voltron/PowerCLI-Example-Scripts
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
dbd5f7e90745cea78aed2214be991940086ce25c
PowerCLI-Example-Scripts/Modules/VMware.vSphere.SsoAdmin/IdentitySource.ps1
Benjamin SAIZ dbd5f7e907 allow OpenLdap identity source creation 
Signed-off-by: Benjamin Saiz <benj.saiz@gmail.com>
2022-06-29 11:12:31 +02:00

873 lines
27 KiB
PowerShell
Raw Blame History

<#
Copyright 2021 VMware, Inc.
SPDX-License-Identifier: BSD-2-Clause
#>
function Add-ExternalDomainIdentitySource {
<#
.NOTES
===========================================================================
Created on: 2/11/2021
Created by: Dimitar Milov
Twitter: @dimitar_milov
Github: https://github.com/dmilov
===========================================================================
.DESCRIPTION
This function adds Identity Source of ActiveDirectory, OpenLDAP or NIS type.
.PARAMETER Name
Name of the identity source
.PARAMETER DomainName
Domain name
.PARAMETER DomainAlias
Domain alias
.PARAMETER PrimaryUrl
Primary Server URL
.PARAMETER BaseDNUsers
Base distinguished name for users
.PARAMETER BaseDNGroups
Base distinguished name for groups
.PARAMETER Username
Domain authentication user name
.PARAMETER Passowrd
Domain authentication password
.PARAMETER DomainServerType
Type of the ExternalDomain, one of 'ActiveDirectory','OpenLdap','NIS'
.PARAMETER Default
Sets the Identity Source as the defualt for the SSO
.PARAMETER Server
Specifies the vSphere Sso Admin Server on which you want to run the cmdlet.
If not specified the servers available in $global:DefaultSsoAdminServers variable will be used.
.EXAMPLE
Add-ExternalDomainIdentitySource `
-Name 'sof-powercli' `
-DomainName 'sof-powercli.vmware.com' `
-DomainAlias 'sof-powercli' `
-PrimaryUrl 'ldap://sof-powercli.vmware.com:389' `
-BaseDNUsers 'CN=Users,DC=sof-powercli,DC=vmware,DC=com' `
-BaseDNGroups 'CN=Users,DC=sof-powercli,DC=vmware,DC=com' `
-Username 'sofPowercliAdmin' `
-Password '$up3R$Tr0Pa$$w0rD'
Adds External Identity Source
#>
[CmdletBinding()]
[Alias("Add-ActiveDirectoryIdentitySource")]
param(
[Parameter(
Mandatory = $true,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'Friendly name of the identity source')]
[ValidateNotNull()]
[string]
$Name,
[Parameter(
Mandatory = $true,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false)]
[ValidateNotNull()]
[string]
$DomainName,
[Parameter(
Mandatory = $false,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false)]
[string]
$DomainAlias,
[Parameter(
Mandatory = $true,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false)]
[ValidateNotNull()]
[string]
$PrimaryUrl,
[Parameter(
Mandatory = $true,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'Base distinguished name for users')]
[ValidateNotNull()]
[string]
$BaseDNUsers,
[Parameter(
Mandatory = $true,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'Base distinguished name for groups')]
[ValidateNotNull()]
[string]
$BaseDNGroups,
[Parameter(
Mandatory = $true,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'Domain authentication user name')]
[ValidateNotNull()]
[string]
$Username,
[Parameter(
Mandatory = $true,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'Domain authentication password')]
[ValidateNotNull()]
[string]
$Password,
[Parameter(
Mandatory = $false,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'External domain server type')]
[ValidateSet('ActiveDirectory')]
[string]
$DomainServerType = 'ActiveDirectory',
[Parameter(
Mandatory = $false,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'Sets the Identity Source as default')]
[Switch]
$Default,
[Parameter(
Mandatory = $false,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'Connected SsoAdminServer object')]
[ValidateNotNull()]
[VMware.vSphere.SsoAdminClient.DataTypes.SsoAdminServer]
$Server)
$serversToProcess = $global:DefaultSsoAdminServers.ToArray()
if ($Server -ne $null) {
$serversToProcess = $Server
}
try {
foreach ($connection in $serversToProcess) {
if (-not $connection.IsConnected) {
Write-Error "Server $connection is disconnected"
continue
}
$connection.Client.AddActiveDirectoryExternalDomain(
$DomainName,
$DomainAlias,
$Name,
$PrimaryUrl,
$BaseDNUsers,
$BaseDNGroups,
$Username,
$Password,
$DomainServerType);
if ($Default) {
$connection.Client.SetDefaultIdentitySource($Name)
}
}
}
catch {
Write-Error (FormatError $_.Exception)
}
}
function Add-LDAPIdentitySource {
<#
.NOTES
===========================================================================
Created on: 2/11/2021
Created by: Dimitar Milov
Twitter: @dimitar_milov
Github: https://github.com/dmilov
===========================================================================
.DESCRIPTION
This function adds LDAP Identity Source of ActiveDirectory, OpenLDAP or NIS type.
