Osirium PAM (BETA) Osirium PAM (BETA): Active Directories

Summary

This module contains actions for reading Active Directory information from PAM.

Supported Versions

This plugin supports PAM versions 6.5.0 & newer.

Remember

You must have a PAM Server provisioned as a Vault inside PPA to use this plugin.

Actions

pam.active_directories.

get_all

Get all Active Directories from the PAM appliance.

Minimum Plugin Version: 0.1.0

Input

pam_address: the IP or DNS address of the PAM Appliance

Output

A list of ActiveDirectory dictionaries.

Example
1
2
3
- pam.active_directories.get_all:
    pam_address: pam.internal.net
  save: all_active_directories

pam.active_directories.

get_by_domain

Get an Active Directory using its FQDN.

Minimum Plugin Version: 0.1.0

Input

pam_address: the IP or DNS address of the PAM Appliance

domain: the Active Directory FQDN

Output

A single ActiveDirectory dictionary.

Example
1
2
3
4
- pam.active_directories.get_by_domain:
    pam_address: pam.internal.net
    domain: corporate.domain.net
  save: active_directory

pam.active_directories.

get_by_id

Get an Active Directory using its ID.

Minimum Plugin Version: 0.1.0

Input

pam_address: the IP or DNS address of the PAM Appliance

active_directory_id: the ID of the Active Directory

Output

A single ActiveDirectory dictionary.

Example
1
2
3
4
- pam.active_directories.get_by_id:
    pam_address: pam.internal.net
    active_directory_id: 10
  save: active_directory

pam.active_directories.

get_by_name

Get an Active Directory using its name.

Minimum Plugin Version: 0.1.0

Input

pam_address: the IP or DNS address of the PAM Appliance

name: the name of the Active Directory

Output

A single ActiveDirectory dictionary.

Example
1
2
3
4
- pam.active_directories.get_by_name:
    pam_address: pam.internal.net
    name: Corporate Domain
  save: active_directory

pam.active_directories.

input_table

Display a list of Active Directories in a table, & allow the task operator to make a selection.

The table will have the following columns:

  • Name
  • Domain
  • Host Name
  • Device Count
  • User Authentication Service

Minimum Plugin Version: 0.1.0

Input
  • text: The title of the table

  • active_directory_list: a list of ActiveDirectory dictionaries to display in the table

  • minimum: The minimum number of acceptable selections

  • maximum: The maximum number of acceptable selections

Output

A list of ActiveDirectory dictionaries.

Tip
  • If neither a minimum or maximum is provided, the task operator will be able to submit 0 selections.

  • If minimum or maximum are provided, the operation will repeat until the task operator makes a valid number of selections.

Example
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
- pam.active_directories.get_all:
    pam_address: pam.internal.net
  save: all_active_directories

- pam.active_directories.input_table:
    text: Select an Active Directory
    minimum: 1
    maximum: 1
  load:
    active_directory_list: all_active_directories
  save: selected_active_directories

pam.active_directories.

output_table

Display a list of Active Directories in a table.

The table will have the following columns:

  • Name
  • Domain
  • Host Name
  • Device Count
  • User Authentication Service

Minimum Plugin Version: 0.1.0

Input
  • text: the title of the table

  • active_directory_list: a list of ActiveDirectory dictionaries to display in the table

Output

Nothing is outputted by this action.

Example
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
- pam.active_directories.search:
    pam_address: pam.internal.net
    queries:
      - attribute: device_count
        query: greater_than
        value: 0
  save: domains_in_use

- pam.active_directories.output_table:
    text: Active Directories In Use
  load:
    active_directory_list: domains_in_use

pam.active_directories.

reveal_control_account

Reveal an Active Directory's control account secrets using its ID.

Minimum Plugin Version: 0.1.0

Input

pam_address: the IP or DNS address of the PAM Appliance

active_directory_id: the ID of the Active Directory

Output

A single Secret dictionary.

Example
1
2
3
4
- pam.active_directories.reveal_control_account:
    pam_address: pam.internal.net
    active_directory_id: 3
  save: active_directory_secrets

pam.active_directories.

Search for Active Directories in the PAM appliance.

Minimum Plugin Version: 0.1.0

Input

pam_address: the IP or DNS address of the PAM Appliance

queries: a list of Query dictionaries to use in the search

Output

A list of ActiveDirectory dictionaries.

Example

Finding the Active Directory used as the User Authentication Service in PAM:

1
2
3
4
5
6
7
- pam.active_directories.search:
    pam_address: pam.internal.net
    queries:
      - attribute: user_authentication_service
        query: equal
        value: true
  save: search_results

Wildcard Queries

You can use the % character as a wildcard in the value of each query.