Hello,
We are building a script to make an audit of the configuration our multiple vCenters and we do not find any information related to SSO Configuration in PowerCLI side, for example : Identity sources, Policies ... Mainly anything in the following section accessible through the WebClient : Administration >> Single Sign-ON.
Is this possible with PowerCLI ? If not what other scriptable ways are availbale ? (we are exploring getting the information through sql scripts against the DB)
Thanks for your help 
Regards,
Accepted Solutions
I worked with EcoBassam on this subject and using the information provided by lamw I managed to make a script that retrives the required information.
Thanks for the links provided by lamw, they really helped me a lot.
wmdird is an LDAP based system, so firstly we can use JXplorer to explorer the tree structure of LDAP:
We will find all identity sources in the path: /Services/IdentityManager/Tenants/vsphere.local/IdentityProviders
If we would like to use powercli/powershell to get the same information as we can see in the JXplorer, we may want to use ldapsearch in sso server, of course we must have ldapsearch installed in the server:
Here is an exemple of Invoke-VMScript which I used in my script for a SSO server 5.5:
$scriptsso = @"
&"$env:C:\the\directory\to\ldapsearch.exe" -h localhost -w $password -p 11711 -x -D "cn=Administrator,cn=users,dc=vsphere,dc=local" -b "cn=IdentityProviders,cn=vsphere.local,cn=Tenants,cn=IdentityManager,cn=Services,dc=vsphere,dc=local" -s one "vmwSTSDomainName=*"
"@
$invokesso = Invoke-VMScript -ScriptText $scriptsso -VM $Vm -GuestUser $user -GuestPassword $password
$invokesso.ScriptOutput | out-string -Stream | set-content $VMsubfolder\infosso.txt
Then we get a txt file infosso.txt with all Identity Sources
We can get all the information available in Edit Identity Source screenshot above:
They are just under different names:
Domain Type | vmwSTSDomainType |
Identity source type | vmwSTSProviderType |
Name | vmwSTSName |
Primary server URL | vmwSTSConnectionStrings |
Domain Name | vmwSTSDomainName |
Domain alias | vmwSTSAlias |
Regards,
Fan
Thanks for both replies LucDLucD and lamwlamw
I forgot to mention that we are still in version 5.5 of vSphere, is the "vmdir" available also for vSphere 5.5 ?
What we are trying to get for the moment is the "Identity sources" configuration elements shown on the screenshot below :
I worked with EcoBassam on this subject and using the information provided by lamw I managed to make a script that retrives the required information.
Thanks for the links provided by lamw, they really helped me a lot.
wmdird is an LDAP based system, so firstly we can use JXplorer to explorer the tree structure of LDAP:
We will find all identity sources in the path: /Services/IdentityManager/Tenants/vsphere.local/IdentityProviders
If we would like to use powercli/powershell to get the same information as we can see in the JXplorer, we may want to use ldapsearch in sso server, of course we must have ldapsearch installed in the server:
Here is an exemple of Invoke-VMScript which I used in my script for a SSO server 5.5:
$scriptsso = @"
&"$env:C:\the\directory\to\ldapsearch.exe" -h localhost -w $password -p 11711 -x -D "cn=Administrator,cn=users,dc=vsphere,dc=local" -b "cn=IdentityProviders,cn=vsphere.local,cn=Tenants,cn=IdentityManager,cn=Services,dc=vsphere,dc=local" -s one "vmwSTSDomainName=*"
"@
$invokesso = Invoke-VMScript -ScriptText $scriptsso -VM $Vm -GuestUser $user -GuestPassword $password
$invokesso.ScriptOutput | out-string -Stream | set-content $VMsubfolder\infosso.txt
Then we get a txt file infosso.txt with all Identity Sources
We can get all the information available in Edit Identity Source screenshot above:
They are just under different names:
Domain Type | vmwSTSDomainType |
Identity source type | vmwSTSProviderType |
Name | vmwSTSName |
Primary server URL | vmwSTSConnectionStrings |
Domain Name | vmwSTSDomainName |
Domain alias | vmwSTSAlias |
Regards,
Fan