.PARAMETER Name
Friendly name of the identity source
.PARAMETER DomainName
Domain name
.PARAMETER DomainAlias
Domain alias
.PARAMETER PrimaryUrl
Primary Server URL
.PARAMETER SecondaryUrl
Secondary Server URL
.PARAMETER BaseDNUsers
Base distinguished name for users
.PARAMETER BaseDNGroups
Base distinguished name for groups
.PARAMETER Username
Domain authentication user name
.PARAMETER Passowrd
Domain authentication password
.PARAMETER Credential
Domain authentication credential
.PARAMETER ServerType
Type of the ExternalDomain, one of 'ActiveDirectory','OpenLdap','NIS'
.PARAMETER Certificates
List of X509Certicate2 LDAP certificates
.PARAMETER Default
Sets the Identity Source as the defualt for the SSO
.PARAMETER Server
Specifies the vSphere Sso Admin Server on which you want to run the cmdlet.
If not specified the servers available in $global:DefaultSsoAdminServers variable will be used.
Adds LDAP Identity Source
.EXAMPLE
Add-LDAPIdentitySource `
-Name 'sof-powercli' `
-DomainName 'sof-powercli.vmware.com' `
-DomainAlias 'sof-powercli' `
-PrimaryUrl 'ldap://sof-powercli.vmware.com:389' `
-BaseDNUsers 'CN=Users,DC=sof-powercli,DC=vmware,DC=com' `
-BaseDNGroups 'CN=Users,DC=sof-powercli,DC=vmware,DC=com' `
-Username 'sofPowercliAdmin@sof-powercli.vmware.com' `
-Password '$up3R$Tr0Pa$$w0rD' `
-Certificates 'C:\Temp\test.cer'
#>
[CmdletBinding()]
param(
[Parameter(
Mandatory = $true,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'Friendly name of the identity source')]
[ValidateNotNull()]
[string]
$Name,
[Parameter(
Mandatory = $true,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false)]
[ValidateNotNull()]
[string]
$DomainName,
[Parameter(
Mandatory = $false,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false)]
[string]
$DomainAlias,
[Parameter(
Mandatory = $false,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false)]
[string]
$SecondaryUrl,
[Parameter(
Mandatory = $true,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false)]
[ValidateNotNull()]
[string]
$PrimaryUrl,
[Parameter(
Mandatory = $true,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'Base distinguished name for users')]
[ValidateNotNull()]
[string]
$BaseDNUsers,
[Parameter(
Mandatory = $true,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'Base distinguished name for groups')]
[ValidateNotNull()]
[string]
$BaseDNGroups,
[Parameter(
Mandatory = $true,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'Domain authentication user name',
ParameterSetName = 'DomainAuthenticationPassword')]
[ValidateNotNull()]
[string]
$Username,
[Parameter(
Mandatory = $true,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'Domain authentication password',
ParameterSetName = 'DomainAuthenticationPassword')]
[ValidateNotNull()]
[VMware.vSphere.SsoAdmin.Utils.StringToSecureStringArgumentTransformationAttribute()]
[SecureString]
$Password,
[Parameter(
Mandatory = $true,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'PSCredential object to use for authenticating with the LDAP',
ParameterSetName = 'DomainAuthenticationCredential')]
[PSCredential]
$Credential,
[Parameter(
Mandatory = $false,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'Ldap Certificates')]
[System.Security.Cryptography.X509Certificates.X509Certificate2[]]
$Certificates,
[Parameter(
Mandatory = $false,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'Ldap Server type')]
[ValidateSet('ActiveDirectory', 'OpenLdap')]
[string]
$ServerType = 'ActiveDirectory',
[Parameter(
Mandatory = $false,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'Sets the Identity Source as default')]
[Switch]
$Default,
[Parameter(
Mandatory = $false,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'Connected SsoAdminServer object')]
