aci

package module
v0.0.0-alpha.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 27, 2023 License: MIT Imports: 11 Imported by: 0

README

go-aci

Go Report Card GoDoc Software License

Overview

Package aci implements the complete ACIv3 syntax in a vendor-agnostic manner with rich features.

Status

This package is in its early stages, and is undergoing active development. It should NOT be used in any production capacity at this time.

License

The aci (go-aci) package, from http://github.com/JesseCoretta/go-aci, is available under the terms of the MIT license. For further details, see the LICENSE file within the aforementioned repository.

Documentation

Overview

Package aci implements the complete ACIv3 syntax in a vendor-agnostic manner with rich features.

Status

This package is in its early stages, and is undergoing active development. It should NOT be used in any mission-critical capacity at this time. At the moment, this package is primarily intended for R&D, PoCs and other scenarios in which risk is minimal or nonexistent.

About ACIs

An ACI (access control instruction) is a directive that is used to disclose or withhold information based on a predefined set of conditions, as well as control the abilities of users with varying levels of granularity. Within the spirit of this package, the ACI syntax is a means for securing information within an X.500/LDAP directory, and is supported by multiple directory products on the market today.

Implementation Compatibility Notice

The ACIv3 syntax, though largely the same across the multiple supporting directory products that have adopted it, does have a few variations in terms of available keywords and features. Though this is not a comprehensive list, a few of these cases are listed below:

• Target Rule scoping, through the targetscope keyword

• Bind Rule roles, through the roledn keyword

• Group attribute-based value matching, through the groupattr keyword

• LDAP Extended Operation OID definitions, through the extop keyword

• LDAP Control OID definitions, through the targetcontrol keyword

• Rights definitions, such as Import and Export

• Permitted 'levels' for inheritance value matching

This package aims to support *ALL* of the facets of the ACIv3 syntax without exception. Users will need to verify, however, that any ACI definitions generated -- in part or in whole as a result of using this package -- are compatible with their particular X.500/LDAP product; check the docs!

License

The aci (go-aci) package, from http://github.com/JesseCoretta/go-aci, is available under the terms of the MIT license. For further details, see the LICENSE file within the aforementioned repository.

Features

• Intuitive: well-documented with numerous examples

• Efficient: a package-wide cyclomatic complexity factor limit of nine (9) is imposed; the imported go-stackage and go-objectid packages both exercise similar criteria.

• Convenient: a Fluent design is implemented where possible, allowing the chaining of certain command sequences

• Compatible: package design encompasses the facets of the ACIv3 specification as a whole, as opposed to catering to any specific directory product implementation

• Flexible: ACI composition can be approached in a variety of ways, without enforcing any particular style; for example, parenthetical encapsulation can be enabled or disabled for select (and eligible) type instances when desired, or set globally

• Bidirectional: parsers process text ACIs into proper type-based instances defined in this package; conversely, these same types can be used to "manually assemble" ACIs without the need for said text definitions

Marshaling and Unmarshaling

This package (internally) implements an ANTLR4 parsing subsystem to facilitate the marshaling of ACI textual definitions.

Within the terms of this package, marshaling is defined through a process that reads the user-provided textual ACI definition, parses the components and generates a proper instance of the package-provided Instruction type.

Conversely, unmarshaling is defined through a process that generates a textual ACI definition based upon the contexts of a preexisting Instruction type instance.

Potential Use Cases

This package could conceivably be used in any of the following scenarios:

• For Directory security audits that pertain to, or include, access control review

• For Directory personnel in charge of authoring and/or managing rich documentation

• For Directory personnel who desire a means to author and/or manage sets of ACIs in a more programmatic / automated manner, perhaps with the aid of a templating system

• For use as an access control framework within an actual (Go-based) Directory System Agent implementation that honors the ACI syntax

• For generalized experimentation within the realm of Directory System Agent access control design and even penetration testing

Limitations

The go-aci package (straight out of the box, so to speak) is not an access control decision-making framework unto itself -- that particular functionality would reside in the X.500/LDAP server to be protected *through the use of ACIs*.

