#region Copyright
/*
* Copyright © 2014-2016 NetApp, Inc. All Rights Reserved.
*
* CONFIDENTIALITY NOTICE: THIS SOFTWARE CONTAINS CONFIDENTIAL INFORMATION OF
* NETAPP, INC. USE, DISCLOSURE OR REPRODUCTION IS PROHIBITED WITHOUT THE PRIOR
* EXPRESS WRITTEN PERMISSION OF NETAPP, INC.
*/
#endregion
#region Using Directives
using System;
using System.ComponentModel;
using System.Management.Automation;
using System.Management.Automation.Runspaces;
using SolidFire.Core;
using SolidFire.Element.Api;
using SolidFire.Core.Helpers;
using SolidFire.Exceptions;
#endregion
namespace SolidFire.Cluster.New
{
///
/// The TestLdapAuthentication is used to verify the currently enabled LDAP authentication configuration settings are correct. If
/// the configuration settings are correct, the API call returns a list of the groups the tested user is a member of.
///
[Cmdlet(VerbsCommon.Set, "SFLdapAuthentication", DefaultParameterSetName = "Enable")]
public class SetSFLdapAuthentication : SFCmdlet
{
#region Private Data
private string _authType = "SearchAndBind";
private string _groupSearchType = "ActiveDirectory";
private Pipeline pipeline = null;
#endregion
#region Parameters
///
/// The DisableLdapAuthentication method is used disable LDAP authentication and remove all LDAP configuration settings.
/// This call will not remove any configured cluster admin accounts (user or group). However, those cluster admin accounts will
/// no longer be able to log in.
///
[Parameter(Position = 0, ParameterSetName = "Disable", Mandatory = true, HelpMessage = "Use this parameter to disable LDAP authentication and remove all LDAP configuration settings. All other parameters will be ignored.")]
public SwitchParameter Disable { get; set; }
[Parameter(Position = 0, ParameterSetName = "Enable", Mandatory = false, ValueFromPipeline = true, ValueFromPipelineByPropertyName = true, HelpMessage = "Identifies which user authentication method will be used. Must be one of the following: DirectBind, SearchAndBind.")]
public String AuthType
{
get
{
return _authType;
}
set
{
_authType = value;
}
}
[Parameter(Position = 1, ParameterSetName = "Enable", Mandatory = false, ValueFromPipeline = true, ValueFromPipelineByPropertyName = true, HelpMessage = "The base DN of the tree to start the group search.")]
public String GroupSearchBaseDN { get; set; }
[Parameter(Position = 2, ParameterSetName = "Enable", Mandatory = false, ValueFromPipeline = true, ValueFromPipelineByPropertyName = true, HelpMessage = "Controls the default group search filter used, must be one of the following: NoGroups, ActiveDirectory MemberDN.")]
public String GroupSearchType
{
get
{
return _groupSearchType;
}
set
{
_groupSearchType = value;
}
}
[Parameter(Position = 3, ParameterSetName = "Enable", Mandatory = true, ValueFromPipeline = true, ValueFromPipelineByPropertyName = true, HelpMessage = "An array of LDAP server URIs (examples: ldap://1.2.3.4 and ldaps://1.2.3.4:123)")]
public String[] ServerURIs { get; set; }
[Parameter(Position = 4, ParameterSetName = "Enable", Mandatory = false, ValueFromPipeline = true, ValueFromPipelineByPropertyName = true, HelpMessage = "The base DN of the tree to start the search. REQUIRED for SearchAndBind.")]
public String UserSearchBaseDN { get; set; }
[Parameter(Position = 5, ParameterSetName = "Enable", Mandatory = false, ValueFromPipeline = true, ValueFromPipelineByPropertyName = true, HelpMessage = "A fully qualified DN to log in with to perform an LDAP search for the user. REQUIRED for SearchAndBind.")]
public String SearchBindDN { get; set; }
[Parameter(Position = 6, ParameterSetName = "Enable", Mandatory = false, HelpMessage = "The password for the SearchBindDN account used for searching. REQUIRED for SearchAndBind.")]
public String SearchBindPassword { get; set; }
[Parameter(Position = 7, ParameterSetName = "Enable", Mandatory = false, ValueFromPipeline = true, ValueFromPipelineByPropertyName = true, HelpMessage = "The LDAP filter to use. The string should have the placeholder text '%USERNAME%' which will be replaced with the username of the authenticating user. REQUIRED for SearchAndBind.")]
public String UserSearchFilter { get; set; }
[Parameter(Position = 8, ParameterSetName = "Enable", Mandatory = false, ValueFromPipeline = true, ValueFromPipelineByPropertyName = true, HelpMessage = "A string that will be used to form a fully qualified user DN. The string should have the placeholder text '%USERNAME%' which will be replaced with the username of the authenticating user. REQUIRED for DirectBind.")]
public String UserDNTemplate { get; set; }
[Parameter(Position = 9, ParameterSetName = "Enable", Mandatory = false, ValueFromPipeline = true, ValueFromPipelineByPropertyName = true, HelpMessage = "For use with the CustomFilter search type, an LDAP filter to use to return the DNs of a user’s groups. The string can have placeholder text of %USERNAME% and %USERDN% to be replaced with their username and full userDN as needed. REQUIRED for CustomFilter.")]
public String GroupSearchCustomFilter { get; set; }
#endregion
#region Cmdlet Overrides
///
/// Create a nested pipeline that can be written to after processing
///
protected override void BeginProcessing()
{
base.BeginProcessing();
pipeline = Runspace.DefaultRunspace.CreateNestedPipeline();
CheckConnection(minVersionNumber: 8.0f);
}
///
/// After processing, invoke Get-SFLdapConfiguration so the latest LDAP configuration is passed into the pipeline
///
protected override void EndProcessing()
{
base.EndProcessing();
var command = new Command("Get-SFLdapConfiguration");
pipeline.Commands.Add(command);
// Send it to the pipline
WriteObject(pipeline.Invoke(), true);
pipeline = null;
}
///
/// Implementation for processing the execution of the cmdlet.
///
protected override void ProcessRecord()
{
base.ProcessRecord();
switch (ParameterSetName){
case "Disable":
SendRequest("DisableLdapAuthentication");
break;
case "Enable":
if (_authType == "SearchAndBind" && string.IsNullOrEmpty(SearchBindPassword))
{
var errorRecord =
new ErrorRecord(new ParameterException("AuthType is SearchAndBind and SearchBindPassword is missing. Please supply a value for the SearchBindPassword parameter. Note: SearchBindPassword cannot be pipelined in, it must be manually set."),
"MissingRequiredParameter", ErrorCategory.InvalidOperation, null);
SolidFireUtilities.HandleError(errorRecord, this, true);
}
var request = new EnableLdapAuthenticationRequest();
request.AuthType = _authType;
request.GroupSearchBaseDN = GroupSearchBaseDN;
request.GroupSearchCustomFilter = GroupSearchCustomFilter;
request.GroupSearchType = _groupSearchType;
request.SearchBindDN = SearchBindDN;
request.SearchBindPassword = SearchBindPassword;
request.ServerURIs = ServerURIs;
request.UserDNTemplate = UserDNTemplate;
request.UserSearchBaseDN = UserSearchBaseDN;
request.UserSearchFilter = UserSearchFilter;
SendRequest("EnableLdapAuthentication", request);
break;
}
}
#endregion
}
}