[ValidateNotNull()]
[VMware.vSphere.SsoAdminClient.DataTypes.SsoAdminServer]
$Server)
$serversToProcess = $global:DefaultSsoAdminServers.ToArray()
if ($Server -ne $null) {
$serversToProcess = $Server
}
try {
foreach ($connection in $serversToProcess) {
if (-not $connection.IsConnected) {
Write-Error "Server $connection is disconnected"
continue
}
$authenticationUserName = ""
$authenticationPassword = ""
if ($PSBoundParameters.ContainsKey('Credential')) {
$authenticationUserName = $Credential.UserName
$authenticationPassword = $Credential.Password
} else {
$authenticationUserName = $Username
$authenticationPassword = $Password
}
$connection.Client.AddLdapIdentitySource(
$DomainName,
$DomainAlias,
$Name,
$PrimaryUrl,
$SecondaryUrl,
$BaseDNUsers,
$BaseDNGroups,
$authenticationUserName,
$authenticationPassword,
$ServerType,
$Certificates);
if ($Default) {
$connection.Client.SetDefaultIdentitySource($Name)
}
}
}
catch {
Write-Error (FormatError $_.Exception)
}
}
function Set-LDAPIdentitySource {
<#
.NOTES
===========================================================================
Created on: 2/17/2021
Created by: Dimitar Milov
Twitter: @dimitar_milov
Github: https://github.com/dmilov
===========================================================================
.DESCRIPTION
This function adds LDAP Identity Source of ActiveDirectory, OpenLDAP or NIS type.
.PARAMETER IdentitySource
Identity Source to update
.PARAMETER Certificates
List of X509Certicate2 LDAP certificates
.PARAMETER Username
Domain authentication user name
.PARAMETER Passowrd
Domain authentication password
.PARAMETER Credential
Domain authentication credential
.PARAMETER Default
Sets the Identity Source as the defualt for the SSO
.PARAMETER Server
Specifies the vSphere Sso Admin Server on which you want to run the cmdlet.
If not specified the servers available in $global:DefaultSsoAdminServers variable will be used.
Updates LDAP Identity Source
.EXAMPLE
Updates certificate of a LDAP identity source
Get-IdentitySource -External | `
Set-LDAPIdentitySource `
-Certificates 'C:\Temp\test.cer'
.EXAMPLE
Updates certificate of a LDAP identity source authentication password
Get-IdentitySource -External | `
Set-LDAPIdentitySource `
-Username 'sofPowercliAdmin@sof-powercli.vmware.com' `
-Password '$up3R$Tr0Pa$$w0rD'
#>
[CmdletBinding()]
param(
[Parameter(
Mandatory = $true,
ValueFromPipeline = $true,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'Identity source to update')]
[ValidateNotNull()]
[VMware.vSphere.SsoAdminClient.DataTypes.ActiveDirectoryIdentitySource]
$IdentitySource,
[Parameter(
Mandatory = $true,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'Ldap Certificates',
ParameterSetName = 'UpdateCertificates')]
[System.Security.Cryptography.X509Certificates.X509Certificate2[]]
$Certificates,
[Parameter(
Mandatory = $true,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'Domain authentication user name',
ParameterSetName = 'DomainAuthenticationPassword')]
[ValidateNotNull()]
[string]
$Username,
[Parameter(
Mandatory = $true,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'Domain authentication password',
ParameterSetName = 'DomainAuthenticationPassword')]
[ValidateNotNull()]
[VMware.vSphere.SsoAdmin.Utils.StringToSecureStringArgumentTransformationAttribute()]
[SecureString]
$Password,
[Parameter(
Mandatory = $true,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'PSCredential object to use for authenticating with the LDAP',
ParameterSetName = 'DomainAuthenticationCredential')]
[PSCredential]
$Credential,
[Parameter(
Mandatory = $false,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false,