However this package could be leveraged to CRAFT such a framework, given all of the syntax-defined types are made available to the end user. If users wish to approach this concept, they are advised to leverage the underlying go-stackage Stack type's methods for implementing evaluatory capabilities, such as attribute value assertion checks and the like. This would conceivably allow the use of matchingRule and ldapSyntax operations that precede attribute value disclosure/withholding.

Another limitation is the lack of comprehensive LDAP Search Filter parsing and decompilation into Rule instances. For the moment, any user-provided LDAP Search Filter (i.e.: when crafting a `targetfilter` Target Rule) is taken at face-value and is NOT verified. This will be improved in the near future, at which point an LDAP Search Filter string value shall be interrogated, deconstructed verified and recomposed into (potentially nested) Rule instances correctly (or will return a meaningful error).

Users who wish to verify filter values for any reason are advised to make use of the (most excellent!) LDAP Search Filter decompiling capabilities found within the go-ldap/ldap package. To learn more, see https://github.com/go-ldap/ldap.

Quotation Schemes

Another trait of this package's flexibility is the ability to handle either of the following quotation schemes when parsing or building rule statements that reference a multi-valued expression: 

"value" || "value" || "value" ...

"value || value || value" ...

In particular, these sorts of quotation schemes appear in the following Target/Bind rule scenarios:

• targetattr Target Rules for lists of LDAP attribute types

• target, target_to and target_from Target Rule distinguished names

• userdn and groupdn Bind Rule distinguished names

• extop and targetcontrol Target Rule ASN.1 object identifiers

Users are advised to honor the quotation scheme recommended by their vendor or product documentation. This package aims to support either of the above schemes with no variance in the end result, but has no official position as to which of these schemes should be honored by the user.

Contribution Encouraged

The ACIv3 syntax is fairly complex, rendering its innate flexibility akin to a double-edged sword. As such there may be errors, or concepts overlooked by the author within this package. Users are STRONGLY ENCOURAGETO SPEAK UP if they perceive a feature or some behavioral trait of the package to be suboptimal or incomplete in some manner.

See https://github.com/JesseCoretta/go-aci/issues for all bug reports -- past and present -- as well as a means to file new ones.

Words of Warning

The concept of access control -- whether related to the security of databases or not -- is an extremely critical component of effective cybersecurity design as a whole. Permissions, such as ACIs, should never be implemented in an untested or cavalier fashion. Breaches associated with poor access control models can destroy companies, end careers and maybe even endanger human lives.

Though this package can reduce much of the tedium associated with directory security through the use of permissions, it can just as easily generate completely bogus rules that will have the opposite intended effect. Even worse, it may generate rules that may expose sensitive DIT content!

Those who choose to leverage this package are strongly advised to triple-check their work. Make no assumptions. Take no unnecessary risks. TEST. TEST. TEST and then TEST some more!

Another area of risk is the disposition (or lack thereof) regarding so-called "ACI Best Practices", which do vary across the various supporting directory products on the market. Users uncertain as to the best approach for a desired action are strongly advised to ask their vendor, or consult an appropriate online community forum.

By now, it is likely obvious this package aims to provide everything one could possibly need to compose an ACI. However, this package does not discriminate ACIs that may be overtly "broad" in their influence or entry-matching potential.

One such example of this is careless use of the negated equality operator (!=), which (when used improperly) can disclose myriad attribute values unintentionally. This particular case is well-documented in vendor manuals for supporting directory products (likely for legal CYA reasons). Users are advised to LEARN the syntax well enough to know when to take such risks.

Index

Examples

Constants

View Source 
const (
	// MultivalOuterQuotes represents the default quotation style
	// used by this package. In cases where a multi-valued BindRule
	// or TargetRule expression involving LDAP distinguished names,
	// ASN.1 Object Identifiers (in dot notation) and LDAP Attribute
	// Type names is being created, this constant will enforce only
	// outer-most double-quotation of the whole sequence of values.
	//
	// Example: keyword = "<val> || <val> || <val>"
	//
	// This constant may be fed to the SetQuoteStyle method that is
	// extended through eligible types.
	MultivalOuterQuotes = 0

