Geeks With Blogs

Lance's TextBox » About Me » My Resume »Twitter

Previously with NetCmdlets, authentication details were only accepted using plain text parameters. This is still supported, but now these cmdlets support PSCredentials through a new -credentials parameter. This works for almost all of the cmdlets included in NetCmdlets, like FTP, LDAP, HTTP, SMTP, Rexec, RSS, IM, SMS, SSH, etc.

Here's an example with get-ldap. Before, you had to bind to the directory server using plain text parameters, like this:

PS C:\> get-ldap -server testboy -binddn mydomain\admin -pass admin

Now you can also bind like this:

PS C:\> get-ldap -server testboy -cred $mycreds

This does become problematic if you're trying to authenticate with a full DN to a server like Novell or OpenLDAP that may not support compact user DN aliases. There is a way around this; I just posted this in the PowerShell newsgroup:

Tom G. wrote:
> Lance,

> The NetCmdlets are pretty cool. However, I'm having some trouble
> authenticating. I need to pass in a username in the format of
> "cn=userid,o=orgname,c=US". The credential parameter in get-ldap doesn't
> seem to support this. Any suggestions?

Just for the benefit of anyone else who was trying this: Tom and I
have exchanged emails, but for the benefit of anyone else who was
interested:

get-ldap and set-ldap allow you to provide authentication info to the
cmdlet in two ways: 1: through dn and password parameters, or 2:
through a credential parameter that takes a standard PSCredential
object.

The problem with using the credential method was that if you were a non
Active Directory user, and you didn't have an alias like MyDomain\Lance
to authenticate with, the get-credentials pop-up dialog wouldn't accept
your full DN (ie, cn=LRobinson,ou=Employees,dc=NS) as valid input.

Tom pointed out the "ConsolePrompting" registry string value ("True")
in HKLM\SOFTWARE\Microsoft\PowerShell\1\ShellIds\, which tells
get-credentials to take its input from the console instead of the
pop-up dialog. Doing it this way allows you to specify a full DN as
the username.

To bind to the directory server using a credential obtained in this way:

PS> $mycred = get-credential -credential "cn=Lance,ou=Employees,dc=NS"
...
PS> get-ldap -server testboy -cred $mycred

To bind and then search for a user (BillyBob) in the Employees
organizational unit:

PS> get-ldap -server testboy -cred $mycred -dn "ou=Employees,dc=NS"
-search "cn=BillyBob"

To bind, perform the same search, and return all attributes of the
user:

PS> get-ldap -server testboy -cred $mycred -dn "ou=Employees,dc=NS"
-search "cn=BillyBob" -attr

Technorati : , , , , , ,

Posted on Wednesday, December 27, 2006 1:27 PM Programming , Software , PowerShell | Back to top


Comments on this post: NetCmdlets support PSCredentials

No comments posted yet.
Your comment:
 (will show your gravatar)


Copyright © Lance Robinson | Powered by: GeeksWithBlogs.net