ParameterSetName = 'SetAsDefault',
HelpMessage = 'Sets the Identity Source as default')]
[Switch]
$Default,
[Parameter(
Mandatory = $false,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'Connected SsoAdminServer object')]
[ValidateNotNull()]
[VMware.vSphere.SsoAdminClient.DataTypes.SsoAdminServer]
$Server)
Process {
$serversToProcess = $global:DefaultSsoAdminServers.ToArray()
if ($null -ne $Server) {
$serversToProcess = $Server
}
try {
foreach ($connection in $serversToProcess) {
if (-not $connection.IsConnected) {
Write-Error "Server $connection is disconnected"
continue
}
if ($PSBoundParameters.ContainsKey('Certificates')) {
$connection.Client.UpdateLdapIdentitySource(
$IdentitySource.Name,
$IdentitySource.FriendlyName,
$IdentitySource.PrimaryUrl,
$IdentitySource.FailoverUrl,
$IdentitySource.UserBaseDN,
$IdentitySource.GroupBaseDN,
$Certificates);
}
$authenticationUserName = $null
$authenticationPassword = $null
if ($PSBoundParameters.ContainsKey('Credential')) {
$authenticationUserName = $Credential.UserName
$authenticationPassword = $Credential.Password
}
if ($PSBoundParameters.ContainsKey('Password')) {
$authenticationUserName = $Username
$authenticationPassword = $Password
}
if ($null -ne $authenticationPassword) {
$connection.Client.UpdateLdapIdentitySourceAuthentication(
$IdentitySource.Name,
$authenticationUserName,
$authenticationPassword);
}
if ($Default) {
$connection.Client.SetDefaultIdentitySource($IdentitySource.Name)
}
}
}
catch {
Write-Error (FormatError $_.Exception)
}
}
}
function Set-IdentitySource {
<#
.NOTES
===========================================================================
Created on: 2/25/2022
Created by: Dimitar Milov
Twitter: @dimitar_milov
Github: https://github.com/dmilov
===========================================================================
.DESCRIPTION
Updates IDentitySource
.PARAMETER IdentitySource
Identity Source to update
.PARAMETER Default
Sets the Identity Source as the defualt for the SSO
.PARAMETER Server
Specifies the vSphere Sso Admin Server on which you want to run the cmdlet.
If not specified the servers available in $global:DefaultSsoAdminServers variable will be used.
Updates LDAP Identity Source
.EXAMPLE
Updates certificate of a LDAP identity source
Get-IdentitySource -External | Set-IdentitySource -Default
#>
[CmdletBinding()]
param(
[Parameter(
Mandatory = $true,
ValueFromPipeline = $true,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'Identity source to update')]
[ValidateNotNull()]
[VMware.vSphere.SsoAdminClient.DataTypes.IdentitySource]
$IdentitySource,
[Parameter(
Mandatory = $false,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'Sets the Identity Source as default')]
[Switch]
$Default,
[Parameter(
Mandatory = $false,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'Connected SsoAdminServer object')]
[ValidateNotNull()]
[VMware.vSphere.SsoAdminClient.DataTypes.SsoAdminServer]
$Server)
Process {
$serversToProcess = $global:DefaultSsoAdminServers.ToArray()
if ($null -ne $Server) {
$serversToProcess = $Server
}
try {
foreach ($connection in $serversToProcess) {
if (-not $connection.IsConnected) {
Write-Error "Server $connection is disconnected"
continue
}
if ($Default) {
$connection.Client.SetDefaultIdentitySource($IdentitySource.Name)
}
}
}
catch {
Write-Error (FormatError $_.Exception)
}
}
}
function Get-IdentitySource {
<#
.NOTES
===========================================================================
Created on: 11/26/2020
Created by: Dimitar Milov
Twitter: @dimitar_milov
Github: https://github.com/dmilov
===========================================================================
.DESCRIPTION
This function gets Identity Source.
