could we integrate Micorsoft gMSA function into the following code?
2016-05-24 12:54 AM
Hi, Programing Gurus
I got the request regarding how to build up an enterprise web/user interface to support change/assign share permission.
The customer utilize NetApp NMSDK 5.4 with c sharp .net for coding.
I am not familiar with windows gMSA and coding, so I need your help and advice.
here is the smaple line as following.
NaServer s = new NaServer("<server name or IP address>", 1 , 21); s.ServerType = NaServer.SERVER_TYPE.FILER; s.TransportType = NaServer.TRANSPORT_TYPE.HTTPS; s.Port = 443; s.Style = NaServer.AUTH_STYLE.LOGIN_PASSWORD;
s.SetAdminUser("<user name>", "<password>");
for security purpose with windows environment, could we utilize currently-logged user's credential for authentication, which mean we don't need put any user name and password in the code line.
also, we would like to know is it possible to utilize gMSA account integration to provide the same capability?
if you have any suggestion or idea could share with us, please post it on web site.
Thank you so much with any help!
1 REPLY 1
Re: could we integrate Micorsoft gMSA function into the following code?
2016-05-24 01:57 AM
I'm not certain what you are trying to achieve is possible, so i'll propose an alternative solution as a ZAPI connection to a NetApp system requires credentials and I don't know of any method available to use a Microsoft's gMSA to invoke a ZAPI call. What I would advise is that you integrate your web application with NetApp's Orchestration Application (WFA) - OnCommand Workflow Automation.
It would be possible to have users of your web application invoke a WFA workflow via it's REST API. The credentials required to connect to the NetApp Storage system and invoke ZAPI's can be cached within WFA. There is pre-packaged content (workflows) available to create CIFS shares and set CIFS share ACL's within WFA. You can download it here (its FREE):
WFA can integrate with LDAP\AD and therefore users of your web application can be authenticated in WFA via AD group membership. You could create an AD group EG "WFA Operators" and have your web application check if the user is member of that group, if so you can enable them to invoke a WFA workflow via a REST API. WFA can also provide return paramaters to your web application via the REST API on the status of the workflow or a return parameter\parameters if required.
Hope that helps
If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.