	// MultivalSliceQuotes represents an alternative quotation scheme
	// offered by this package. In cases where a multi-valued BindRule
	// or TargetRule expression involving LDAP distinguished names,
	// ASN.1 Object Identifiers (in dot notation) and LDAP Attribute
	// Type names is being created, this constant shall disable outer
	// most quotation and will, instead, quote individual values. This
	// will NOT enclose symbolic OR (||) delimiters within quotations.
	//
	// Example: keyword = "<val>" || "<val>" || "<val>"
	//
	// This constant may be fed to the SetQuoteStyle method that is
	// extended through eligible types.
	MultivalSliceQuotes = 1
)
View Source 
const (
	Eq stackage.ComparisonOperator = stackage.Eq // 0x1, "Equal To"
	Ne stackage.ComparisonOperator = stackage.Ne // 0x2, "Not Equal to"     !! USE WITH CAUTION !!
	Lt stackage.ComparisonOperator = stackage.Lt // 0x3, "Less Than"
	Le stackage.ComparisonOperator = stackage.Le // 0x4, "Less Than Or Equal"
	Gt stackage.ComparisonOperator = stackage.Gt // 0x5, "Greater Than"
	Ge stackage.ComparisonOperator = stackage.Ge // 0x6, "Greater Than Or Equal"
)

ComparisonOperator constants defined within the stackage package are aliased within this package for convenience, without the need for user-invoked stackage package import.

View Source 
const Version float32 = 3.0

Version defines the ACI syntax version number implemented by this package.

Variables

View Source 
var AuthMethodLowerCase bool

AuthMethodLowerCase allows control over the case folding of AuthMethod string representation.

A value of true shall force lowercase normalization, while a value of false (default) forces uppercase normalization.

View Source 
var ConditionPadding bool = true

ConditionPadding is a global variable that will be applies to ALL Condition instances assembled during package operations. This is a convenient alternative to manually invoking the NoPadding method on a case-by-case basis.

Padding is enabled by default, and can be disabled here globally, or overridden for individual Condition instances as needed.

Note that altering this value will not impact instances that were already created; this only impacts the creation of new instances.

View Source 
var RulePadding bool = true

RulePadding is a global variable that will be applies to ALL Rule instances assembled during package operations. This is a convenient alternative to manually invoking the NoPadding method on a case by case basis.

Padding is enabled by default, and can be disabled here globally, or overridden for individual Rule instances as needed.

Note that altering this value will not impact instances that were already created; this only impacts the creation of new instances.

Functions

This section is empty.

Types

type AttributeBindTypeOrValue 

type AttributeBindTypeOrValue struct {
	BindKeyword // BindUAT or BindGAT keywords only!
	// contains filtered or unexported fields
}

AttributeBindTypeOrValue contains a statement of the following syntax: 

<AttributeName>#<BindType -OR- AttributeValue>

Instances of this type are used in certain Bind Rules, particularly those that involve user-attribute or group-attribute keywords.

func GAT 

func GAT(x ...any) AttributeBindTypeOrValue

GAT (Group-Attribute Name + Bind Type -OR- Attribute Value) returns an initialized instance of AttributeBindTypeOrValue configured for rules that leverage the `groupattr` Bind Rule keyword.

func UAT 

func UAT(x ...any) AttributeBindTypeOrValue

UAT (User-Attribute Name + Bind Type -OR- Attribute Value) returns an initialized instance of AttributeBindTypeOrValue configured for rules that leverage the `userattr` Bind Rule keyword.

func (AttributeBindTypeOrValue) Eq 

func (r AttributeBindTypeOrValue) Eq() BindRule

Eq initializes and returns a new BindRule instance configured to express the evaluation of the receiver value as Equal-To a `userattr` or `groupattr` Bind keyword context.

func (AttributeBindTypeOrValue) IsZero 

func (r AttributeBindTypeOrValue) IsZero() bool

IsZero returns a boolean value indicative of whether the receiver is nil, or unset.

func (AttributeBindTypeOrValue) Ne 

func (r AttributeBindTypeOrValue) Ne() BindRule

Ne initializes and returns a new BindRule instance configured to express the evaluation of the receiver value as Not-Equal-To a `userattr`, `groupattr` Bind keyword context.

