This is an old revision of the document!
WinRM Connector
This connector can be used to connect to basically to any system which can be managed via powershell commands or some specialized client which can be called from powershell.
Connector is based on Connid CMD connector. We made fork of CMD connector version 0.4-SNAPSHOT.
We implemented some features which were missing.
- It contains more configuration fields for connecting to WinRM, which is the main purpose of this connector.
- Password for WinRM user is GuardedString in connector but we send is as plain text in to bash script. (This behavior is same in CMD connector for \_\_PASSWORD\_\_ attribute)
- If script return exit code other then 0 exceptions is thrown.
- Item In folder scripts/NameOfSystem you can find python scripts for each supported operation method:
- Create
- Update
- Delete
- Test
- Search
Where "NameOfSystem" is one of these following values Exchange, OpenLims, o365, homeDir (More systems will maybe come in future). If you want use this connector for another system you can just implement scripts yourself. As a template you can use existing python + ps scripts.
Powershell scripts are in subfolders.
All of these scripts logging into connector server log
Then in folder "scripts" you can find python script, which is wrapper for pywinrm client - https://github.com/diyan/pywinrm which is used for connecting and executing PS scripts in windows server. You need to install first. In the link above there is a tutorial.
It's better to run it in connector server instead of directly adding dependency to your application(IdM). The reason for this is simple - better security. You can choose user with some limited permissions which will be used as the owner of connector server and then give him access to run only the scripts which you want.
It supports basic, ntlm, kerberos and credssp authentication schema for WinRM
It supports HTTP and HTTPS communication. HTTPS communication can be a little bit tricky to configure. You need the right certificate which is used in WinRM listener on Win server and then import crt to the trust store on machine where this connector is running. In file winrm_wrapper.py on line 39 where the session for WinRM is created you need to specify ca trust path. On Debian based system the default system ca path is "/etc/ssl/certs"
Configuration
Connector has few settings which need to be configured before you used it.
Create script
Path to Python create script
Powershell create script
Path to powershell create script which will be loaded into python and executed on Windows
Update script
Path to Python update script
Powershell update script
Path to powershell update script which will be loaded into python and executed on Windows
Search script
Path to Python search script
Powershell search script
Path to powershell search script which will be loaded into python and executed on Windows
Delete script
Path to Python delete script
Powershell delete script
Path to powershell delete script which will be loaded into python and executed on Windows
Test script
Path to Python test script
Endpoint
URL to the endpoint, where is WinRM accessible. Usually https://HOST:5986/wsman for HTTPS and http://HOST:5985/wsman for HTTP
Authentication schema
One from supported values - basic, ntlm, kerberos, credssp
User
Username for user which will be used for authentication to WinRM
Password
Password for this user
Schema generation
Connector is supporting basic schema generation. You will get these attributes:
- \_\_NAME\_\_
- \_\_UID\_\_
- \_\_PASSWORD\_\_
You need to create other attributes manually based on the system which you want to connect and you needs.