From 88f9b8845304a63991bc110139c6a0da7e2f1121 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Moreau?= Date: Thu, 5 Sep 2024 16:31:24 +0200 Subject: [PATCH] Add User LDAP ADD/REMOVE functions and tests --- PowerFGT/Private/Confirm.ps1 | 52 +++++ PowerFGT/Public/cmdb/user/ldap.ps1 | 238 +++++++++++++++++++++++ Tests/common.ps1 | 5 + Tests/integration/UserLdap.Tests.ps1 | 281 +++++++++++++++++++++++++++ 4 files changed, 576 insertions(+) create mode 100644 Tests/integration/UserLdap.Tests.ps1 diff --git a/PowerFGT/Private/Confirm.ps1 b/PowerFGT/Private/Confirm.ps1 index f1c16470c..a2a0a2be3 100644 --- a/PowerFGT/Private/Confirm.ps1 +++ b/PowerFGT/Private/Confirm.ps1 @@ -233,6 +233,58 @@ Function Confirm-FGTFirewallProxyPolicy { } +Function Confirm-FGTUserLDAP { + + Param ( + [Parameter (Mandatory = $true)] + [object]$argument + ) + + #Check if it looks like a LDAP Server element + + if ( -not ( $argument | get-member -name name -Membertype Properties)) { + throw "Element specified does not contain a name property." + } + if ( -not ( $argument | get-member -name secondary-server -Membertype Properties)) { + throw "Element specified does not contain a secondary-server property." + } + if ( -not ( $argument | get-member -name tertiary-server -Membertype Properties)) { + throw "Element specified does not contain a tertiary-server property." + } + if ( -not ( $argument | get-member -name server-identity-check -Membertype Properties)) { + throw "Element specified does not contain a server-identity-check property." + } + if ( -not ( $argument | get-member -name source-ip -Membertype Properties)) { + throw "Element specified does not contain a source-ip property." + } + if ( -not ( $argument | get-member -name source-port -Membertype Properties)) { + throw "Element specified does not contain a source-port property." + } + if ( -not ( $argument | get-member -name cnid -Membertype Properties)) { + throw "Element specified does not contain a cnid property." + } + if ( -not ( $argument | get-member -name dn -Membertype Properties)) { + throw "Element specified does not contain a dn property." + } + if ( -not ( $argument | get-member -name type -Membertype Properties)) { + throw "Element specified does not contain a type property." + } + if ( -not ( $argument | get-member -name username -Membertype Properties)) { + throw "Element specified does not contain a username property." + } + if ( -not ( $argument | get-member -name password -Membertype Properties)) { + throw "Element specified does not contain a password property." + } + if ( -not ( $argument | get-member -name secure -Membertype Properties)) { + throw "Element specified does not contain a secure property." + } + if ( -not ( $argument | get-member -name port -Membertype Properties)) { + throw "Element specified does not contain a port property." + } + + $true +} + Function Confirm-FGTVip { Param ( diff --git a/PowerFGT/Public/cmdb/user/ldap.ps1 b/PowerFGT/Public/cmdb/user/ldap.ps1 index db8e15cea..e7d630bf0 100644 --- a/PowerFGT/Public/cmdb/user/ldap.ps1 +++ b/PowerFGT/Public/cmdb/user/ldap.ps1 @@ -4,6 +4,189 @@ # SPDX-License-Identifier: Apache-2.0 # +function Add-FGTUserLDAP { + + <# + .SYNOPSIS + Add a FortiGate LDAP