Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
devel:documentation:systems:dev:winrm_connector [2019/06/11 13:10] kucerar config + schema |
— (current) | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====== WinRM Connector ====== | ||
| - | This connector can be used to connect to basically to any system which can be managed via powershell commands or some specialized client which can be called from powershell. | ||
| - | <note important> | ||
| - | |||
| - | Connector is based on Connid CMD connector. We made fork of CMD connector version 0.4-SNAPSHOT. | ||
| - | |||
| - | We implemented some features which were missing. | ||
| - | * It contains more configuration fields for connecting to WinRM, which is the main purpose of this connector. | ||
| - | * Password for WinRM user is GuardedString in connector but we send is as plain text in to bash script. (This behavior is same in CMD connector for \_\_PASSWORD\_\_ attribute) | ||
| - | * If script return exit code other then 0 exceptions is thrown. | ||
| - | * Item In folder scripts/ | ||
| - | * Create | ||
| - | * Update | ||
| - | * Delete | ||
| - | * Test | ||
| - | * Search | ||
| - | |||
| - | Where " | ||
| - | system you can just implement scripts yourself. As a template you can use existing python + ps scripts. | ||
| - | |||
| - | Powershell scripts are in subfolders. | ||
| - | |||
| - | All of these scripts logging into connector server log | ||
| - | |||
| - | Then in folder " | ||
| - | which is used for connecting and executing PS scripts in windows server. You need to install first. In the link above there is a tutorial. | ||
| - | |||
| - | It's better to run it in connector server instead of directly adding dependency to your application(IdM). The reason for this is simple - better security. You can choose user with some limited permissions which will be used as the owner of connector server and then give him access to run only the scripts which you want. | ||
| - | |||
| - | It supports basic, ntlm, kerberos and credssp authentication schema for WinRM | ||
| - | |||
| - | It supports HTTP and HTTPS communication. HTTPS communication can be a little bit tricky to configure. You need the right | ||
| - | certificate which is used in WinRM listener on Win server and then import crt to the trust store on machine where this connector is running. | ||
| - | In file winrm_wrapper.py on line 39 where the session for WinRM is created you need to specify ca trust path. | ||
| - | On Debian based system the default system ca path is "/ | ||
| - | |||
| - | ===== Configuration ===== | ||
| - | Connector has few settings which need to be configured before you used it. | ||
| - | |||
| - | === Create script === | ||
| - | Path to Python create script | ||
| - | |||
| - | === Powershell create script === | ||
| - | Path to powershell create script which will be loaded into python and executed on Windows | ||
| - | |||
| - | === Update script === | ||
| - | Path to Python update script | ||
| - | |||
| - | === Powershell update script === | ||
| - | Path to powershell update script which will be loaded into python and executed on Windows | ||
| - | |||
| - | === Search script === | ||
| - | Path to Python search script | ||
| - | |||
| - | === Powershell search script === | ||
| - | Path to powershell search script which will be loaded into python and executed on Windows | ||
| - | |||
| - | === Delete script === | ||
| - | Path to Python delete script | ||
| - | |||
| - | === Powershell delete script === | ||
| - | Path to powershell delete script which will be loaded into python and executed on Windows | ||
| - | |||
| - | === Test script === | ||
| - | Path to Python test script | ||
| - | |||
| - | === Endpoint === | ||
| - | URL to the endpoint, where is WinRM accessible. Usually https:// | ||
| - | |||
| - | === Authentication schema === | ||
| - | One from supported values - basic, ntlm, kerberos, credssp | ||
| - | |||
| - | === User === | ||
| - | Username for user which will be used for authentication to WinRM | ||
| - | |||
| - | === Password === | ||
| - | Password for this user | ||
| - | |||
| - | ===== Schema generation ===== | ||
| - | Connector is supporting basic schema generation. You will get these attributes: | ||
| - | * \_\_NAME\_\_ | ||
| - | * \_\_UID\_\_ | ||
| - | * \_\_PASSWORD\_\_ | ||
| - | You need to create other attributes manually based on the system which you want to connect and you needs. | ||