Public/New-RubrikLDAP.ps1

#Requires -Version 3
function New-RubrikLDAP
{
  <#
      .SYNOPSIS
      Connects to Rubrik and sets Rubrik cluster settings
            
      .DESCRIPTION
      The New-RubrikLDAP cmdlet will set the cluster settings on the system. This does require authentication.
            
      .NOTES
      Adapted by Adam Shuttleworth from scripts by Chris Wahl for community usage
            
      .LINK
      https://rubrik.gitbook.io/rubrik-sdk-for-powershell/command-documentation/reference/new-rubrikldap
            
      .EXAMPLE
      New-RubrikLDAP -Name "Test LDAP Settings" -baseDn "DC=domain,DC=local" -authServers "192.168.1.8"

      This will create LDAP settings on the Rubrik cluster defined by Connect-Rubrik function

      .EXAMPLE
      $credential = Get-Credential
      New-RubrikLDAP -Name "rubrik.lab" -DynamicDNSName "ad1.test.lab" -baseDn "DC=rubrik,DC=lab" -BindCredential $Credential -Verbose

      This will create LDAP settings using the credentials object provided as a parameter

      .EXAMPLE
      $SecPw = Read-Host -AsSecureString
      New-RubrikLDAP -Name "rubrik.lab" -DynamicDNSName "ad1.test.lab" -baseDn "DC=rubrik,DC=lab" -BindUserName jaapjaap -BindUserPassword $SecPw -Verbose

      This will create LDAP settings using the user name and password provided as parameters
  #>


  [cmdletbinding(SupportsShouldProcess=$true,DefaultParametersetName='UserPassword')]
  Param(
    # Human friendly name
    [Parameter(Mandatory=$True)]
    [string]$Name,
    # Bind credentials with permission to connect to the LDAP server
    # Optionally, use the BindUserName and BindUserPassword parameters
    [Parameter(ParameterSetName='Credential',Mandatory=$true)]
    [System.Management.Automation.CredentialAttribute()]$BindCredential,
    # Dynamic DNS name for locating authentication servers.
    [string]$DynamicDNSName,
    # The path to the directory where searches for users begin.
    [string]$baseDn,
    # An ordered list of authentication servers. Servers on this list have priority over servers discovered using dynamic DNS.
    [array]$AuthServers,
    # Bind username with permissions to connect to the LDAP server
    # Optionally, use the BindCredential parameter
    [Parameter(ParameterSetName='UserPassword',Mandatory=$true, Position = 1)]
    [String]$BindUserName,
    # Password for the Username provided
    # Optionally, use the Credential parameter
    [Parameter(ParameterSetName='UserPassword',Mandatory=$true, Position = 2)]
    [SecureString]$BindUserPassword,
    # Rubrik server IP or FQDN
    [String]$Server = $global:RubrikConnection.server,
    # ID of the Rubrik cluster or me for self
    [String]$id = '',
    # API version
    [ValidateNotNullorEmpty()]
    [String]$api = $global:RubrikConnection.api
  )

  Begin {

    # The Begin section is used to perform one-time loads of data necessary to carry out the function's purpose
    # If a command needs to be run with each iteration or pipeline input, place it in the Process section
    
    # Check to ensure that a session to the Rubrik cluster exists and load the needed header data for authentication
    Test-RubrikConnection

    # Check to ensure that we have credentials for the LDAP server
    $BindCredential = Test-RubrikLDAPCredential -BindUserName $BindUserName -BindUserPassword $BindUserPassword -BindCredential $BindCredential

    # API data references the name of the function
    # For convenience, that name is saved here to $function
    $function = $MyInvocation.MyCommand.Name
        
    # Retrieve all of the URI, method, body, query, result, filter, and success details for the API endpoint
    Write-Verbose -Message "Gather API Data for $function"
    $resources = Get-RubrikAPIData -endpoint $function
    Write-Verbose -Message "Load API data for $($resources.Function)"
    Write-Verbose -Message "Description: $($resources.Description)"
  
  }

  Process {

    $uri = New-URIString -server $Server -endpoint ($resources.URI) -id $id
    $uri = Test-QueryParam -querykeys ($resources.Query.Keys) -parameters ((Get-Command $function).Parameters.Values) -uri $uri
    $body = New-BodyString -bodykeys ($resources.Body.Keys) -parameters ((Get-Command $function).Parameters.Values)

    #region One-off
    # This section is here to place the LDAP bind credentials into the API request prior to being encrypted and sent to the Rubrik API endpoint
    # Because the New-BodyString private function has already created a JSON payload, we must convert back to a hashtable before updating the credentials
    # Once that's done, we restore the $body var into a proper JSON payload and continue along.
    # See this PR for more information: https://github.com/rubrikinc/rubrik-sdk-for-powershell/pull/263
    Write-Verbose 'Passing $BindCredential username and password into the API request'
    $bodyHash = ConvertFrom-Json $body
    
    if (-not $bodyHash.bindUserName) {
      Add-Member -InputObject $bodyhash -MemberType NoteProperty -Name 'bindUserName' -Value $BindCredential.UserName
    } else {
      $bodyHash.bindUserName = $BindCredential.UserName
    }

    if (-not $bodyHash.bindUserPassword) {
      Add-Member -InputObject $bodyhash -MemberType NoteProperty -Name 'bindUserPassword' -Value $BindCredential.GetNetworkCredential().Password
    } else {
      $bodyHash.bindUserPassword = $BindCredential.GetNetworkCredential().Password
    }

    $body = ConvertTo-Json $bodyHash
    Write-Verbose -Message "Updated Body with credential object = $($body -replace 'bindUserPassword":\s*"(.*?)"','bindUserPassword": "***"')"
    #endregion

    $result = Submit-Request -uri $uri -header $Header -method $($resources.Method) -body $body
    $result = Test-ReturnFormat -api $api -result $result -location $resources.Result
    $result = Test-FilterObject -filter ($resources.Filter) -result $result

    return $result

  } # End of process
} # End of function