Negated equality BindRule instances should be used with caution.

func (*AttributeBindTypeOrValue) Set 

func (r *AttributeBindTypeOrValue) Set(x ...any) *AttributeBindTypeOrValue

Set assigns value(s) x to the receiver. The value(s) must be AttributeType and/or AttributeValue instances, created via the package-level AT and AV functions respectively.

func (AttributeBindTypeOrValue) String 

func (r AttributeBindTypeOrValue) String() (s string)

String is a stringer method that returns the string representation of the receiver.

type AttributeFilter 

type AttributeFilter struct {
	// contains filtered or unexported fields
}

AttributeFilter is a struct type that embeds an AttributeTyp and filter-style Rule. Instances of this type are a component in the creation of Target Rule definitions based upon the targattrfilters keyword.

func AF 

func AF(x ...any) AttributeFilter

AF initializes, optionally sets and returns a new instance of AttributeFilter, which is a critical component of the `targattrfilters` Target Rule.

Input values must be either a SearchFilter or an AttributeType.

func (AttributeFilter) IsZero 

func (r AttributeFilter) IsZero() bool

IsZero returns a boolean value indicative of whether the receiver is nil, or unset.

func (*AttributeFilter) Set 

func (r *AttributeFilter) Set(x ...any) *AttributeFilter

Set assigns the provided address component to the receiver and returns the receiver instance in fluent-form.

Multiple values can be provided in variadic form, or piecemeal.

func (AttributeFilter) String 

func (r AttributeFilter) String() string

String is a stringer method that returns the string representation of the receiver instance.

func (AttributeFilter) Valid 

func (r AttributeFilter) Valid() (err error)

Valid returns an error indicative of whether the receiver is in an aberrant state.

type AttributeFilterOperation 

type AttributeFilterOperation stackage.Stack

AttributeFilterOperation is a stackage.Stack type alias used to store Target Attribute Filters expressions, specifically those used within TargetRule instances bearing the `targattrfilters` TargetRule keyword context.

See also the AttributeFilterOperations type and its methods.

func AFO 

func AFO() AttributeFilterOperation

AFO returns a freshly initialized instance of AttributeFilterOperation, configured to store one (1) or more AttributeFilter instances for the purpose of crafting TargetRule instances which bear the `targattrfilters` keyword context.

Instances of this design are not generally needed elsewhere.

Values are automatically ANDed using stackage.And() in symbol (&&) mode.

func (AttributeFilterOperation) Category 

func (r AttributeFilterOperation) Category() string

func (AttributeFilterOperation) Eq 

func (r AttributeFilterOperation) Eq() TargetRule

Eq initializes and returns a new TargetRule instance configured to express the evaluation of the receiver value as Equal-To a `targattrfilters` keyword context.

func (AttributeFilterOperation) Index 

func (r AttributeFilterOperation) Index(idx int) (slice any)

Index wraps go-stackage's Stack.Index method. Note that the Boolean OK value returned by go-stackage by default will be shadowed and not obtainable by the caller.

func (AttributeFilterOperation) IsZero 

func (r AttributeFilterOperation) IsZero() bool

IsZero wraps go-stackage's Stack.IsZero method.

func (AttributeFilterOperation) Len 

func (r AttributeFilterOperation) Len() int

Len wraps go-stackage's Stack.Len method.

func (AttributeFilterOperation) Ne 

func (r AttributeFilterOperation) Ne() TargetRule

Ne performs no useful task, as negated equality comparison does not apply to TargetRule instances that bear the `targattrfilters` keyword context.

