search

vmware / PowerCLI-Example-Scripts

http://blogs.vmware.com/powercli
Other
743 stars 602 forks source link

Error on Add-LDAPIdentitySource #533

Closed yanlu2 closed 2 years ago

yanlu2 commented 2 years ago

Describe the bug

I'm trying to add AD over LDAPs to a vCenter but got error. PS C:\Users\luy13> C:\PS_scripts\vCenter\vCenter-adding-AD-LDAPs.ps1

Press any key to continue add AD over LDAPs to vCenter rsaengbdvc1.rsa.lab.emc.com:

Name : server.corp.com ServiceUri : https://server.com/sso-adminserver/sdk/vsphere.local User : administrator@vsphere.local Id : /SsoAdminServer=vsphere.local/administrator@server.corp.com IsConnected : True Client : VMware.vSphere.SsoAdminClient.SsoAdminClient RefCount : 3

Add-LDAPIdentitySource : Cannot process argument transformation on parameter 'Certificates'. Cannot convert value "cert.cer" to type "System.Security.Cryptography.X509Certificates.X509Certificate2[]". Error: "Cannot convert value "cert.cer" to type "System.Security.Cryptography.X509Certificates.X509Certificate2". Error: "The system cannot find the file specified. "" At C:\PS_scripts\vCenter\vCenter-adding-AD-LDAPs.ps1:31 char:25

Disconnect-SsoAdminServer : Cannot process argument transformation on parameter 'Server'. Cannot convert the "server.corp.com" value of type "System.String" to type "VMware.vSphere.SsoAdminClient.DataTypes.SsoAdminServer[]". At C:\PS_scripts\vCenter\vCenter-adding-AD-LDAPs.ps1:32 char:39

Reproduction steps

1. Run script vCenter-adding -AD-LDAPs.ps1
2. got error 
3. Script vCenter-adding -AD-LDAPs.ps1
$path="C:\Temp\Reports\vCenters\"                                                     # file location
$server="server.corp.comp.com"                                                 # VC server
$username = "administrator@vsphere.local"
$passwd = password
$localdomain="vsphere.local"
$corpdomain="corp.comp.com"
$vcenterfile=$path+"vcentertestlist.txt"
$vcenterlist = get-content $vcenterfile

Foreach ($server in $vcenterlist) {
    $hostname=$server.Split(".")[0] 
    $rptfile=$path+"usrimpt-"+$hostname+".txt"

#    Read-Host -Prompt "`nPress any key to continue add AD over LDAPs to vCenter $server"

    Connect-SsoAdminServer -Server $server -User $username -Password $passwd -SkipCertificateCheck

    #Get-IdentitySource -External
    Add-LDAPIdentitySource `
          -Name 'Corp LDAPs' `
          -DomainName 'corp.comp.com' `
          -DomainAlias 'Corp' `
          -PrimaryUrl 'ldaps://appauth.corp.comp.com:636' `
          -BaseDNUsers 'dc=corp,dc=comp,dc=com' `
          -BaseDNGroups 'dc=corp,dc=comp,dc=com' `
          -Username 'svc_vmlabmgr@corp.comp.com' `
          -Password 'adfadfdaadfadf' `
          -Certificates 'cert.cer'
    Disconnect-SsoAdminServer -Server $server
}
4. output
PS C:\Users\luy13> C:\PS_scripts\vCenter\vCenter-adding-AD-LDAPs.ps1

Name        : server.corp.comp.com
ServiceUri  : https://server.corp.comp.com/sso-adminserver/sdk/vsphere.local
User        : administrator@vsphere.local
Id          : /SsoAdminServer=vsphere.local/administrator@server.corp.comp.com
IsConnected : True
Client      : VMware.vSphere.SsoAdminClient.SsoAdminClient
RefCount    : 5

Add-LDAPIdentitySource : Cannot process argument transformation on parameter 'Certificates'. Cannot convert value "cert.cer" to type 
"System.Security.Cryptography.X509Certificates.X509Certificate2[]". Error: "Cannot convert value "cert.cer" to type "System.Security.Cryptography.X509Certificates.X509Certificate2". 
Error: "The system cannot find the file specified.
""
At C:\PS_scripts\vCenter\vCenter-adding-AD-LDAPs.ps1:29 char:25
+           -Certificates 'cert.cer'
+                         ~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidData: (:) [Add-LDAPIdentitySource], ParameterBindingArgumentTransformationException
    + FullyQualifiedErrorId : ParameterArgumentTransformationError,Add-LDAPIdentitySource

