Microsoft Virtualization Discussions

Script to set ldaps settings

PierreC

Hello,

 

I would like to set on more than 40 netapp cluster ontap 9.5+, ldaps configuration.

 

So basically, we have to apply 2 commands on each cluster per svm connected to ldap for cifs purpose.

certificate install -type server-ca -vserver SVM

+ insert certificate

vserver cifs security modify -vserver SVM -use-ldaps-for-ad-ldap true

 

And maybe additionally to check settings have been applied

cifs server security show  -vserver SVM -fields use-ldaps-for-ad-ldap

 

I had a look on powersheel toolkit but i don't think i can achieve this goal.

 

Do you have any idea to apply this configuration on multiple cluster/svm by script/automatically ?

1 ACCEPTED SOLUTION

donny_lang

Start with a simple foreach loop to iterate through the list of your clusters:

 

Install certificate: Install-NcSecurityCertificate -Vserver <SVM> -Type <type> -Certificate <cert>

Modify CIFS security settings: Set-NcCifsSecurity -VserverContext <vserver> -UseLdapsForAdLdap $true 

Validate settings have been applied successfully: Get-NcSecurityCertificate and Get-NcCifsSecurity cmdlets, respectively. 

 

You may already know this, but the "Get-Command" and "Get-Help" cmdlets are awesome! I have not come across your specific use case before but just searched using Get-Command like this: "Get-Command -Module DataONTAP *security*" and the CIFS security cmdlets were returned as results (among others). From there, I just used "Get-Help" for cmdlets that looked like what I wanted, and read the documentation to figure out the syntax.

 

If you write some code and are having struggles, post a thread and we'll help debug. Hope it helps - happy automating! 

 

Donny

View solution in original post

2 REPLIES 2

donny_lang

Start with a simple foreach loop to iterate through the list of your clusters:

 

Install certificate: Install-NcSecurityCertificate -Vserver <SVM> -Type <type> -Certificate <cert>

Modify CIFS security settings: Set-NcCifsSecurity -VserverContext <vserver> -UseLdapsForAdLdap $true 

Validate settings have been applied successfully: Get-NcSecurityCertificate and Get-NcCifsSecurity cmdlets, respectively. 

 

You may already know this, but the "Get-Command" and "Get-Help" cmdlets are awesome! I have not come across your specific use case before but just searched using Get-Command like this: "Get-Command -Module DataONTAP *security*" and the CIFS security cmdlets were returned as results (among others). From there, I just used "Get-Help" for cmdlets that looked like what I wanted, and read the documentation to figure out the syntax.

 

If you write some code and are having struggles, post a thread and we'll help debug. Hope it helps - happy automating! 

 

Donny

View solution in original post

PierreC

I will test it, i think that's what i need.

 

Thanks a lot.

Announcements
NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

NetApp Insights to Action
I2A Banner
Public