Osirium PAM: Active Directories

Summary

This module contains actions for reading Active Directory information from PAM.

Supported Versions

This plugin supports PAM versions 6.5.0 & newer.

Remember

You must have a PAM Appliance provisioned as a Vault inside PPA to use this plugin.

Actions

pam.active_directories.

display

Display Active Directories in a table.

The table will have the following columns:

• Name
• Domain
• Host Name
• Device Count
• User Authentication Service

Minimum Plugin Version: 2.0.0

Input

• text: the title of the table

• active_directories: any number of ActiveDirectories

Output

Nothing is outputted by this action.

Example

- pam.active_directories.get_all:
    pam_address: pam.internal.net
  save: active_directories

- pam.active_directories.display:
    text: All Active Directories
  load:
    active_directories: active_directories

pam.active_directories.

get_all

Get all Active Directories from the PAM appliance.

Minimum Plugin Version: 1.0.0

Input

pam_address: the IP or DNS address of the PAM Appliance

Output

A list of ActiveDirectories.

Example

- pam.active_directories.get_all:
    pam_address: pam.internal.net
  save: all_active_directories

pam.active_directories.

get_by_domain

Get an Active Directory using its FQDN.

Minimum Plugin Version: 1.0.0

Input

pam_address: the IP or DNS address of the PAM Appliance

domain: the Active Directory FQDN

Output

A single ActiveDirectory.

Example

- pam.active_directories.get_by_domain:
    pam_address: pam.internal.net
    domain: corporate.domain.net
  save: active_directory

pam.active_directories.

get_by_id

Get an Active Directory using its ID.

Minimum Plugin Version: 1.0.0

Input

pam_address: the IP or DNS address of the PAM Appliance

active_directory_id: the ID of the Active Directory

Output

A single ActiveDirectory.

Example

- pam.active_directories.get_by_id:
    pam_address: pam.internal.net
    active_directory_id: 10
  save: active_directory

pam.active_directories.

get_by_name

Get an Active Directory using its name.

Minimum Plugin Version: 1.0.0

Input

pam_address: the IP or DNS address of the PAM Appliance

name: the name of the Active Directory

Output

A single ActiveDirectory.

Example

- pam.active_directories.get_by_name:
    pam_address: pam.internal.net
    name: Corporate Domain
  save: active_directory

pam.active_directories.

input_table

Display Active Directories in a table, & allow the task operator to make a selection.

The table will have the following columns:

• Name
• Domain
• Host Name
• Device Count
• User Authentication Service

Deprecation Warning

This action will soon be deprecated in favour of select.

Minimum Plugin Version: 1.0.0

Input

• text: The title of the table

• active_directories: any number of ActiveDirectories

• minimum: The minimum number of acceptable selections

• maximum: The maximum number of acceptable selections

Output

A list of ActiveDirectories.

Tip

• If neither a minimum or maximum is provided, the task operator will be able to submit 0 selections.

• If minimum or maximum are provided, the operation will repeat until the task operator makes a valid number of selections.

Example

- pam.active_directories.get_all:
    pam_address: pam.internal.net
  save: active_directories

- pam.active_directories.input_table:
    text: Select an Active Directory
    minimum: 1
    maximum: 1
  load:
    active_directories: active_directories
  save: selected_active_directory

pam.active_directories.

output_table

Display Active Directories in a table.

The table will have the following columns:

• Name
• Domain
• Host Name
• Device Count
• User Authentication Service

Deprecation Warning

This action will soon be deprecated in favour of display.

Minimum Plugin Version: 1.0.0

Input

• text: the title of the table

• active_directories: any number of ActiveDirectories

Output

Nothing is outputted by this action.

Example

- pam.active_directories.get_all:
    pam_address: pam.internal.net
  save: active_directories

- pam.active_directories.output_table:
    text: All Active Directories
  load:
    active_directories: active_directories

pam.active_directories.

reveal_account_by_name

Reveal an Active Directory account's secrets using the account name.

Minimum Plugin Version: 1.1.0

Input

pam_address: the IP or DNS address of the PAM Appliance

active_directory_id: the ID of the Active Directory

account_name: the name of the Active Directory account

Output

A single Secret.

Example

- pam.active_directories.reveal_account_by_name:
    pam_address: pam.internal.net
    active_directory_id: 3
    account_name: ppa_service_account
  save: secret

pam.active_directories.

reveal_control_account

Reveal an Active Directory's control account secrets using its ID.

Minimum Plugin Version: 1.0.0

Input

pam_address: the IP or DNS address of the PAM Appliance

active_directory_id: the ID of the Active Directory

Output

A single Secret.

Example

- pam.active_directories.reveal_control_account:
    pam_address: pam.internal.net
    active_directory_id: 3
  save: active_directory_secrets

pam.active_directories.

search

Search for Active Directories in the PAM appliance.

Minimum Plugin Version: 2.0.0

Input

pam_address: the IP or DNS address of the PAM Appliance

queries: a list of Queries to use in the search

Output

A SearchResult containing:

• total: the number of ActiveDirectories found

• all: a list of ActiveDirectories found

• first: the first ActiveDirectory found

• last: the last ActiveDirectory found

Search Result Format

The search result format was updated in version 2.0.0 of this plugin.

It is not compatible with playbooks written against previous versions.

See here for more information.

Wildcard Queries

You can use the % character as a wildcard in the value of each query.

Example

Finding the Active Directory used as the User Authentication Service in PAM:

- pam.active_directories.search:
    pam_address: pam.internal.net
    queries:
      - attribute: user_authentication_service
        query: equal
        value: true
  save: search_results

pam.active_directories.

select

Display Active Directories in a table & prompt the task operator to make a selection.

The table will have the following columns:

• Name
• Domain
• Host Name
• Device Count
• User Authentication Service

Minimum Plugin Version: 2.0.0

Input

• text: the title of the table

• active_directories: any number of ActiveDirectories

• minimum: the minimum number of selections

• maximum: the maximum number of selections

Output

A Selection containing:

• total: the number of selected ActiveDirectories

• all: a list of selected ActiveDirectories

• first: the first selected ActiveDirectory

Example

- pam.active_directories.get_all:
    pam_address: pam.internal.net
  save: active_directories

- pam.active_directories.select:
    text: Select Active Directories
  load:
    active_directories: active_directories
  save: selection

pam.active_directories.

select_one

Display Active Directories in a table & prompt the task operator to select one.

The table will have the following columns:

• Name
• Domain
• Host Name
• Device Count
• User Authentication Service

Minimum Plugin Version: 2.0.0

Input

• text: the title of the table

• active_directories: any number of ActiveDirectories

Output

A single ActiveDirectory.

Example

- pam.active_directories.get_all:
    pam_address: pam.internal.net
  save: active_directories

- pam.active_directories.select_one:
    text: Select Active Directory
  load:
    active_directories: active_directories
  save: active_directory