.PARAMETER Localos
Filter parameter to return only the localos domain identity source
.PARAMETER System
Filter parameter to return only the system domain identity source
.PARAMETER External
Filter parameter to return only the external domain identity sources
.PARAMETER Default
Filter parameter to return only the default domain identity sources
.PARAMETER Server
Specifies the vSphere Sso Admin Server on which you want to run the cmdlet.
If not specified the servers available in $global:DefaultSsoAdminServers variable will be used.
.EXAMPLE
Get-IdentitySource -External
Gets all external domain identity source
#>
[CmdletBinding()]
param(
[Parameter(
Mandatory = $false,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'Returns only the localos domain identity source')]
[Switch]
$Localos,
[Parameter(
Mandatory = $false,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'Returns only the system domain identity source')]
[Switch]
$System,
[Parameter(
Mandatory = $false,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'Returns only the external domain identity sources')]
[Switch]
$External,
[Parameter(
Mandatory = $false,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'Returns only the default domain identity sources')]
[Switch]
$Default,
[Parameter(
Mandatory = $false,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'Connected SsoAdminServer object')]
[ValidateNotNull()]
[VMware.vSphere.SsoAdminClient.DataTypes.SsoAdminServer]
$Server)
$serversToProcess = $global:DefaultSsoAdminServers.ToArray()
if ($Server -ne $null) {
$serversToProcess = $Server
}
foreach ($connection in $serversToProcess) {
if (-not $connection.IsConnected) {
Write-Error "Server $connection is disconnected"
continue
}
$resultIdentitySources = @()
$allIdentitySources = $connection.Client.GetDomains()
if (-not $Localos -and -not $System -and -not $External) {
$resultIdentitySources = $allIdentitySources
}
if ($Localos) {
$resultIdentitySources += $allIdentitySources | Where-Object { $_ -is [VMware.vSphere.SsoAdminClient.DataTypes.LocalOSIdentitySource] }
}
if ($System) {
$resultIdentitySources += $allIdentitySources | Where-Object { $_ -is [VMware.vSphere.SsoAdminClient.DataTypes.SystemIdentitySource] }
}
if ($External) {
$resultIdentitySources += $allIdentitySources | Where-Object { $_ -is [VMware.vSphere.SsoAdminClient.DataTypes.ActiveDirectoryIdentitySource] }
}
if ($Default) {
$resultIdentitySources = @()
$defaultDomainName = $connection.Client.GetDefaultIdentitySourceDomainName()
$resultIdentitySources = $allIdentitySources | Where-Object { $_.Name -eq $defaultDomainName }
}
#Return result
$resultIdentitySources
}
}
function Remove-IdentitySource {
<#
.NOTES
===========================================================================
Created on: 03/19/2021
Created by: Dimitar Milov
Twitter: @dimitar_milov
Github: https://github.com/dmilov
===========================================================================
.DESCRIPTION
This function removes Identity Source.
.PARAMETER IdentitySource
The identity source to remove
.PARAMETER Server
Specifies the vSphere Sso Admin Server on which you want to run the cmdlet.
If not specified the servers available in $global:DefaultSsoAdminServers variable will be used.
.EXAMPLE
Get-IdentitySource -External | Remove-IdentitySource
Removes all external domain identity source
#>
[CmdletBinding()]
param(
[Parameter(
Mandatory = $true,
ValueFromPipeline = $true,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'Identity source to remove')]
[ValidateNotNull()]
[VMware.vSphere.SsoAdminClient.DataTypes.IdentitySource]
$IdentitySource,
[Parameter(
Mandatory = $false,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'Connected SsoAdminServer object')]
[ValidateNotNull()]
[VMware.vSphere.SsoAdminClient.DataTypes.SsoAdminServer]
$Server)
Process {
$serversToProcess = $global:DefaultSsoAdminServers.ToArray()
if ($Server -ne $null) {
$serversToProcess = $Server
}
try {
foreach ($connection in $serversToProcess) {
if (-not $connection.IsConnected) {
Write-Error "Server $connection is disconnected"
continue
}
$connection.Client.DeleteDomain($IdentitySource.Name)
}
}
catch {
Write-Error (FormatError $_.Exception)
}
}
}
Reference in New Issue View Git Blame Copy Permalink