« Back to Microsoft Discussions

Connect-UCSM with LDAP

Combination View Flat View Tree View
Threads [ Previous | Next ]
Connect-UCSM with LDAP
Answer
9/26/11 10:46 PM
Has any one successfully used this cmdlet with an LDAP provider? I am able to do this connect to authenticate to it using SSH, UCS SM and even a custom authetnication function I used to use that relies on the XML funciton aaaLogin but it doesn't use credentials or create the connection object that all the UCS cmdlets reference so it isn't good any more. I was curious if any one else is able to successfully use this cmdlet to authenticate since all I ever get is an Authenticate Failed.
 
 
Connect-UCSM : Authentication failed
At line:6 char:13
+ Connect-UCSM <<<<  UCSNAME -Credential $creds
    + CategoryInfo          : ResourceUnavailable: (UCS connection Error:Stri
   ng) [Connect-UCSM], Exception
    + FullyQualifiedErrorId : LoginError,Cisco.UCSCmdlet.Commands.Connection.
   ConnectUCSM
Flag

RE: Connect-UCSM with LDAP
Answer
9/27/11 9:21 AM as a reply to Kevin Murphy.
I tried it as well without any succcess. Maybe we need to get an -AuthenticationProvider parameter on Connect-UCSM?
Flag

RE: Connect-UCSM with LDAP
Answer
9/28/11 9:20 PM as a reply to Jan Egil Ring.
So I found a work around. Originally I tried to connect using the below code where domain.local would be the name of my Authentication Domain inside the UCS :
1
2# UCS account
3$ucspass = cat "C:\temp\login.txt" | convertto-securestring    
4$ucscred = new-object -typename System.Management.Automation.PSCredential -argumentlist "ucs.domain.local\kmurphy",$ucspass
5
6Connect-UCSM -Name "ucs.domain.local" -Credential $ucscred


This would always fail with an error:

Connect-UCSM : Authentication failed
At line:6 char:13
+ Connect-UCSM <<<< -Name "UCS.domain.local" -Credential $ucscred
+ CategoryInfo : ResourceUnavailable: (UCS connection Error:String)
[Connect-UCSM], Exception
+ FullyQualifiedErrorId : LoginError,Cisco.UCSCmdlet.Commands.Connection.Con
nectUCSM

For the past few days I have been mulling over the idea of using my old connection object with aaaLogin and passing the information into an object of the same type of CurrentUCSMInstance but didn't feel like it was a proper enough solution. Today I got struck and realized I should look deeper at the CurrentUCSMInstance and created a new object of Cisco.Common.DataTypes.UCSLoginInfo. I am happy to say that this code successfully returned an authenticated connection and queries for Get-Chassis.
 
 1
 2 # UCS account
 3 $ucspass = cat "C:\temp\login.txt" | convertto-securestring    
 4 $ucscred = new-object -typename System.Management.Automation.PSCredential -argumentlist "ucs-domain.local\kmurphy",$ucspass
 5 
 6 $CurrentUCSMInstance = New-Object Cisco.Common.DataTypes.UCSLoginInfo
 7 $CurrentUCSMInstance.Name = "ucs.domain.local"
 8 $CurrentUCSMInstance.ConnectionInstance = 'CurrentUCSMInstance'
 9 $CurrentUCSMInstance.Credential = $ucscred
10 $CurrentUCSMInstance.UcsUri = "https://ucs.domain.local/nuova"
11$CurrentUCSMInstance.Connect()
12$chassis = Get-Chassis
13Disconnect-UCSM



You can see I am using the same creds file and username so nothing has changed accept for how the object was created and passed. Maybe some one from Cisco can explain what their Connect-UCSM cmdlet is doing that is being circumvented by using the Connect() method for the class Cisco.Common.DataTypes.UCSLoginInfo. At least this gives me a work around to allow my scripts to run but keep proper user auditing to see who did what in the audit log while they fix the Connection cmdlet.

Kevin Murphy
Flag

RE: Connect-UCSM with LDAP
Answer
9/28/11 9:17 PM as a reply to Kevin Murphy.
Nice work Kevin!
Flag