomainIdentitySource', 'Get-IdentitySource')
+FunctionsToExport = @('Connect-SsoAdminServer', 'Disconnect-SsoAdminServer', 'New-SsoPersonUser', 'Get-SsoPersonUser', 'Set-SsoPersonUser', 'Remove-SsoPersonUser', 'Get-SsoGroup', 'Get-SsoPasswordPolicy', 'Set-SsoPasswordPolicy', 'Get-SsoLockoutPolicy', 'Set-SsoLockoutPolicy', 'Get-SsoTokenLifetime', 'Set-SsoTokenLifetime', 'Get-IdentitySource', 'Add-ActiveDirectoryIdentitySource', 'Add-LDAPIdentitySource')
 
 # Cmdlets to export from this module
 CmdletsToExport = @()

Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psm1

@@ -1337,9 +1337,8 @@ function Add-ExternalDomainIdentitySource {
    .PARAMETER Passowrd
    Domain authentication password
 
-   .PARAMETER Server
-   Specifies the vSphere Sso Admin Server on which you want to run the cmdlet.
-   If not specified the servers available in $global:DefaultSsoAdminServers variable will be used.
+   .PARAMETER DomainServerType
+   Type of the ExternalDomain, one of 'ActiveDirectory','OpenLdap','NIS'
 
    .PARAMETER Server
    Specifies the vSphere Sso Admin Server on which you want to run the cmdlet.
@@ -1487,6 +1486,179 @@ function Add-ExternalDomainIdentitySource {
    }
 }
 
+function Add-LDAPIdentitySource {
+<#
+   .NOTES
+   ===========================================================================
+   Created on:   	2/11/2021
+   Created by:   	Dimitar Milov
+    Twitter:       @dimitar_milov
+    Github:        https://github.com/dmilov
+   ===========================================================================
+   .DESCRIPTION
+   This function adds LDAP Identity Source of ActiveDirectory, OpenLDAP or NIS type.
+
+   .PARAMETER Name
+   Name of the identity source
+
+   .PARAMETER DomainName
+   Domain name
+
+   .PARAMETER DomainAlias
+   Domain alias
+
+   .PARAMETER PrimaryUrl
+   Primary Server URL
+
+   .PARAMETER BaseDNUsers
+   Base distinguished name for users
+
+   .PARAMETER BaseDNGroups
+   Base distinguished name for groups
+
+   .PARAMETER Username
+   Domain authentication user name
+
+   .PARAMETER Passowrd
+   Domain authentication password
+   
+   .PARAMETER ServerType
+   Type of the ExternalDomain, one of 'ActiveDirectory','OpenLdap','NIS'
+   
+   .PARAMETER Certificates
+   List of X509Certicate2 LDAP certificates
+
+   .PARAMETER Server
+   Specifies the vSphere Sso Admin Server on which you want to run the cmdlet.
+   If not specified the servers available in $global:DefaultSsoAdminServers variable will be used.
+   
+   Adds LDAP Identity Source
+#>
+[CmdletBinding()]
+ param(
+   [Parameter(
+      Mandatory=$true,
+      ValueFromPipeline=$false,
+      ValueFromPipelineByPropertyName=$false,
+      HelpMessage='Friendly name of the identity source')]
+   [ValidateNotNull()]
+   [string]
+   $Name,
+
+   [Parameter(
+      Mandatory=$true,
+      ValueFromPipeline=$false,
+      ValueFromPipelineByPropertyName=$false)]
+   [ValidateNotNull()]
+   [string]
+   $DomainName,
+
+   [Parameter(
+      Mandatory=$false,
+      ValueFromPipeline=$false,
+      ValueFromPipelineByPropertyName=$false)]
+   [string]
+   $DomainAlias,
+
+   [Parameter(
+      Mandatory=$true,
+      ValueFromPipeline=$false,
+      ValueFromPipelineByPropertyName=$false)]
+   [ValidateNotNull()]
+   [string]
+   $PrimaryUrl,
+
+   [Parameter(
+      Mandatory=$true,
+      ValueFromPipeline=$false,
+      ValueFromPipelineByPropertyName=$false,
+      HelpMessage='Base distinguished name for users')]
+   [ValidateNotNull()]
+   [string]
+   $BaseDNUsers,
+
+   [Parameter(
+      Mandatory=$true,
+      ValueFromPipeline=$false,
+      ValueFromPipelineByPropertyName=$false,
+      HelpMessage='Base distinguished name for groups')]
+   [ValidateNotNull()]
+   [string]
+   $BaseDNGroups,
+
+   [Parameter(
+      Mandatory=$true,
+      ValueFromPipeline=$false,
+      ValueFromPipelineByPropertyName=$false,
+      HelpMessage='Domain authentication user name')]
+   [ValidateNotNull()]
+   [string]
+   $Username,
+
+   [Parameter(
+      Mandatory=$true,
+      ValueFromPipeline=$false,
+      ValueFromPipelineByPropertyName=$false,
+      HelpMessage='Domain authentication password')]
+   [ValidateNotNull()]
+   [string]
+   $Password,
+
+   [Parameter(
+      Mandatory=$true,
+      ValueFromPipeline=$false,
+      ValueFromPipelineByPropertyName=$false,
+      HelpMessage='Ldap Server type')]
+   [ValidateSet('ActiveDirectory','OpenLdap','NIS')]
+   [string]
+   $ServerType,
+   
+    [Parameter(
+      Mandatory=$false,
+      ValueFromPipeline=$false,
+      ValueFromPipelineByPropertyName=$false,
+      HelpMessage='Ldap Certificates')]   
+   [System.Security.Cryptography.X509Certificates.X509Certificate2[]]
+   $Certificates,
+
+   [Parameter(
+      Mandatory=$false,
+      ValueFromPipeline=$false,
+      ValueFromPipelineByPropertyName=$false,
+      HelpMessage='Connected SsoAdminServer object')]
+   [ValidateNotNull()]
+   [VMware.vSphere.SsoAdminClient.DataTypes.SsoAdminServer]
+   $Server)
+
+   $serversToProcess = $global:DefaultSsoAdminServers.ToArray()
+   if ($Server -ne $null) {
+      $serversToProcess = $Server
+   }
+
+   try {
+      foreach ($connection in $serversToProcess) {
+         if (-not $connection.IsConnected) {
+            Write-Error "Server $connection is disconnected"
+            continue
+         }
+
+         $connection.Client.AddLdapIdentitySource(
+            $DomainName,
+            $DomainAlias,
+            $Name,
+            $PrimaryUrl,
+            $BaseDNUsers,
+            $BaseDNGroups,
+            $Username,
+            $Password,
+            $ServerType,
+            $Certificates);
+      }
+   } catch {
+      Write-Error (FormatError $_.Exception)
+   }
+}
+
 function Get-IdentitySource {
 <#
    .NOTES

Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/SsoAdminClient.cs

@@ -7,6 +7,7 @@ using System.Collections.Generic;
 using System.IdentityModel.Selectors;
 using System.Runtime.InteropServices.WindowsRuntime;
 using System.Security;
+using System.Security.Cryptography.X509Certificates;
 using System.ServiceModel;
 using System.ServiceModel.Channels;
 using System.ServiceModel.Security;
@@ -16,7 +17,7 @@ using VMware.Binding.WsTrust;
 using VMware.Binding.WsTrust.SecurityContext;
 using VMware.vSphere.LsClient;
 using VMware.vSphere.SsoAdminClient.DataTypes;
-using VMware.vSphere.SsoAdminClient.SsoAdminServiceReferencer;
+using VMware.vSphere.SsoAdminClient.SsoAdminServiceReference2;
 
 namespace VMware.vSphere.SsoAdminClient
 {
@@ -657,6 +658,59 @@ namespace VMware.vSphere.SsoAdminClient
                })).Wait();
       }
 
+      public void AddLdapIdentitySource(
+         string domainName,
+         string domainAlias,
+         string friendlyName,
+         string primaryUrl,
+         string baseDNUsers,
+         string baseDNGroups,
+         string authenticationUserName,
+         string authenticationPassword,
+         string serverType,
+         X509Certificate2[] ldapCertificates) {
+
+         string authenticationType = "password";
+         var authorizedInvocationContext =
+            CreateAuthorizedInvocationContext();
+
+         var adminLdapIdentitySourceDetails = new SsoAdminLdapIdentitySourceDetails {
+            friendlyName = friendlyName,
+            primaryUrl = primaryUrl,
+            userBaseDn = baseDNUsers,
+            groupBaseDn = baseDNGroups
+         };
+
+         if (ldapCertificates != null && ldapCertificates.Length > 0) {
+            var certificates = new List<string>();
+            foreach (var ldapCert in ldapCertificates) {
+               if (ldapCert != null) {
+                  certificates.Add(ldapCert.ToString());
+               }  
+            }
+            if (certificates.Count > 0) {
+               adminLdapIdentitySourceDetails.certificates = certificates.ToArray();
+            }
+         }
+
+         authorizedInvocationContext.
+         InvokeOperation(() =>
+            _ssoAdminBindingClient.RegisterLdapAsync(
+               new ManagedObjectReference {
+                  type = "SsoAdminDomainManagementService",
+                  Value = "domainManagementService"
+               },
+               serverType,
+               domainName,
+               domainAlias,
+               adminLdapIdentitySourceDetails,
+               authenticationType,
+               new SsoAdminIdentitySourceManagementServiceAuthenticationCredentials {
+                  username = authenticationUserName,
+                  password = authenticationPassword
+               })).Wait();
+      }
+
       public IEnumerable<IdentitySource> GetDomains() {
          var authorizedInvocationContext =
             CreateAuthorizedInvocationContext();