# # Name: Get WFA Ldap Operator Users # Version: 1.0.0 # From: NetApp Inc. # Min WFA version needed: WFA2.2 # Min Powershell : 3.0 # Copyright (C) 2015 NetApp, Inc. All rights reserved. # # Email: sinhaa@netapp.com #---Check for PoSH version. It should be >=3.0 if ($PSVersionTable.PSVersion.Major -le '2') { throw("Minimun PowerShell version required is 3.0") } $myWfaCreds = Get-WfaCredentials -Host "localhost" if (!$myWfaCreds) { throw("No credentials added for localhost") } #Get the WFA http/https port $REGISTRY = "HKLM:\SOFTWARE\Wow6432Node\Apache Software Foundation\Procrun 2.0\NA_WFA_SRV\Parameters\Java" $httpPort = (Get-ItemProperty $REGISTRY |select -ExpandProperty Options|where {$_ -match "-Dhttp.port"}).split("=")[1] $httpsPort = (Get-ItemProperty $REGISTRY |select -ExpandProperty Options|where {$_ -match "-Dhttps.port"}).split("=")[1] [System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true} $url1 = 'http://localhost:' + $httpPort + '/rest/system/ldap' $ldapData = Invoke-RestMethod -Method Get -Uri $url1 -Credential $myWfaCreds -ContentType "application/xml" if($ldapData.LdapConfiguration.enabled -eq 'false') { throw("LDAP Authentication is NOT enabled. Failing execution now..") } Get-WfaLogger -Info -message $ldapData.LdapConfiguration.ldapServerUrlList $LdapSeverUrlList = $ldapData.LdapConfiguration.ldapServerUrlList -split(",") $operatorGroupList = $ldapData.LdapConfiguration.operatorGroups -split(",") $userNameattribute = $ldapData.LdapConfiguration.usernameAttribute $users = @() Get-WfaLogger -Info -message $operatorGroupList[0] Get-WfaLogger -Info -message $userNameattribute foreach ( $ldapServer in $LdapSeverUrlList) { $ldapServerIP = $ldapServer.Trim().Substring(7).split(":")[0] $ldapServer = $ldapServer.Trim() Get-WfaLogger -Info -message $ldapServerIP Get-WfaLogger -Info -message $ldapServer #Get Credentials of this AD server $wfaADCreds = Get-WfaCredentials -Host $ldapServerIP if (!$wfaADCreds) { Get-WfaLogger -warn -message "Credentials are not available for $ldapServerIP. Continuing with the next AD" continue } $objDomain = New-Object System.DirectoryServices.DirectoryEntry($ldapServer.ToUpper(), $wfaADCreds.username, $(ConvertFromSecureToPlain -SecurePassword $wfaADCreds.Password)) $path= $objDomain.distinguishedName[0] Get-WfaLogger -Info -message $path $objSearcher = New-Object System.DirectoryServices.DirectorySearcher $objSearcher.SearchRoot = $objDomain $objSearcher.SearchScope = "SubTree" $objSearcher.PageSize = 1000 $objSearcher.Filter = "(objectCategory=Group)" $searchResults = $objSearcher.FindAll() foreach ($group in $operatorGroupList) { $group = $group.Trim() Get-WfaLogger -Info -message "Checking Group: $group" foreach ($gr in $searchResults) { if($gr.Properties["name"] -ne $group) { Continue } $cn=$gr.Properties['distinguishedname'] $objSearcher.Filter = "(memberOf:1.2.840.113556.1.4.1941:=$cn)" $sResults = $objSearcher.FindAll() foreach ($sr in $sResults) { if( !($sr.Properties["objectclass"] -contains "person")) { Continue } if ( $userNameattribute.ToLower() -eq "samaccountname" ) { $namingAttr = "name" } elseif ( $userNameattribute.ToLower() -eq "userprincipalname" ) { $namingAttr = "userprincipalname" } else { throw "Naming Arribute error" } $data = $($sr.Properties[$namingAttr]) if (!($users -contains $data)) { $users += $data } else { continue } } } } } $url2='https://localhost:' + $httpsPort + '/rest/users' foreach ($u in $users) { Get-WfaLogger -info -Message "---------------------" Get-WfaLogger -Info -Message "UserName :$u" [xml]$xmlDoc = New-Object system.Xml.XmlDocument $xmlDoc = 'BAAsgdhfsdf@!@3213214342fgfdgfdOperator' #Get-WfaLogger -Info -Message $xmlDoc.OuterXml try { Invoke-RestMethod -Method post -Uri $url2 -Body $xmlDoc.OuterXml -Credential $myWfaCreds -ContentType "application/xml" -TimeoutSec 300 } catch { if ($_.ErrorDetails.Message -Match "already exists, please choose another username" ) { Get-WfaLogger -Info -Message "User exists: $u; Moving to the next user" } else { throw("$_.ErrorDetails.Message") } } }