This method exists solely to convey this message and conform to Go's interface qualifying signature. When executed, this method will return a bogus TargetRule.

func (AttributeFilterOperation) Operation 

func (r AttributeFilterOperation) Operation() AttributeOperation

Operation returns AddOp or DelOp as extracted from the receiver's categorical label. If invalid, an invalid AttributeOperation value is returned.

func (AttributeFilterOperation) Pop 

func (r AttributeFilterOperation) Pop() (af AttributeFilter)

Pop wraps go-stackage's Stack.Pop method.

func (AttributeFilterOperation) Push 

func (r AttributeFilterOperation) Push(x any) AttributeFilterOperation

Push wraps go-stackage's Stack.Push method.

func (AttributeFilterOperation) String 

func (r AttributeFilterOperation) String() string

String is a stringer method that returns the string representation of the receiver instance.

type AttributeFilterOperations 

type AttributeFilterOperations stackage.Stack

func AFOs 

func AFOs() AttributeFilterOperations

AFOs returns a freshly initialized instance of AttributeFilterOperations, configured to store one (1) or more AttributeFilterOperation instances for the purpose of crafting TargetRule instances which bear the `targattrfilters` keyword context.

Instances of this design are not generally needed elsewhere.

Values are automatically joined using stackage.List() with JoinDelim for comma delimitation.

func (AttributeFilterOperations) Eq 

func (r AttributeFilterOperations) Eq() TargetRule

Eq initializes and returns a new TargetRule instance configured to express the evaluation of the receiver value as Equal-To a `targattrfilters` keyword context.

func (AttributeFilterOperations) Index 

func (r AttributeFilterOperations) Index(idx int) (x AttributeFilterOperation)

Index wraps go-stackage's Stack.Index method. Note that the Boolean OK value returned by go-stackage by default will be shadowed and not obtainable by the caller.

func (AttributeFilterOperations) IsZero 

func (r AttributeFilterOperations) IsZero() bool

IsZero wraps go-stackage's Stack.IsZero method.

func (AttributeFilterOperations) Len 

func (r AttributeFilterOperations) Len() int

Len wraps go-stackage's Stack.Len method.

func (AttributeFilterOperations) Ne 

func (r AttributeFilterOperations) Ne() TargetRule

Ne performs no useful task, as negated equality comparison does not apply to TargetRule instances that bear the `targattrfilters` keyword context.

This method exists solely to convey this message and conform to Go's interface qualifying signature. When executed, this method will return a bogus TargetRule.

func (AttributeFilterOperations) Pop 

func (r AttributeFilterOperations) Pop() (slice any)

Pop wraps go-stackage's Stack.Pop method.

func (AttributeFilterOperations) Push 

func (r AttributeFilterOperations) Push(x any) AttributeFilterOperations

Push wraps go-stackage's Stack.Push method.

func (AttributeFilterOperations) SetDelimMode 

func (r AttributeFilterOperations) SetDelimMode(i int) AttributeFilterOperations

SetDelimMode controls the delimitation scheme employed by the receiver.

Some vendors use semicolon (ASCII #59) for delimitation. This can be achieved using an integer value of one (1) to execute this method.

Other vendors use a comma (ASCII #44) for delimitation. This is the default, but can be set using any integer other than one (1).

func (AttributeFilterOperations) String 

func (r AttributeFilterOperations) String() string

String is a stringer method that returns the string representation of the receiver instance.

type AttributeOperation 

type AttributeOperation uint8

AttributeOperation defines either an Add Operation or a Delete Operation.

Constants of this type are used in AttributeFilters instances. 

const (
	AddOp AttributeOperation // add=
	DelOp                    // delete=
)

AttributeOperation constants are used to initialize and return AttributeFilters instances based on one (1) of the possible two (2) constants defined below.

func (AttributeOperation) AFO 

func (r AttributeOperation) AFO(x ...AttributeFilter) (afo AttributeFilterOperation)

AFs returns an instance of AttributeFilters based upon the input AttributeFilter instances.

The instance of AttributeFilters contains an ANDed Rule instance using symbols (`&&`) and bears the categorical string label of `attrfilters`.

func (AttributeOperation) Mode 

func (r AttributeOperation) Mode() string

Mode returns one (1) of the following string values, indicating the operational disposition of the receiver:

• `add`

• `delete`

See the AttributeOperation constants for details.

func (AttributeOperation) String 

func (r AttributeOperation) String() string

String is a stringer method that returns the string representation of the receiver instance.

type AttributeType 

type AttributeType struct {
	// contains filtered or unexported fields
}

AttributeType embeds a pointer value that reflects a single AttributeType name such as `manager` or `cn`.

