Osirium PAM: Active Directories
Summary
This module contains actions for reading Active Directory information from PAM.
Supported Versions
This plugin supports PAM versions 6.5.0 & newer.
Remember
You must have a PAM Appliance provisioned as a Vault inside PPA to use this plugin.
Actions
pam.active_directories.
display
Display Active Directories in a table.
The table will have the following columns:
- Name
- Domain
- Host Name
- Device Count
- User Authentication Service
Minimum Plugin Version: 2.0.0
Input
-
text: the title of the table
-
active_directories: any number of ActiveDirectories
Output
Nothing is outputted by this action.
Example
1 2 3 4 5 6 7 8 |
|
pam.active_directories.
get_all
Get all Active Directories from the PAM appliance.
Minimum Plugin Version: 1.0.0
Input
pam_address: the IP or DNS address of the PAM Appliance
Output
A list of ActiveDirectories.
Example
1 2 3 |
|
pam.active_directories.
get_by_domain
Get an Active Directory using its FQDN.
Minimum Plugin Version: 1.0.0
Input
pam_address: the IP or DNS address of the PAM Appliance
domain: the Active Directory FQDN
Output
A single ActiveDirectory.
Example
1 2 3 4 |
|
pam.active_directories.
get_by_id
Get an Active Directory using its ID.
Minimum Plugin Version: 1.0.0
Input
pam_address: the IP or DNS address of the PAM Appliance
active_directory_id: the ID of the Active Directory
Output
A single ActiveDirectory.
Example
1 2 3 4 |
|
pam.active_directories.
get_by_name
Get an Active Directory using its name.
Minimum Plugin Version: 1.0.0
Input
pam_address: the IP or DNS address of the PAM Appliance
name: the name of the Active Directory
Output
A single ActiveDirectory.
Example
1 2 3 4 |
|
pam.active_directories.
input_table
Display Active Directories in a table, & allow the task operator to make a selection.
The table will have the following columns:
- Name
- Domain
- Host Name
- Device Count
- User Authentication Service
Deprecation Warning
This action will soon be deprecated in favour of select.
Minimum Plugin Version: 1.0.0
Input
-
text: The title of the table
-
active_directories: any number of ActiveDirectories
-
minimum: The minimum number of acceptable selections
-
maximum: The maximum number of acceptable selections
Output
A list of ActiveDirectories.
Tip
-
If neither a minimum or maximum is provided, the task operator will be able to submit 0 selections.
-
If minimum or maximum are provided, the operation will repeat until the task operator makes a valid number of selections.
Example
1 2 3 4 5 6 7 8 9 10 11 |
|
pam.active_directories.
output_table
Display Active Directories in a table.
The table will have the following columns:
- Name
- Domain
- Host Name
- Device Count
- User Authentication Service
Deprecation Warning
This action will soon be deprecated in favour of display.
Minimum Plugin Version: 1.0.0
Input
-
text: the title of the table
-
active_directories: any number of ActiveDirectories
Output
Nothing is outputted by this action.
Example
1 2 3 4 5 6 7 8 |
|
pam.active_directories.
reveal_account_by_name
Reveal an Active Directory account's secrets using the account name.
Minimum Plugin Version: 1.1.0
Input
pam_address: the IP or DNS address of the PAM Appliance
active_directory_id: the ID of the Active Directory
account_name: the name of the Active Directory account
Output
A single Secret.
Example
1 2 3 4 5 |
|
pam.active_directories.
reveal_control_account
Reveal an Active Directory's control account secrets using its ID.
Minimum Plugin Version: 1.0.0
Input
pam_address: the IP or DNS address of the PAM Appliance
active_directory_id: the ID of the Active Directory
Output
A single Secret.
Example
1 2 3 4 |
|
pam.active_directories.
search
Search for Active Directories in the PAM appliance.
Minimum Plugin Version: 2.0.0
Input
pam_address: the IP or DNS address of the PAM Appliance
queries: a list of Queries to use in the search
Output
A SearchResult containing:
-
total: the number of ActiveDirectories found
-
all: a list of ActiveDirectories found
-
first: the first ActiveDirectory found
-
last: the last ActiveDirectory found
Search Result Format
The search result format was updated in version 2.0.0 of this plugin.
It is not compatible with playbooks written against previous versions.
See here for more information.
Wildcard Queries
You can use the % character as a wildcard in the value
of each query.
Example
Finding the Active Directory used as the User Authentication Service in PAM:
1 2 3 4 5 6 7 |
|
pam.active_directories.
select
Display Active Directories in a table & prompt the task operator to make a selection.
The table will have the following columns:
- Name
- Domain
- Host Name
- Device Count
- User Authentication Service
Minimum Plugin Version: 2.0.0
Input
-
text: the title of the table
-
active_directories: any number of ActiveDirectories
-
minimum: the minimum number of selections
-
maximum: the maximum number of selections
Output
A Selection containing:
-
total: the number of selected ActiveDirectories
-
all: a list of selected ActiveDirectories
-
first: the first selected ActiveDirectory
Example
1 2 3 4 5 6 7 8 9 |
|
pam.active_directories.
select_one
Display Active Directories in a table & prompt the task operator to select one.
The table will have the following columns:
- Name
- Domain
- Host Name
- Device Count
- User Authentication Service
Minimum Plugin Version: 2.0.0
Input
-
text: the title of the table
-
active_directories: any number of ActiveDirectories
Output
A single ActiveDirectory.
Example
1 2 3 4 5 6 7 8 9 |
|