UCS Manager LDAP Config

Document created by alberto.yanes on Apr 15, 2014
Version 1Show Document
  • View in full screen mode

UCS Power Scripting Submission Form

 

UCS Communities Login ID: alberto.yanes

Twitter handle (optional): <Name>

Have you read the Official Rules of the Contest and do you accept the terms and conditions     Yes  [ x ]    No  [   ]

Are you a Cisco employee                                                                                                                          Yes  [  ]    No  [ x ]

Does the script run on an emulator -                                                                                                          Yes [ x ]    No  [   ]

          If yes which version? ___2.1.1f_______

 

 

AD has to be previously configure with groups and accounts.

I change the script to use domain.local so that company information is not provided.

In this case I am also editing the Server-Equipment role.


#VARIABLES

 

 

$UCSMName = "10.1.1.13" #Change this variable (Use IP or FQDN)

 

 

$Provider1 = "10.1.1.250" #Change this variable to the local AD IP

$Provider2 = "10.1.1.251" #Change this variable to the local AD IP

 

 

$RootDN = "CN=UCSBind,OU=ServiceAccounts,OU=Accounts,DC=domain,DC=local"

$BaseDN = "DC=domain,DC=local"

$Filter = "sAMAccountName=`$userid"

$domain = "Domain"

$BindPassword = "Password123"

$ucsaaa = "CN=ucsaaa,OU=UCSGroups,OU=Accounts,DC=domain,DC=local"

$ucsadmin = "CN=ucsadmin,OU=UCSGroups,OU=Accounts,DC=domain,DC=local"

$ucsnetwork = "CN=ucsnetwork,OU=UCSGroups,OU=Accounts,DC=domain,DC=local"

$ucsoperations = "CN=ucsoperations,OU=UCSGroups,OU=Accounts,DC=domain,DC=local"

$ucssecurity = "CN=ucssecurity,OU=UCSGroups,OU=Accounts,DC=domain,DC=local"

$ucsserverequipment = "CN=ucsserverequipment,OU=UCSGroups,OU=Accounts,DC=domain,DC=local"

$ucsserverprofile = "CN=ucsserverprofile,OU=UCSGroups,OU=Accounts,DC=domain,DC=local"

$ucsstorage = "CN=ucsstorage,OU=UCSGroups,OU=Accounts,DC=domain,DC=local"

$ucsreadonly = "CN=ucsreadonly,OU=UCSGroups,OU=Accounts,DC=domain,DC=local"

 

 

 

 

#################################### END OF VARIABLES #####################################

 

 

#CONNECT TO UCSM

$Password = cat "C:\admin-pwd.txt" | convertto-securestring

$Credentials = New-Object System.Management.Automation.PSCredential -argumentlist "admin", $Password

Connect-Ucs $UCSMName -Credential $Credentials

 

 

#Add boot\shutdown to Server-Equiment role

Get-UcsRole -Name "server-equipment" | Set-UcsRole -Descr "" -PolicyOwner "local" -Priv "ls-server-oper","pn-equipment","pn-maintenance","pn-policy" -Force

 

 

#LDAP PROVIDERS

Start-UcsTransaction

$mo = Add-UcsLdapProvider -Name $Provider1 -Order 1 -Rootdn $RootDN -Basedn $BaseDN -Port 389 -EnableSSL no -Filter $Filter -Key $BindPassword

$mo_1 = $mo | Add-UcsLdapGroupRule -Authorization enable -Traversal recursive

$mo_2 = Add-UcsLdapProvider -Name $Provider2 -Order 2 -Rootdn $RootDN -Basedn $BaseDN -Port 389 -EnableSSL no -Filter $Filter -Key $BindPassword

$mo_2_1 = $mo_2 | Add-UcsLdapGroupRule -Authorization enable -Traversal recursive

Complete-UcsTransaction

 

 

#PROVIDER GROUP

Start-UcsTransaction

$mo = Get-UcsLdapGlobalConfig | Add-UcsProviderGroup -Descr "" -Name $domain

$mo_1 = $mo | Add-UcsProviderReference -ModifyPresent -Descr "" -Name $Provider1 -Order 1

$mo_2 = $mo | Add-UcsProviderReference -ModifyPresent -Descr "" -Name $Provider2 -Order 2

Complete-UcsTransaction

 

 

#GROUP MAPS

Start-UcsTransaction

$mo = Add-UcsLdapGroupMap -Descr "" -Name $ucsaaa

$mo_1 = $mo | Add-UcsUserRole -Descr "" -Name aaa

$mo_2 = Add-UcsLdapGroupMap -Descr "" -Name $ucsadmin

$mo_2_1 = $mo_2 | Add-UcsUserRole -Descr "" -Name admin

$mo_3 = Add-UcsLdapGroupMap -Descr "" -Name $ucsserverequipment

$mo_3_1 = $mo_3 | Add-UcsUserRole -Descr "" -Name server-equipment

$mo_4 = Add-UcsLdapGroupMap -Descr "" -Name $ucsnetwork

$mo_4_1 = $mo_4 | Add-UcsUserRole -Descr "" -Name network

$mo_5 = Add-UcsLdapGroupMap -Descr "" -Name $ucsoperations

$mo_5_1 = $mo_5 | Add-UcsUserRole -Descr "" -Name operations

$mo_6 = Add-UcsLdapGroupMap -Descr "" -Name $ucssecurity

$mo_6_1 = $mo_6 | Add-UcsUserRole -Descr "" -Name server-security

$mo_7 = Add-UcsLdapGroupMap -Descr "" -Name $ucsserverprofile

$mo_7_1 = $mo_7 | Add-UcsUserRole -Descr "" -Name server-profile

$mo_8 = Add-UcsLdapGroupMap -Descr "" -Name $ucsstorage

$mo_8_1 = $mo_8 | Add-UcsUserRole -Descr "" -Name storage

$mo_9 = Add-UcsLdapGroupMap -Descr "" -Name $ucsreadonly

$mo_9_1 = $mo_9 | Add-UcsUserRole -Descr "" -Name read-only

Complete-UcsTransaction

 

 

#AUTHENTICATION DOMAIN

 

 

# LDAP auth domain

$mo = Add-UcsAuthDomain -Descr "" -Name $domain

$mo_1 = $mo | Set-UcsAuthDomainDefaultAuth -Descr "" -ProviderGroup $domain -Realm ldap -Force

# Local auth domain

Add-UcsAuthDomain -Name "Local" | Set-UcsAuthDomainDefaultAuth -Realm local -Force

 

 

#Set Default auth to ldap

Get-UcsDefaultAuth | Set-UcsDefaultAuth -Realm "ldap" -ProviderGroup "Domain" -Force

 

 

Disconnect-Ucs

Attachments

    Outcomes