func AT 

func AT(x string) (A AttributeType)

AT initializes, sets and returns an AT instance in one shot. The input value x shall be a string attributeType name (e.g.: `manager`).

func (AttributeType) Eq 

func (r AttributeType) Eq() TargetRule

Eq initializes and returns a new TargetRule instance configured to express the evaluation of the receiver value as Equal-To a `targetattr` keyword context.

func (AttributeType) IsZero 

func (r AttributeType) IsZero() bool

IsZero returns a boolean value indicative of whether the receiver is nil, or unset.

func (AttributeType) Ne 

func (r AttributeType) Ne() TargetRule

Ne initializes and returns a new TargetRule instance configured to express the evaluation of the receiver value as Not-Equal-To a `targetattr` keyword context.

Negated equality TargetRule instances should be used with caution.

func (AttributeType) String 

func (r AttributeType) String() (s string)

String returns the string representation of the underlying value within the receiver. The return value shall reflect an attributeType name, such as `manager` or `cn`.

type AttributeTypes 

type AttributeTypes stackage.Stack

AttributeTypes is an alias type for stackage.Stack, and is intended to house one (1) or more AttributeType instances for the purpose of expression within a BindRule or TargetRule instance.

func TAs 

func TAs() (a AttributeTypes)

TAs returns a freshly initialized instance of AttributeTypes, configured to store one (1) or more AttributeType instances for the purpose of TargetRule expression when using the `targetattr` keyword context.

Values are automatically delimited using stackage.Stack.Symbol(`||`) in an ORed Boolean stack.

Example

This example demonstrates how to create a Target Attributes Rule using a list of AttributeType instances. 

attrs := TAs().Push(
	AT(`cn`),
	AT(`sn`),
	AT(`givenName`),
)
fmt.Printf("%s", attrs)

Output:

cn || sn || givenName

func UAs 

func UAs() (a AttributeTypes)

UAs returns a freshly initialized instance of AttributeTypes, configured to store one (1) or more AttributeType instances for the purpose of LDAP Search URI specification of desired AttributeType names. Instances of this design are not generally needed elsewhere.

Values are automatically comma-delimited using stackage.Stack.JoinDelim in List mode.

func (AttributeTypes) Contains 

func (r AttributeTypes) Contains(x any) bool

Contains returns a boolean value indicative of whether value x, if a string or AttributeType instance, already resides within the receiver instance.

Case is not significant in the matching process.

func (AttributeTypes) Eq 

func (r AttributeTypes) Eq() TargetRule

Eq initializes and returns a new TargetRule instance configured to express the evaluation of the receiver value as Equal-To a `targetattr` keyword context.

Example (TargetAttributes)

This example demonstrates how to create a Target Attributes Rule Equality Condition using a list of AttributeType instances. 

attrs := TAs().Push(
	AT(`cn`),
	AT(`sn`),
	AT(`givenName`),
)
fmt.Printf("%s", attrs.Eq())

Output:

( targetattr = "cn || sn || givenName" )

func (AttributeTypes) Index 

func (r AttributeTypes) Index(idx int) (x AttributeType)

Index wraps go-stackage's Stack.Index method. Note that the Boolean OK value returned by go-stackage by default will be shadowed and not obtainable by the caller.

func (AttributeTypes) IsZero 

func (r AttributeTypes) IsZero() bool

IsZero wraps go-stackage's Stack.IsZero method.

func (AttributeTypes) Kind 

func (r AttributeTypes) Kind() string

Kind wraps go-stackage's Stack.Category method for the purpose of identifying the context of the receiver instance.

func (AttributeTypes) Len 

func (r AttributeTypes) Len() int

Len wraps go-stackage's Stack.Len method.

func (AttributeTypes) Ne 

func (r AttributeTypes) Ne() TargetRule

Ne initializes and returns a new TargetRule instance configured to express the evaluation of the receiver value as Not-Equal-To a `targetattr` keyword context.

