SSH Connector

Last modified 09 Aug 2024 12:59 +02:00

Identity connector for SSH script execution.

Functionalitylimited
Development statusdormant (not developed actively, but still somehow maintained)
Support statussupportable
OriginEvolveum
Support provided byEvolveum
Target systemsBroad range of UNIX systems, Microsoft Windows Server 2019
Source codehttps://github.com/Evolveum/connector-ssh
Documentationhttps://github.com/Evolveum/connector-ssh/blob/main/README.adoc

Specialized connector that provides SSH scripting capabilities. Only script execution capabilities are supported.

This connector is designed to be used as additional connector together with other connectors, usually LDAP or Active Directory connectors.

Capabilities and Features

Schema

NO

Provisioning

NO

Live Synchronization

NO

Password

NO

Activation

NO

Paging support

NO

Native attribute names

NO

Scripting

YES

Command execution using SSH

History

Version Origin Binary Sources Build Date ConnId Framework Bundled with midPoint Description

1.0

Evolveum

download jar

GitHub

29 Oct 2020

1.5.0.0

None

Initial version.

Interoperability

Following servers are supported:

  • OpenSSH server on broad range of Linux distributions, reasonably recent versions.

  • Microsoft Windows Server 2019, OpenSSH server distributed by Microsoft.

The connector may work with other SSH servers as well. However, it was not tested in these environments and there are no guarantees.

Connector is supported only in Java 11 environment.

Support

This connector is working, however its functionality is still somehow limited. In addition to that, there are explicit support limitations:

  • Only some SSH servers are supported (see above)

  • Scripting capabilities implemented in this connector are supposed to be used to supplement account administration procedures: setting up the account, create home directory, archive account data on deprovisioning and so on.

  • The connector is not designed to be used to create the account themselves. E.g. it is not supposed to create or delete Microsoft Exchange accounts. Management of Exchange accounts can be quite a complex matter, requiring complicated PowerShell scripts. You can use this connector to manage Exchange accounts if you want to. However, when it comes to the content of the scripts you are on your own. You are responsible for the content of the scripts that the connector executes. Therefore if the script does not do what you think it should be doing then you have to fix it. This is not covered by support contract. If the script is not executed at all because of a bug in the connector then it is part of the support contract. But we are not responsible for the content of the scripts, we do not provide any official guidance on how those scripts should look like and what they should do. There may be some examples or hints in the documentation. But those should be considered to be examples only. We do not guarantee that they work.

Resource Examples

<resource>
    ...
    <additionalConnector>
        <name>ssh</name>
        <connectorRef>
            <filter>
                <q:text>connectorType = "com.evolveum.polygon.connector.ssh.SshConnector"</q:text>
            </filter>
        </connectorRef>
        <connectorConfiguration xmlns:icfc="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/connector-schema-3">
            <icfc:configurationProperties xmlns:icfcps="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/bundle/com.evolveum.polygon.connector-ssh/com.evolveum.polygon.connector.ssh.SshConnector">
                <icfcps:host>localhost</icfcps:host>
                <icfcps:username>jack</icfcps:username>
                <icfcps:password>
                    <t:clearValue>secret</t:clearValue>
                </icfcps:password>
                <icfcps:argumentStyle>variables-bash</icfcps:argumentStyle>
            </icfc:configurationProperties>
            <icfc:resultsHandlerConfiguration>
                <icfc:enableNormalizingResultsHandler>false</icfc:enableNormalizingResultsHandler>
                <icfc:enableFilteredResultsHandler>false</icfc:enableFilteredResultsHandler>
                <icfc:enableAttributesToGetSearchResultsHandler>false</icfc:enableAttributesToGetSearchResultsHandler>
            </icfc:resultsHandlerConfiguration>
        </connectorConfiguration>
    </additionalConnector>
    ...</resource>
Was this page helpful?
YES NO
Thanks for your feedback