Disconnect-SsoAdminServer : Cannot process argument transformation on parameter 'Server'. Cannot convert the "server.corp.comp.com" value of type "System.String" to type 
"VMware.vSphere.SsoAdminClient.DataTypes.SsoAdminServer[]".
At C:\PS_scripts\vCenter\vCenter-adding-AD-LDAPs.ps1:30 char:39
+     Disconnect-SsoAdminServer -Server $server
+                                       ~~~~~~~
    + CategoryInfo          : InvalidData: (:) [Disconnect-SsoAdminServer], ParameterBindingArgumentTransformationException
    + FullyQualifiedErrorId : ParameterArgumentTransformationError,Disconnect-SsoAdminServer

Expected behavior

add AD over ldaps to vCenter

Additional context

No response

yanlu2 commented 2 years ago

something worng in my script.

dmilov commented 2 years ago

Issue 1: cert.cer should be relative or absolute path to the cer file. If it is in the script working directory try ./cert.cer

Issue 2: $server variable is string type, passing it as an argument to Disconnect-SsoAdminServer won't work because this module is missing the PowerCLI OBN (resolving object by name) feature.

Suggestion to fix the script:

Foreach ($server in $vcenterlist) {
    $hostname=$server.Split(".")[0] 
    $rptfile=$path+"usrimpt-"+$hostname+".txt"

#    Read-Host -Prompt "`nPress any key to continue add AD over LDAPs to vCenter $server"

    $serverConnection = Connect-SsoAdminServer -Server $server -User $username -Password $passwd -SkipCertificateCheck

    #Get-IdentitySource -External
    Add-LDAPIdentitySource `
          -Name 'Corp LDAPs' `
          -DomainName 'corp.comp.com' `
          -DomainAlias 'Corp' `
          -PrimaryUrl 'ldaps://appauth.corp.comp.com:636' `
          -BaseDNUsers 'dc=corp,dc=comp,dc=com' `
          -BaseDNGroups 'dc=corp,dc=comp,dc=com' `
          -Username 'svc_vmlabmgr@corp.comp.com' `
          -Password 'adfadfdaadfadf' `
          -Certificates './cert.cer'

    Disconnect-SsoAdminServer -Server $serverConnection
}
yanlu2 commented 2 years ago

Thanks, it works.

Regards, -Yan

Internal Use - Confidential From: dmilov @.***> Sent: Friday, January 28, 2022 2:55 AM To: vmware/PowerCLI-Example-Scripts Cc: Yan Lu; State change Subject: Re: [vmware/PowerCLI-Example-Scripts] Error on Add-LDAPIdentitySource (Issue #533)

CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.

Issue 1: cert.cer should be relative or absolute path to the cer file. If it is in the script working directory try ./cert.cer

Issue 2: $server variable is string type, passing it as an argument to Disconnect-SsoAdminServer won't work because this module is missing the PowerCLI OBN (resolving object by name) feature.

Suggestion to fix the script:

Foreach ($server in $vcenterlist) {

$hostname=$server.Split(".")[0]

$rptfile=$path+"usrimpt-"+$hostname+".txt"

Read-Host -Prompt "`nPress any key to continue add AD over LDAPs to vCenter $server"

$serverConnection = Connect-SsoAdminServer -Server $server -User $username -Password $passwd -SkipCertificateCheck

#Get-IdentitySource -External

Add-LDAPIdentitySource `

      -Name 'Corp LDAPs' `

      -DomainName 'corp.comp.com' `

      -DomainAlias 'Corp' `

      -PrimaryUrl 'ldaps://appauth.corp.comp.com:636' `

      -BaseDNUsers 'dc=corp,dc=comp,dc=com' `

      -BaseDNGroups 'dc=corp,dc=comp,dc=com' `

      -Username ***@***.***' `

      -Password 'adfadfdaadfadf' `

      -Certificates './cert.cer'

Disconnect-SsoAdminServer -Server $serverConnection

}

In order to fix the second issue change the code to

- Reply to this email directly, view it on GitHubhttps://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fvmware%2FPowerCLI-Example-Scripts%2Fissues%2F533%23issuecomment-1023969200&data=04%7C01%7Cyan.lu%40securid.com%7Cbd3cbe116f0040a8700c08d9e2337107%7C3e855fcd203344818ea0c540b5640450%7C0%7C0%7C637789532846470377%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=xtO6C9jrjdTq7fGsfYgB%2Fzddq6PAjvybdOKWMkJ2xqc%3D&reserved=0, or unsubscribehttps://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FAXLQM5GGONOZQHZ3H6A57OLUYJDUDANCNFSM5M625IPA&data=04%7C01%7Cyan.lu%40securid.com%7Cbd3cbe116f0040a8700c08d9e2337107%7C3e855fcd203344818ea0c540b5640450%7C0%7C0%7C637789532846470377%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=nVR7elPSSwRPzgalXD62W4I86XjBzSssxGM%2BakYMBVI%3D&reserved=0. Triage notifications on the go with GitHub Mobile for iOShttps://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fapps.apple.com%2Fapp%2Fapple-store%2Fid1477376905%3Fct%3Dnotification-email%26mt%3D8%26pt%3D524675&data=04%7C01%7Cyan.lu%40securid.com%7Cbd3cbe116f0040a8700c08d9e2337107%7C3e855fcd203344818ea0c540b5640450%7C0%7C0%7C637789532846470377%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=jpfjjPb%2FFtqebEAToEVpVC5OTqZJIk2f3L4FNY9M0UU%3D&reserved=0 or Androidhttps://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fplay.google.com%2Fstore%2Fapps%2Fdetails%3Fid%3Dcom.github.android%26referrer%3Dutm_campaign%253Dnotification-email%2526utm_medium%253Demail%2526utm_source%253Dgithub&data=04%7C01%7Cyan.lu%40securid.com%7Cbd3cbe116f0040a8700c08d9e2337107%7C3e855fcd203344818ea0c540b5640450%7C0%7C0%7C637789532846470377%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=0DZglRf0oQKAJYvfN%2Fay2vYFcLlgJheAosZEBRKWUm8%3D&reserved=0. You are receiving this because you modified the open/close state.Message ID: @.**@.>>

The information contained in this e-mail and any attachments from SecurID may contain confidential and/or proprietary information, and is intended only for the named recipient to whom it was originally addressed. If you are not the intended recipient, any disclosure, distribution, or copying of this e-mail or its attachments is strictly prohibited. If you have received this e-mail in error, please notify the sender immediately by return e-mail and permanently delete the e-mail and any attachments.