Negated equality TargetRule instances should be used with caution.

func (AttributeTypes) Pop 

func (r AttributeTypes) Pop() (x AttributeType)

Pop wraps go-stackage's Stack.Pop method.

func (AttributeTypes) Push 

func (r AttributeTypes) Push(x ...any) AttributeTypes

Push wraps go-stackage's Stack.Push method. Valid input types are string and AttributeType. In the case of a string value, it is automatically cast as an instance of AttributeType, so long as the raw string is of a non-zero length.

func (AttributeTypes) String 

func (r AttributeTypes) String() string

String is a stringer method that returns the string representation of the receiver instance.

This method wraps go-stackage's Stack.String method.

type AttributeValue 

type AttributeValue struct {
	// contains filtered or unexported fields
}

AttributeValue embeds a pointer value that reflects an attributeType assertion value.

func AV 

func AV(x string) (A AttributeValue)

AV initializes, sets and returns an AttributeValue instance in one shot. The input value x shall be a known BindType constant, such as USERDN, OR a raw string attributeType value, such as `uid=bob,ou=People,dc=example,dc=com`.

func (AttributeValue) String 

func (r AttributeValue) String() (s string)

String returns the string representation of the underlying value within the receiver. The return value should be either an attributeType assertion value, or one (1) of the five (5) possible BindType identifiers (e.g.: USERDN).

type AuthMethod 

type AuthMethod uint8

AuthMethod is a uint8 type that manifests through predefined package constants, each describing a supported means of LDAP authentication. 

const (
	Anonymous AuthMethod // 0
	Simple               // 1
	SSL                  // 2
	SASL                 // 3
	EXTERNAL             // 4
	DIGESTMD5            // 5
	GSSAPI               // 6
)

AuthMethod contants define the available LDAP authentication mechanisms that are recognized within the ACI syntax honored by this package.

NOTE: Supported SASL mechanisms vary per impl.

func (AuthMethod) Eq 

func (r AuthMethod) Eq() BindRule

Eq initializes and returns a new BindRule instance configured to express the evaluation of the receiver value as Equal-To the `authmethod` Bind keyword context.

Example 
fmt.Printf("%s", SASL.Eq())

Output:

authmethod = "SASL"

func (AuthMethod) Ne 

func (r AuthMethod) Ne() BindRule

Ne initializes and returns a new BindRule instance configured to express the evaluation of the receiver value as Not-Equal-To the `authmethod` Bind keyword context.

Example 
fmt.Printf("%s", Anonymous.Ne())

Output:

authmethod != "NONE"

func (AuthMethod) String 

func (r AuthMethod) String() (am string)

String is a stringer method that returns the string representation of the receiver instance.

type BindContext 

type BindContext interface {
	// String returns the string representation of the
	// receiver instance.
	String() string

	// Keyword returns the BindKeyword, enveloped as a
	// Keyword interface value. If the receiver is an
	// instance of BindRule, the value is derived from
	// the Keyword method. If the receiver is an instance
	// of BindRules, the value is derived (and resolved)
	// using the Category method.
	Keyword() Keyword

	// IsZero returns a Boolean value indicative of the
	// receiver instance being nil, or unset.
	IsZero() bool

	// Len returns the integer length of the receiver.
	// Only meaningful when run on BindRules instances.
	Len() int

	// IsNesting returns a Boolean value indicative of
	// whether the receiver contains a stack as a value.
	// Only meaningful when run on BindRules instances.
	IsNesting() bool

	// Category will report `bind` in all scenarios.
	Category() string

	// Kind will report `stack` for a BindRules instance, or
	// `condition` for a BindRule instance
	Kind() string
	// contains filtered or unexported methods
}

BindContext is a convenient interface type that is qualified by the following types:

• BindRule

• BindRules

The qualifying methods shown below are intended to make the handling of a structure of (likely nested) BindRules instances slightly easier without an absolute need for type assertion at every step. These methods are inherently read-only in nature and represent only a subset of the available methods exported by the underlying qualifier types.

