Microsoft Virtualization Discussions

Script to set ldaps settings

PierreC
2,058 Views

Hello,

 

I would like to set on more than 40 netapp cluster ontap 9.5+, ldaps configuration.

 

So basically, we have to apply 2 commands on each cluster per svm connected to ldap for cifs purpose.

certificate install -type server-ca -vserver SVM

+ insert certificate

vserver cifs security modify -vserver SVM -use-ldaps-for-ad-ldap true

 

And maybe additionally to check settings have been applied

cifs server security show  -vserver SVM -fields use-ldaps-for-ad-ldap

 

I had a look on powersheel toolkit but i don't think i can achieve this goal.

 

Do you have any idea to apply this configuration on multiple cluster/svm by script/automatically ?

1 ACCEPTED SOLUTION

donny_lang
2,013 Views

Start with a simple foreach loop to iterate through the list of your clusters:

 

Install certificate: Install-NcSecurityCertificate -Vserver <SVM> -Type <type> -Certificate <cert>

Modify CIFS security settings: Set-NcCifsSecurity -VserverContext <vserver> -UseLdapsForAdLdap $true 

Validate settings have been applied successfully: Get-NcSecurityCertificate and Get-NcCifsSecurity cmdlets, respectively. 

 

You may already know this, but the "Get-Command" and "Get-Help" cmdlets are awesome! I have not come across your specific use case before but just searched using Get-Command like this: "Get-Command -Module DataONTAP *security*" and the CIFS security cmdlets were returned as results (among others). From there, I just used "Get-Help" for cmdlets that looked like what I wanted, and read the documentation to figure out the syntax.

 

If you write some code and are having struggles, post a thread and we'll help debug. Hope it helps - happy automating! 

 

Donny

View solution in original post

2 REPLIES 2

donny_lang
2,014 Views

Start with a simple foreach loop to iterate through the list of your clusters:

 

Install certificate: Install-NcSecurityCertificate -Vserver <SVM> -Type <type> -Certificate <cert>

Modify CIFS security settings: Set-NcCifsSecurity -VserverContext <vserver> -UseLdapsForAdLdap $true 

Validate settings have been applied successfully: Get-NcSecurityCertificate and Get-NcCifsSecurity cmdlets, respectively. 

 

You may already know this, but the "Get-Command" and "Get-Help" cmdlets are awesome! I have not come across your specific use case before but just searched using Get-Command like this: "Get-Command -Module DataONTAP *security*" and the CIFS security cmdlets were returned as results (among others). From there, I just used "Get-Help" for cmdlets that looked like what I wanted, and read the documentation to figure out the syntax.

 

If you write some code and are having struggles, post a thread and we'll help debug. Hope it helps - happy automating! 

 

Donny

PierreC
1,933 Views

I will test it, i think that's what i need.

 

Thanks a lot.

Public