UCS Manager LDAP Config

Version 1

    UCS Power Scripting Submission Form

     

    UCS Communities Login ID: alberto.yanes

    Twitter handle (optional): <Name>

    Have you read the Official Rules of the Contest and do you accept the terms and conditions     Yes  [ x ]    No  [   ]

    Are you a Cisco employee                                                                                                                          Yes  [  ]    No  [ x ]

    Does the script run on an emulator -                                                                                                          Yes [ x ]    No  [   ]

              If yes which version? ___2.1.1f_______

     

     

    AD has to be previously configure with groups and accounts.

    I change the script to use domain.local so that company information is not provided.

    In this case I am also editing the Server-Equipment role.


    #VARIABLES

     

     

    $UCSMName = "10.1.1.13" #Change this variable (Use IP or FQDN)

     

     

    $Provider1 = "10.1.1.250" #Change this variable to the local AD IP

    $Provider2 = "10.1.1.251" #Change this variable to the local AD IP

     

     

    $RootDN = "CN=UCSBind,OU=ServiceAccounts,OU=Accounts,DC=domain,DC=local"

    $BaseDN = "DC=domain,DC=local"

    $Filter = "sAMAccountName=`$userid"

    $domain = "Domain"

    $BindPassword = "Password123"

    $ucsaaa = "CN=ucsaaa,OU=UCSGroups,OU=Accounts,DC=domain,DC=local"

    $ucsadmin = "CN=ucsadmin,OU=UCSGroups,OU=Accounts,DC=domain,DC=local"

    $ucsnetwork = "CN=ucsnetwork,OU=UCSGroups,OU=Accounts,DC=domain,DC=local"

    $ucsoperations = "CN=ucsoperations,OU=UCSGroups,OU=Accounts,DC=domain,DC=local"

    $ucssecurity = "CN=ucssecurity,OU=UCSGroups,OU=Accounts,DC=domain,DC=local"

    $ucsserverequipment = "CN=ucsserverequipment,OU=UCSGroups,OU=Accounts,DC=domain,DC=local"

    $ucsserverprofile = "CN=ucsserverprofile,OU=UCSGroups,OU=Accounts,DC=domain,DC=local"

    $ucsstorage = "CN=ucsstorage,OU=UCSGroups,OU=Accounts,DC=domain,DC=local"

    $ucsreadonly = "CN=ucsreadonly,OU=UCSGroups,OU=Accounts,DC=domain,DC=local"

     

     

     

     

    #################################### END OF VARIABLES #####################################

     

     

    #CONNECT TO UCSM

    $Password = cat "C:\admin-pwd.txt" | convertto-securestring

    $Credentials = New-Object System.Management.Automation.PSCredential -argumentlist "admin", $Password

    Connect-Ucs $UCSMName -Credential $Credentials

     

     

    #Add boot\shutdown to Server-Equiment role

    Get-UcsRole -Name "server-equipment" | Set-UcsRole -Descr "" -PolicyOwner "local" -Priv "ls-server-oper","pn-equipment","pn-maintenance","pn-policy" -Force

     

     

    #LDAP PROVIDERS

    Start-UcsTransaction

    $mo = Add-UcsLdapProvider -Name $Provider1 -Order 1 -Rootdn $RootDN -Basedn $BaseDN -Port 389 -EnableSSL no -Filter $Filter -Key $BindPassword

    $mo_1 = $mo | Add-UcsLdapGroupRule -Authorization enable -Traversal recursive

    $mo_2 = Add-UcsLdapProvider -Name $Provider2 -Order 2 -Rootdn $RootDN -Basedn $BaseDN -Port 389 -EnableSSL no -Filter $Filter -Key $BindPassword

    $mo_2_1 = $mo_2 | Add-UcsLdapGroupRule -Authorization enable -Traversal recursive

    Complete-UcsTransaction

     

     

    #PROVIDER GROUP

    Start-UcsTransaction

    $mo = Get-UcsLdapGlobalConfig | Add-UcsProviderGroup -Descr "" -Name $domain

    $mo_1 = $mo | Add-UcsProviderReference -ModifyPresent -Descr "" -Name $Provider1 -Order 1

    $mo_2 = $mo | Add-UcsProviderReference -ModifyPresent -Descr "" -Name $Provider2 -Order 2

    Complete-UcsTransaction

     

     

    #GROUP MAPS

    Start-UcsTransaction

    $mo = Add-UcsLdapGroupMap -Descr "" -Name $ucsaaa

    $mo_1 = $mo | Add-UcsUserRole -Descr "" -Name aaa

    $mo_2 = Add-UcsLdapGroupMap -Descr "" -Name $ucsadmin

    $mo_2_1 = $mo_2 | Add-UcsUserRole -Descr "" -Name admin

    $mo_3 = Add-UcsLdapGroupMap -Descr "" -Name $ucsserverequipment

    $mo_3_1 = $mo_3 | Add-UcsUserRole -Descr "" -Name server-equipment

    $mo_4 = Add-UcsLdapGroupMap -Descr "" -Name $ucsnetwork

    $mo_4_1 = $mo_4 | Add-UcsUserRole -Descr "" -Name network

    $mo_5 = Add-UcsLdapGroupMap -Descr "" -Name $ucsoperations

    $mo_5_1 = $mo_5 | Add-UcsUserRole -Descr "" -Name operations

    $mo_6 = Add-UcsLdapGroupMap -Descr "" -Name $ucssecurity

    $mo_6_1 = $mo_6 | Add-UcsUserRole -Descr "" -Name server-security

    $mo_7 = Add-UcsLdapGroupMap -Descr "" -Name $ucsserverprofile

    $mo_7_1 = $mo_7 | Add-UcsUserRole -Descr "" -Name server-profile

    $mo_8 = Add-UcsLdapGroupMap -Descr "" -Name $ucsstorage

    $mo_8_1 = $mo_8 | Add-UcsUserRole -Descr "" -Name storage

    $mo_9 = Add-UcsLdapGroupMap -Descr "" -Name $ucsreadonly

    $mo_9_1 = $mo_9 | Add-UcsUserRole -Descr "" -Name read-only

    Complete-UcsTransaction

     

     

    #AUTHENTICATION DOMAIN

     

     

    # LDAP auth domain

    $mo = Add-UcsAuthDomain -Descr "" -Name $domain

    $mo_1 = $mo | Set-UcsAuthDomainDefaultAuth -Descr "" -ProviderGroup $domain -Realm ldap -Force

    # Local auth domain

    Add-UcsAuthDomain -Name "Local" | Set-UcsAuthDomainDefaultAuth -Realm local -Force

     

     

    #Set Default auth to ldap

    Get-UcsDefaultAuth | Set-UcsDefaultAuth -Realm "ldap" -ProviderGroup "Domain" -Force

     

     

    Disconnect-Ucs