Server + + .DESCRIPTION + Add a FortiGate LDAP Server + + .EXAMPLE + Add-FGTUserLDAP -Name PowerFGT -server ldap.powerfgt -dn "dc=fgt,dc=power,dc=powerfgt" + + Add a LDAP Server named PowerFGT using ldap.powerfgt with Base DN dc=fgt,dc=power,dc=powerfgt + + .EXAMPLE + Add-FGTUserLDAP -Name PowerFGT -server ldap.powerfgt -dn "dc=fgt,dc=power,dc=powerfgt" -cnid sAMAccountName + + Add a LDAP Server named PowerFGT using ldap.powerfgt with Base DN dc=fgt,dc=power,dc=powerfgt and sAMAccountName as CNID + + .EXAMPLE + $mypassword = ConvertTo-SecureString mypassword -AsPlainText -Force + PS C:\>Add-FGTUserLDAP -Name PowerFGT -server ldap.powerfgt -dn "dc=fgt,dc=power,dc=powerfgt" -type regular -username svc_powerfgt -password $mypassword + + Add a LDAP Server named PowerFGT using ldap.powerfgt with Base DN dc=fgt,dc=power,dc=powerfgt of type regular with speciefied username and password for binding + + .EXAMPLE + Add-FGTUserLDAP -Name PowerFGT -server ldap.powerfgt -dn "dc=fgt,dc=power,dc=powerfgt" -visibility:$false + + Add a LDAP Server named PowerFGT using ldap.powerfgt with Base DN dc=fgt,dc=power,dc=powerfgt and disabled visibility + + .EXAMPLE + Add-FGTUserLDAP -Name PowerFGT -server ldap.powerfgt -dn "dc=fgt,dc=power,dc=powerfgt" -secure ldaps + + Add a LDAP Server named PowerFGT using ldap.powerfgt with Base DN dc=fgt,dc=power,dc=powerfgt, and secure connection (LDAPS) + + .EXAMPLE + Add-FGTUserLDAP -Name PowerFGT -server ldap.powerfgt -dn "dc=fgt,dc=power,dc=powerfgt" -secondary_server ldap2.powerfgt -tertiary_server ldap3.powerfgt -cnid SAMAccountName -type simple -username svc_powerfgt -password $mypassword -secure ldaps + + Add a LDAP Server named PowerFGT using ldap.powerfgt as primary server, ldap2.powerfgt as secondary server and ldap3.powerfgt as tertiary server with Base DN dc=fgt,dc=power,dc=powerfgt, SAMAccountName as CNID, a regular account and secure connection (LDAPS) + + .EXAMPLE + $data = @{ "port" = 10389 } + PS C:\>Add-FGTUserLDAP -Name PowerFGT -server ldap.powerfgt -dn "dc=fgt,dc=power,dc=powerfgt" -data $data + + Add a LDAP Server named PowerFGT using ldap.powerfgt with Base DN dc=fgt,dc=power,dc=powerfgt and port 10389 via -data parameter + #> + + Param( + [Parameter (Mandatory = $true)] + [ValidateLength(1, 35)] + [string]$name, + [Parameter (Mandatory = $true)] + [ValidateLength(1, 63)] + [string]$server, + [Parameter (Mandatory = $false)] + [ValidateLength(1, 63)] + [string]$secondary_server, + [Parameter (Mandatory = $false)] + [ValidateLength(1, 63)] + [string]$tertiary_server, + [Parameter (Mandatory = $false)] + [ValidateLength(0, 20)] + [string]$cnid, + [Parameter (Mandatory = $true)] + [ValidateLength(0, 511)] + [string]$dn, + [Parameter (Mandatory = $false)] + [ValidateSet("simple", "regular", "anonymous")] + [string]$type, + [Parameter (Mandatory = $false)] + [ValidateLength(0, 511)] + [string]$username, + [Parameter (Mandatory = $false)] + [SecureString]$password, + [Parameter (Mandatory = $false)] + [ValidateSet("disable", "starttls", "ldaps")] + [string]$secure, + [Parameter (Mandatory = $false)] + [boolean]$visibility, + [Parameter (Mandatory = $false)] + [hashtable]$data, + [Parameter(Mandatory = $false)] + [String[]]$vdom, + [Parameter(Mandatory = $false)] + [psobject]$connection = $DefaultFGTConnection + ) + + Begin { + } + + Process { + + $invokeParams = @{ } + if ( $PsBoundParameters.ContainsKey('vdom') ) { + $invokeParams.add( 'vdom', $vdom ) + } + + if ( Get-FGTUserLDAP @invokeParams -name $name -connection $connection) { + Throw "Already a LDAP Server using the same name" + } + + $uri = "api/v2/cmdb/user/ldap" + + $ldap = new-Object -TypeName PSObject + + $ldap | add-member -name "name" -membertype NoteProperty -Value $name + + $ldap | add-member -name "server" -membertype NoteProperty -Value $server + + if ( $PsBoundParameters.ContainsKey('secondary_server') ) { + $ldap | add-member -name "secondary-server" -membertype NoteProperty -Value $secondary_server + } + + if ( $PsBoundParameters.ContainsKey('tertiary_server') ) { + $ldap | add-member -name "tertiary-server" -membertype NoteProperty -Value $tertiary_server + } + + if ( $PsBoundParameters.ContainsKey('cnid') ) { + $ldap | add-member -name "cnid" -membertype NoteProperty -Value $cnid + } + + if ( $PsBoundParameters.ContainsKey('dn') ) { + $ldap | add-member -name "dn" -membertype NoteProperty -Value $dn + } + + if ( $PsBoundParameters.ContainsKey('type') ) { + if ($type -eq "regular") { + if ($Null -eq $username -or $Null -eq $password) { + Throw "You need to specify an username and a passord !" + } + else { + $ldap | add-member -name "type" -membertype NoteProperty -Value $type + $ldap | add-member -name "username" -membertype NoteProperty -Value $username + if (("Desktop" -eq $PSVersionTable.PsEdition) -or ($null -eq $PSVersionTable.PsEdition)) { + $bstr = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($password); + $passwd = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($bstr); + $ldap | add-member -name "password" -membertype NoteProperty -Value $passwd + } + else { + $passwd = ConvertFrom-SecureString -SecureString $password -AsPlainText + $ldap | add-member -name "password" -membertype NoteProperty -Value $passwd + } + } + } + else { + $ldap | add-member -name "type" -membertype NoteProperty -Value $type + } + } + + if ( $PsBoundParameters.ContainsKey('secure') ) { + $ldap | add-member -name "secure" -membertype NoteProperty -Value $secure + } + + if ( $PsBoundParameters.ContainsKey('visibility') ) { + #with 6.4.x, there is no longer visibility parameter + if ($connection.version -ge "6.4.0") { + Write-Warning "-visibility parameter is no longer available with FortiOS 6.4.x and after" + } + else { + if ( $visibility ) { + $ldap | add-member -name "visibility" -membertype NoteProperty -Value "enable" + } + else { + $ldap | add-member -name "visibility" -membertype NoteProperty -Value "disable" + } + } + } + + if ( $PsBoundParameters.ContainsKey('data') ) { + $data.GetEnumerator() | ForEach-Object { + $ldap | Add-member -name $_.key -membertype NoteProperty -Value $_.value + } + } + + Invoke-FGTRestMethod -method "POST" -body $ldap -uri $uri -connection $connection @invokeParams | out-Null + + Get-FGTUserLDAP -connection $connection @invokeParams -name $name + } + + End { + } +} + function Get-FGTUserLDAP { <# @@ -103,3 +286,58 @@ function Get-FGTUserLDAP { End { } } + +function Remove-FGTUserLDAP { + + <# + .SYNOPSIS + Remove a FortiGate LDAP Server + + .DESCRIPTION + Remove a LDAP Server on the FortiGate + + .EXAMPLE + $MyFGTUserLDAP = Get-FGTUserLDAP -name PowerFGT + PS C:\>$MyFGTUserLDAP | Remove-FGTUserLDAP + + Remove user object $MyFGTUserLDAP + + .EXAMPLE + $MyFGTUserLDAP = Get-FGTUserLDAP -name MyFGTUserLDAP + PS C:\>$MyFGTUserLDAP | Remove-FGTUserLDAP -confirm:$false + + Remove UserLDAP object $MyFGTUserLDAP with no confirmation + + #> + + [CmdletBinding(SupportsShouldProcess, ConfirmImpact = 'high')] + Param( + [Parameter (Mandatory = $true, ValueFromPipeline = $true, Position = 1)] + [ValidateScript( { Confirm-FGTUserLDAP $_ })] + [psobject]$userldap, + [Parameter(Mandatory = $false)] + [String[]]$vdom, + [Parameter(Mandatory = $false)] + [psobject]$connection = $DefaultFGTConnection + ) + + Begin { + } + + Process { + + $invokeParams = @{ } + if ( $PsBoundParameters.ContainsKey('vdom') ) { + $invokeParams.add( 'vdom', $vdom ) + } + + $uri = "api/v2/cmdb/user/ldap/$($userldap.name)" + + if ($PSCmdlet.ShouldProcess($userldap.name, 'Remove User Ldap')) { + $null = Invoke-FGTRestMethod -method "DELETE" -uri $uri -connection $connection @invokeParams + } + } + + End { + } +} \ No newline at end of file diff --git a/Tests/common.ps1 b/Tests/common.ps1 index 5a56d95b2..2e0910ab2 100644 --- a/Tests/common.ps1 +++ b/Tests/common.ps1 @@ -46,6 +46,11 @@ $script:pester_zone1 = "pester_zone %/*?1" $script:pester_zone2 = "pester_zone2" $script:pester_userlocal = "pester_userlocal" $script:pester_userlocalpassword = ConvertTo-SecureString "pester_userlocalpassword" -AsPlainText -Force +$script:pester_userldap = "pester_ldapserver" +$script:pester_userldapserver1 = "pesterldapserver1.powerfgt" +$script:pester_userldapserver2 = "pesterldapserver2.powerfgt" +$script:pester_userldapserver3 = "pesterldapserver3.powerfgt" +$script:pester_userldappassword = ConvertTo-SecureString "pester_userldappassword" -AsPlainText -Force . ../credential.ps1 #TODO: Add check if no ipaddress/login/password info... diff --git a/Tests/integration/UserLdap.Tests.ps1 b/Tests/integration/UserLdap.Tests.ps1 new file mode 100644 index 000000000..e0d812f08 --- /dev/null +++ b/Tests/integration/UserLdap.Tests.ps1 @@ -0,0 +1,281 @@ +# +# Copyright 2024, Cedric Moreau +# +# SPDX-License-Identifier: Apache-2.0 +# + +#include common configuration +. ../common.ps1 + +BeforeAll { + Connect-FGT @invokeParams +} + +Describe "Get User Ldap" { + + BeforeAll { + Add-FGTUserLDAP -name $pester_userldap -server $pester_userldapserver1 -dn "dc=fgt,dc=power,dc=powerfgt" + } + + It "Get User Ldap Does not throw an error" { + { + Get-FGTUserLDAP + } | Should -Not -Throw + } + + It "Get ALL User Ldap" { + $userldap = Get-FGTUserLDAP + $userldap.count | Should -Not -Be $NULL + } + + It "Get ALL User Ldap with -skip" { + $userldap = Get-FGTUserLDAP -skip + $userldap.count | Should -Not -Be $NULL + } + + It "Get User Ldap with -name $pester_userldap -meta" { + $userldap = Get-FGTUserLDAP -name $pester_userldap -meta + $userldap.q_ref | Should -Not -BeNullOrEmpty + $userldap.q_static | Should -Not -BeNullOrEmpty + $userldap.q_no_rename | Should -Not -BeNullOrEmpty + $userldap.q_global_entry | Should -Not -BeNullOrEmpty + $userldap.q_type | Should -Not -BeNullOrEmpty + $userldap.q_path | Should -Be "user" + $userldap.q_name | Should -Be "ldap" + $userldap.q_mkey_type | Should -Be "string" + if ($DefaultFGTConnection.version -ge "6.2.0") { + $userldap.q_no_edit | Should -Not -BeNullOrEmpty + } + } + + It "Get User Ldap ($pester_userldap)" { + $userldap = Get-FGTUserLDAP -name $pester_userldap + $userldap.name | Should -Be $pester_userldap + } + + It "Get User Ldap ($pester_userldap) and confirm (via Confirm-FGTUserLDAP)" { + $userldap = Get-FGTUserLDAP -name $pester_userldap + Confirm-FGTUserLDAP ($userldap) | Should -Be $true + } + + Context "Search" { + + It "Search User Ldap by name ($pester_userldap)" { + $userldap = Get-FGTUserLDAP -name $pester_userldap + @($userldap).count | Should -be 1 + $userldap.name | Should -Be $pester_userldap + } + + } + + AfterAll { + Get-FGTUserLDAP -name $pester_userldap | Remove-FGTUserLDAP -confirm:$false + } + +} + +Describe "Add User Ldap" { + + Context "LDAP Server (Primary, secondary, tertiary servers, type, secure connection etc ...)" { + + AfterEach { + Get-FGTUserLDAP -name $pester_userldap | Remove-FGTUserLDAP -confirm:$false + } + + It "Add User LDAP Server $pester_userldap" { + Add-FGTUserLDAP -Name $pester_userldap -server $pester_userldapserver1 -dn "dc=fgt,dc=power,dc=powerfgt" + $userldap = Get-FGTUserLDAP -name $pester_userldap + $userldap.name | Should -Be $pester_userldap + $userldap.server | Should -Be $pester_userldapserver1 + $userldap.dn | Should -Be "dc=fgt,dc=power,dc=powerfgt" + } + + It "Add User LDAP Server $pester_userldap with secondary-server" { + Add-FGTUserLDAP -Name $pester_userldap -server $pester_userldapserver1 -dn "dc=fgt,dc=power,dc=powerfgt" -secondary_server $pester_userldapserver2 + $userldap = Get-FGTUserLDAP -name $pester_userldap + $userldap.name | Should -Be $pester_userldap + $userldap.server | Should -Be $pester_userldapserver1 + $userldap.dn | Should -Be "dc=fgt,dc=power,dc=powerfgt" + $userldap.'secondary-server' | Should -Be $pester_userldapserver2 + } + + It "Add User LDAP Server $pester_userldap with tertiary-server" { + Add-FGTUserLDAP -Name $pester_userldap -server $pester_userldapserver1 -dn "dc=fgt,dc=power,dc=powerfgt" -secondary_server $pester_userldapserver2 -tertiary_server $pester_userldapserver3 + $userldap = Get-FGTUserLDAP -name $pester_userldap + $userldap.name | Should -Be $pester_userldap + $userldap.server | Should -Be $pester_userldapserver1 + $userldap.dn | Should -Be "dc=fgt,dc=power,dc=powerfgt" + $userldap.'secondary-server' | Should -Be $pester_userldapserver2 + $userldap.'tertiary-server' | Should -Be $pester_userldapserver3 + } + + It "Add User LDAP Server $pester_userldap with cnid" { + Add-FGTUserLDAP -Name $pester_userldap -server $pester_userldapserver1 -dn "dc=fgt,dc=power,dc=powerfgt" -cnid sAMAccountName + $userldap = Get-FGTUserLDAP -name $pester_userldap + $userldap.name | Should -Be $pester_userldap + $userldap.server | Should -Be $pester_userldapserver1 + $userldap.dn | Should -Be "dc=fgt,dc=power,dc=powerfgt" + $userldap.cnid | Should -Be "sAMAccountName" + } + + It "Add User LDAP Server $pester_userldap with type simple" { + Add-FGTUserLDAP -Name $pester_userldap -server $pester_userldapserver1 -dn "dc=fgt,dc=power,dc=powerfgt" -type simple + $userldap = Get-FGTUserLDAP -name $pester_userldap + $userldap.name | Should -Be $pester_userldap + $userldap.server | Should -Be $pester_userldapserver1 + $userldap.dn | Should -Be "dc=fgt,dc=power,dc=powerfgt" + $userldap.type | Should -Be "simple" + } + + It "Add User LDAP Server $pester_userldap with type anonymous" { + Add-FGTUserLDAP -Name $pester_userldap -server $pester_userldapserver1 -dn "dc=fgt,dc=power,dc=powerfgt" -type anonymous + $userldap = Get-FGTUserLDAP -name $pester_userldap + $userldap.name | Should -Be $pester_userldap + $userldap.server | Should -Be $pester_userldapserver1 + $userldap.dn | Should -Be "dc=fgt,dc=power,dc=powerfgt" + $userldap.type | Should -Be "anonymous" + } + + It "Add User LDAP Server $pester_userldap with type regular" { + Add-FGTUserLDAP -Name $pester_userldap -server $pester_userldapserver1 -dn "dc=fgt,dc=power,dc=powerfgt" -type regular -username powerfgt -password $pester_userldappassword + $userldap = Get-FGTUserLDAP -name $pester_userldap + $userldap.name | Should -Be $pester_userldap + $userldap.server | Should -Be $pester_userldapserver1 + $userldap.dn | Should -Be "dc=fgt,dc=power,dc=powerfgt" + $userldap.type | Should -Be "regular" + $userldap.username | Should -Be "powerfgt" + } + + It "Add User LDAP Server $pester_userldap with secure connection disabled" { + Add-FGTUserLDAP -Name $pester_userldap -server $pester_userldapserver1 -dn "dc=fgt,dc=power,dc=powerfgt" -secure disable + $userldap = Get-FGTUserLDAP -name $pester_userldap + $userldap.name | Should -Be $pester_userldap + $userldap.server | Should -Be $pester_userldapserver1 + $userldap.dn | Should -Be "dc=fgt,dc=power,dc=powerfgt" + $userldap.secure | Should -Be "disable" + } + + It "Add User LDAP Server $pester_userldap with secure connection starttls" { + Add-FGTUserLDAP -Name $pester_userldap -server $pester_userldapserver1 -dn "dc=fgt,dc=power,dc=powerfgt" -secure starttls + $userldap = Get-FGTUserLDAP -name $pester_userldap + $userldap.name | Should -Be $pester_userldap + $userldap.server | Should -Be $pester_userldapserver1 + $userldap.dn | Should -Be "dc=fgt,dc=power,dc=powerfgt" + $userldap.secure | Should -Be "starttls" + } + + It "Add User LDAP Server $pester_userldap with secure connection ldaps" { + Add-FGTUserLDAP -Name $pester_userldap -server $pester_userldapserver1 -dn "dc=fgt,dc=power,dc=powerfgt" -secure ldaps + $userldap = Get-FGTUserLDAP -name $pester_userldap + $userldap.name | Should -Be $pester_userldap + $userldap.server | Should -Be $pester_userldapserver1 + $userldap.dn | Should -Be "dc=fgt,dc=power,dc=powerfgt" + $userldap.secure | Should -Be "ldaps" + $userldap.port | Should -Be "636" + } + + It "Add User LDAP Server $pester_userldap with port 10389 and secure connection to ldaps via -data" { + $data = @{ "port" = "10389" ; "secure" = "ldaps" } + Add-FGTUserLDAP -Name $pester_userldap -server $pester_userldapserver1 -dn "dc=fgt,dc=power,dc=powerfgt" -data $data + $userldap = Get-FGTUserLDAP -name $pester_userldap + $userldap.name | Should -Be $pester_userldap + $userldap.server | Should -Be $pester_userldapserver1 + $userldap.dn | Should -Be "dc=fgt,dc=power,dc=powerfgt" + $userldap.secure | Should -Be "ldaps" + $userldap.port | Should -Be "10389" + } + + It "Try to Add User LDAP Server $pester_userldap (but there is already a object with same name)" { + #Add first userldap + Add-FGTUserLDAP -Name $pester_userldap -server $pester_userldapserver1 -dn "dc=fgt,dc=power,dc=powerfgt" + #Add Second userldap with same name + { Add-FGTUserLDAP -Name $pester_userldap -server $pester_userldapserver1 -dn "dc=fgt,dc=power,dc=powerfgt" } | Should -Throw "Already a LDAP Server using the same name" + } + + } + +} + +<#Describe "Configure User Ldap" { + + Context "Change name, email, MFA, etc" { + + BeforeAll { + Add-FGTUserLDAP -Name $pester_userldap -passwd $pester_userldappassword + } + + It "Change status User Ldap" { + Get-FGTUserLDAP -name $pester_userldap | Set-FGTuserldap -status + $userldap = Get-FGTUserLDAP -name $pester_userldap + $userldap.name | Should -Be $pester_userldap + $userldap.status | Should -Be "enable" + $userldap.'email-to' | Should -BeNullOrEmpty + $userldap.'two-factor' | Should -Be "disable" + } + + It "Change email to" { + Get-FGTUserLDAP -name $pester_userldap | Set-FGTuserldap -email_to "powerfgt@power.fgt" + $userldap = Get-FGTUserLDAP -name $pester_userldap + $userldap.name | Should -Be $pester_userldap + $userldap.status | Should -Be "disable" + $userldap.'email-to' | Should -Be "powerfgt@power.fgt" + $userldap.'two-factor' | Should -Be "disable" + } + + It "Enable MFA by email" { + Get-FGTUserLDAP -name $pester_userldap | Set-FGTuserldap -two_factor email + $userldap = Get-FGTUserLDAP -name $pester_userldap + $userldap.name | Should -Be $pester_userldap + $userldap.status | Should -Be "disable" + $userldap.'email-to' | Should -Be "powerfgt@power.fgt" + $userldap.'two-factor' | Should -Be "email" + } + + It "Change Name" { + Get-FGTUserLDAP -name $pester_userldap | Set-FGTuserldap -name "pester_userldap_change" + $userldap = Get-FGTUserLDAP -name "pester_userldap_change" + $userldap.name | Should -Be "pester_userldap_change" + $userldap.status | Should -Be "disable" + $userldap.'email-to' | Should -Be "powerfgt@power.fgt" + $userldap.'two-factor' | Should -Be "email" + } + + It "Change email to with -data" { + $data = @{ "email-to" = "powerfgt@power.fgt" } + Get-FGTUserLDAP -name "pester_userldap_change" | Set-FGTuserldap -data $data + $userldap = Get-FGTUserLDAP -name "pester_userldap_change" + $userldap.name | Should -Be "pester_userldap_change" + $userldap.status | Should -Be "disable" + $userldap.'email-to' | Should -Be "powerfgt@power.fgt" + $userldap.'two-factor' | Should -Be "email" + } + + AfterAll { + Get-FGTUserLDAP -name "pester_userldap_change" | Remove-FGTUserLDAP -confirm:$false + } + + } +} +#> +Describe "Remove User Ldap" { + + Context "local" { + + BeforeEach { + Add-FGTUserLDAP -Name $pester_userldap -server $pester_userldapserver1 -dn "dc=fgt,dc=power,dc=powerfgt" + } + + It "Remove User Ldap $pester_userldap by pipeline" { + $userldap = Get-FGTUserLDAP -name $pester_userldap + $userldap | Remove-FGTUserLDAP -confirm:$false + $userldap = Get-FGTUserLDAP -name $pester_userldap + $userldap | Should -Be $NULL + } + + } + +} + +AfterAll { + Disconnect-FGT -confirm:$false +} \ No newline at end of file