It took me awhile to figure out how to do an Authenticated Session with Novell LDAP. the missing piece, was that our novell LDAP servers were using untrusted certificates. This little piece of code fixed that issue. (Probably not the most secure thing to do, but effective)
.SessionOptions.VerifyServerCertificate = { return $true;}
Original credit goes to: Mike Burr ( http://mikemstech.blogspot.com/ ) for most of the function..
--------------------------------------------------------------------------------------------------
Function GetLDAPObjectwithAuth {
<#
.DESCRIPTION
Sets an LDAP User object attribute to specified Value
.EXAMPLES
SetLDAPObject -LDAPServer "LDAPSERVER Name" -LDAPPort 389 -SSL $false -baseDN "O=BASEDN" -Filter "(uid=smithj01)"
#>
param([string]$LDAPServer,[int]$LDAPPort,[boolean]$SSL,[string]$baseDN, [string]$Filter, [string]$UserName, [securestring]$SecPassWord )
#Load the assemblies
[System.Reflection.Assembly]::LoadWithPartialName("System.DirectoryServices.Protocols") | Out-Null
[System.Reflection.Assembly]::LoadWithPartialName("System.Net") | Out-Null
#Connects to LDAP Server using SSL on a non-standard port
$c = New-Object System.DirectoryServices.Protocols.LdapConnection "$($LDAPServer):$($LDAPPort)"
#Set session options
$c.SessionOptions.SecureSocketLayer = $SSL;
$c.SessionOptions.VerifyServerCertificate = { return $true;} #needed for self-signed certificates
# Pick Authentication type:
# Anonymous, Basic, Digest, DPA (Distributed Password Authentication),
# External, Kerberos, Msn, Negotiate, Ntlm, Sicily
$c.AuthType = [System.DirectoryServices.Protocols.AuthType]::Basic
# Gets username and password. Required for Authentication Types requiring Credentials
#$user = Read-Host -Prompt "Username"
#$pass = Read-Host -AsSecureString "Password"
#Creates a credential object to pass to bind to LDAP Connection Object
$NovellCredentials = new-object "System.Net.NetworkCredential" -ArgumentList $UserName,$SecPassWord
# Bind with the network credentials. Depending on the type of server,
# the username will take different forms. Authentication type is controlled
# above with the AuthType
$c.Bind($NovellCredentials);
$scope = [System.DirectoryServices.Protocols.SearchScope]::Subtree
$attrlist = ,"*" #Returns all Attributes
$r = New-Object System.DirectoryServices.Protocols.SearchRequest -ArgumentList `
$baseDN,$Filter,$scope,$attrlist
#$re is a System.DirectoryServices.Protocols.SearchResponse
$re = $c.SendRequest($r);
#How many results do we have?
"A Total of $($re.Entries.Count) Entry(s) found in LDAP Search"
If ($re.Entries.Count -eq 1) #Returns the Only Single Entry
{
Return $Re.Entries[0]
}
elseIf ($re.Entries.Count -eq 0) #Returns Null, No match found on Filter, or problems with LDAP
{
Return $null
}
else # Returns the Entire Collection of Entries
{
#foreach ($i in $re.Entries) { #Do something with each entry here, such as read attributes }
Return $re.Entries
}
} #End Function
#Test example:
$NovellCred = Get-Credential -Message "Enter your Novell Username and Password. Example username: smithj" # Getting the Novell Credential Information
$EDIRLDAPServer = "LDAPSERVER"
$EDIRBaseDN = "O=TEST"
$userID = $NovellCred.UserName.ToUpper()
$TrgtUserID = "smitha"
$PRODLDAPObj = GetLDAPObject -LDAPServer $EDIRLDAPServer -LDAPPort 389 -SSL $false -baseDN $EDIRBaseDN -Filter "(uid=$($userID))"
$userDN = ""
$userDN = (($PRODLDAPObj | select "DistinguishedName" | Out-String).Split() | Select-String -Pattern '^(\w+[=]{1}\w+)([,{1}]\w+[=]{1}\w+)*$').ToString().ToUpper()
$LDAPObj2 = GetLDAPObjectwithAuth -LDAPServer $EDIRLDAPServer -LDAPPort 636 -SSL $true -baseDN $EDIRBaseDN -Filter "(uid=$($TrgtUserID))" -UserName $userDN.toString().ToUpper() -SecPassWord $NovellCred.Password
"Fullname is: $($LDAPObj2.attributes["fullname"].getValues([string]))"
$trgtUserDN = (($LDAPObj2 | select "DistinguishedName" | Out-String).Split() | Select-String -Pattern '^(\w+[=]{1}\w+)([,{1}]\w+[=]{1}\w+)*$').ToString().ToUpper()
"DN is: $($trgtUserDN)"
Finally, after much googling, the solution to my problem.
ReplyDeleteThank you!