PowerCLI-Example-Scripts icon indicating copy to clipboard operation
PowerCLI-Example-Scripts copied to clipboard

Published 20 hours ago verified publisher icon vmware

Add-LDAPIdentitySource fails when secondary LDAPS server is defined, returning "Type or value exists"

Open StevePantol opened this issue 4 years ago • 6 comments
trafficstars

Example:

Add-LDAPIdentitySource -Name 'stickers' -DomainName 'stickers.corp' -DomainAlias 'stickers' -PrimaryUrl 'ldaps://nyc-dc-01.stickers.corp:636' -SecondaryUrl 'ldaps://avs-dc-01.stickers.corp:636' -BaseDNUsers 'DC=stickers,DC=corp' -BaseDNGroups 'DC=stickers,DC=corp' -Username '[email protected]' -Password 'password' -Certificates 'C:\certs\nyc-dc-01.cer','C:\certs\avs-dc-01.cer'

Output: Add-LDAPIdentitySource: Type or value exists

We are able to add a single LDAPS server with this function and then add a secondary LDAPS server via the vCenter Client.

In Azure VMware Solution environments, however, users do not have access to configure Identity Sources through the vCenter Client. Instead, AVS Run Commands are used to temporarily elevate permissions and execute the Add-LDAPIdentitySource function.

StevePantol avatar Oct 27 '21 19:10 StevePantol

Hello Steve,

can you paste the error details?

$error[0] | Select * $error[0].Exception | Select *

dmilov avatar Nov 02 '21 08:11 dmilov

Happy to!

PS C:\Users\spantol> $error[0] | Select *

PSMessageDetails : Exception : Microsoft.PowerShell.Commands.WriteErrorException: Type or value exists TargetObject : CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Add-LDAPIdentitySource ErrorDetails : InvocationInfo : System.Management.Automation.InvocationInfo ScriptStackTrace : at Add-LDAPIdentitySource, C:\Users\spantol\Documents\PowerShell\Modules\VMware.vSphere.SsoAdmi n\1.3.5\IdentitySource.ps1: line 373 at <ScriptBlock>, <No file>: line 1 PipelineIterationInfo : {0, 1}

PS C:\Users\spantol> $error[0].Exception | Select *

TargetSite : StackTrace : Message : Type or value exists Data : {} InnerException : HelpLink : Source : HResult : -2146233087

StevePantol avatar Nov 02 '21 14:11 StevePantol

Hi @StevePantol the SecondaryUrl parameter is in fact the FailoverUrl for the LDAP. Are you running the Add-LDAPIdentitySource twice for the 1st IS and then for the 2nd one? I want to make sure you are not passing two different IS Url to PrimaryUrl and SecondaryUrl

dmilov avatar Nov 25 '21 12:11 dmilov

Hi @dmilov -

I'm trying to run Add-LDAPIdentitySource once, with a PrimaryURL defined and a SecondaryUrl defined. Both of the parameters provided are active directory domain controllers.

StevePantol avatar Dec 06 '21 17:12 StevePantol

Try to call Add-LDAPIdentitySource with PrimaryURL only twice. First time for the first domain controller, second call for the second one.

dmilov avatar Dec 07 '21 14:12 dmilov

Apologies for the delay here.

Trying to repeat the command with different PrimaryURLs and certificates gets me this error:

Add-LDAPIdentitySource: Domain with name 'stickers.corp' and alias 'stickers' already exists.

PSMessageDetails : Exception : Microsoft.PowerShell.Commands.WriteErrorException: Domain with name 'stickers.corp' and alias 'stickers' already exists. TargetObject : CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Add-LDAPIdentitySource ErrorDetails : InvocationInfo : System.Management.Automation.InvocationInfo ScriptStackTrace : at Add-LDAPIdentitySource, C:\Users\spantol\Documents\PowerShell\Modules\VMware.vSphere.SsoAdmi n\1.3.5\IdentitySource.ps1: line 373 at <ScriptBlock>, <No file>: line 1 PipelineIterationInfo : {0, 1}

TargetSite : Message : Domain with name 'stickers.corp' and alias 'stickers' already exists. Data : {} InnerException : HelpLink : Source : HResult : -2146233087 StackTrace :

StevePantol avatar Dec 23 '21 19:12 StevePantol