Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
devel:documentation:adm:systems:winrm_ad_connector [2019/08/28 06:50] kucerar small fixes after joining two pages together |
devel:documentation:adm:systems:winrm_ad_connector [2020/03/02 18:55] kotynekv [Configuration] Note for order and connector selected. |
||
---|---|---|---|
Line 5: | Line 5: | ||
Typical use cases for this combined connector are: | Typical use cases for this combined connector are: | ||
- | * Management of home directories - User is created via AD connector and home directory is created by WinRM Connector (powershell) | + | * Management of home directories - User is created via AD connector and home directory is created by WinRM Connector (powershell). Owner of home directory can be set only locally. |
* Management of o365 | * Management of o365 | ||
* Management of Exchange | * Management of Exchange | ||
Line 69: | Line 69: | ||
* \_\_PASSWORD\_\_ | * \_\_PASSWORD\_\_ | ||
You need to create other attributes manually based on the system which you want to connect and you needs. | You need to create other attributes manually based on the system which you want to connect and you needs. | ||
+ | |||
+ | ====== Requirements ====== | ||
+ | |||
+ | Here are some requirements needed in order to use winrm connector. | ||
+ | |||
+ | * Windows server with activated winrm service | ||
+ | * User account (local when using basic authentication scheme, domain otherwise) with correct permissions for connecting wia winrm and executing powershell scripts | ||
+ | * Correctly set up network access and firewall rules to allow winrm communication from IdM server to desired server | ||
+ | * Allowed winrm ports - 5985 for HTTP and 5986 for HTTPS (by default) | ||
+ | * Write powershell scripts, which will be performing desired operations on MS server (CREATE, UPDATE, ...) | ||
+ | * Write python scripts that transform data from ConId API to powershell script (examples in GIT repository) | ||
===== Provisioning ===== | ===== Provisioning ===== | ||
Line 107: | Line 118: | ||
We are using encoding otherwise you will have problem with diacritics in powershell when you want to encode the powershell script before sending it via WinRM. | We are using encoding otherwise you will have problem with diacritics in powershell when you want to encode the powershell script before sending it via WinRM. | ||
+ | <note tip> | ||
+ | <note tip>For search and delete operations IdM only sends uid. So in this scripts you cannot use any other attributes. For example someone would want to rename home directory in delete script and leave it there for period of time as backup. But in this situation you can only add to home directory' | ||
===== Installation ===== | ===== Installation ===== | ||
- | For using this connector you need to install a few things which is needed. | + | For using WinRM part of this connector you need to install a few things which is needed, otherwise you can skip these steps. |
* Install python, tested version is 2.7 | * Install python, tested version is 2.7 | ||
* Install pip for managing Python packages - for linux use package managers based on you distribution and install package python-pip. If you are using windows pip will be installed together with python if you use official installator. | * Install pip for managing Python packages - for linux use package managers based on you distribution and install package python-pip. If you are using windows pip will be installed together with python if you use official installator. | ||
* Install pywinrm and dependencies. You can follow official guide https:// | * Install pywinrm and dependencies. You can follow official guide https:// | ||
- | Now we have prepared the tool which is used by our connector. Next you need to install | + | <note tip> |
- | + | ||
- | < | + | |
- | You can download whole bundle with prepared | + | |
- | + | ||
- | Or you can follow | + | |
- | This connector | + | |
- | and with connector-framework 1.4.3.0 | + | |
- | + | ||
- | Next you will need to add these libraries into lib folder of the connector server: | + | |
- | * jackson-annotations-2.9.8 | + | |
- | * jackson-core-2.9.8 | + | |
- | * jackson-databind-2.9.8 | + | |
- | You will probably need to add these libs into classpath in ConnectorServer.sh or ConnectorServer.bat it depends on your OS. | + | |
- | + | ||
- | If you want to be able to run connector server as a service follow next steps | + | |
< | < | ||
- | # create user which we run the connector server | + | su - connector-server |
- | useradd connector-server | + | pip install |
- | + | ||
- | #create file | + | |
- | / | + | |
- | + | ||
- | # content of the file, change path according where you have your connector server | + | |
- | [Unit] | + | |
- | Description=Java Connector Server Service | + | |
- | [Service] | + | |
- | User=connector-server | + | |
- | WorkingDirectory=/ | + | |
- | ExecStart=/ | + | |
- | SuccessExitStatus=143 | + | |
- | [Install] | + | |
- | WantedBy=multi-user.target | + | |
- | + | ||
- | # Reload and enable deamon | + | |
- | systemctl daemon-reload | + | |
- | systemctl enable java-connector-server | + | |
- | # Use this to start/ | + | #those only if you need them |
- | systemctl start java-connector-server | + | pip install |
- | systemctl stop java-connector-server | + | pip install |
- | systemctl status java-connector-server | + | |
</ | </ | ||
+ | </ | ||
- | Now you can put winrm-ad-connector-1.0.1.jar | + | Now we have prepared the tool which is used by our connector. |
- | Next thing which you need to do is configure | + | - Follow [[devel: |
+ | - Put '' | ||
+ | - Configure | ||
===== Configuration ===== | ===== Configuration ===== | ||
Line 215: | Line 195: | ||
You can configure the order of connectors. Default behavior is that AD connector is first. | You can configure the order of connectors. Default behavior is that AD connector is first. | ||
{{ : | {{ : | ||
+ | < |