To alter the underlying value, or to gain access to all of a given type's methods, type assertion shall be necessary.

type BindDistinguishedName 

type BindDistinguishedName struct {
	// contains filtered or unexported fields
}

BindDistinguishedName describes a single LDAP distinguished name. For example: 

ou=People,dc=example,dc=com

For efficiency reasons, the LDAP "local scheme" prefix (ldap:///) is not stored in literal form within any DistinguishedName instance, however it will appear during string representation operations, e.g.: 

ldap:///ou=People,dc=example,dc=com

Instances of this kind can be crafted using the DN package-level function with the appropriate Bind keyword as the input argument:

• DN(<dn>, BindUDN) for a `userdn` Distinguished Name

• DN(<dn>, BindGDN) for a `groupdn` Distinguished Name

• DN(<dn>, BindRDN) for a `roledn` Distinguished Name

In order to fashion multi-valued BindRule instances using instances of this type, they must reside within an appropriate stack type instance. See the BindDistinguishedNames and TargetDistinguishedNames types for details. 

var (
	// LocalScheme is the localhost-implicit scheme prefix for a DN. For security
	// reasons, the LDAP scheme should never be non-local within the context of an
	// ACI (even if proxy operations are involved). For instance:
	//
	//   ldap://ldap.example.com/ou=People,dc=example,dc=com??one?(objectClass=*) // BAD
	//
	//   ldap:///ou=People,dc=example,dc=com??one?(objectClass=*) // GOOD
	//
	// This constant is automatically used in any request related to the string
	// representation of DistinguishedName instances. It is exported and visible
	// to users for reference purposes only, and generally need not be accessed
	// directly.
	LocalScheme = `ldap:///`

	// AllDN is the BindRule abstraction of all *known user* DNs; this does not imply ANONYMOUS DNs
	AllDN BindDistinguishedName

	// AnyDN is the BindRule abstraction of all user DNs, known or anonymous
	AnyDN BindDistinguishedName

	// SelfDN is the BindRule abstraction of a user's own DN
	SelfDN BindDistinguishedName

	// ParentDN is the BindRule abstraction of a user's superior DN
	ParentDN BindDistinguishedName
)

Commonly-used distinguished name expression preambles.

func GDN 

func GDN(x string) BindDistinguishedName

GDN initializes, sets and returns an instance of DistinguishedName in one shot.

An LDAP distinguished name, in string form and WITHOUT the leading `ldap:///` scheme, is required.

The return value shall be suitable for use in creating a Bind Rule Condition that bears the `groupdn` keyword.

func RDN 

func RDN(x string) BindDistinguishedName

RDN initializes, sets and returns an instance of DistinguishedName in one shot.

An LDAP distinguished name, in string form and WITHOUT the leading `ldap:///` scheme, is required.

The return value shall be suitable for use in creating a Bind Rule Condition that bears the `roledn` keyword.

func UDN 

func UDN(x string) BindDistinguishedName

UDN initializes, sets and returns an instance of DistinguishedName in one shot.

An LDAP distinguished name, in string form and WITHOUT the leading `ldap:///` scheme, is required.

The return value shall be suitable for use in creating a Bind Rule Condition that bears the `userdn` keyword.

func (BindDistinguishedName) Eq 

func (r BindDistinguishedName) Eq() BindRule

Eq initializes and returns a new BindRule instance configured to express the evaluation of the receiver value as Equal-To one (1) of the following keyword contexts:

• `userdn`

• `groupdn`

• `roledn`

func (BindDistinguishedName) IsZero 

func (r BindDistinguishedName) IsZero() bool

IsZero returns a boolean value indicative of whether the receiver is considered nil, or unset.

func (BindDistinguishedName) Keyword 

func (r BindDistinguishedName) Keyword() Keyword

Keyword returns the Keyword (interface) assigned to the receiver instance. This shall be the keyword that appears in a BindRule bearing the receiver as a condition value.

func (BindDistinguishedName) Kind 

func (r BindDistinguishedName) Kind() string

Kind returns the string name `bind`.

func (BindDistinguishedName) Ne 

func (r BindDistinguishedName) Ne() BindRule

Ne initializes and returns a new BindRule instance configured to express the evaluation of the receiver value as Not-Equal-To one (1) of the following keyword contexts:

• `userdn`

• `groupdn`

• `roledn`

func (BindDistinguishedName) String 

func (r BindDistinguishedName) String() string

String is a stringer method that returns the string representation of the receiver instance.

The Local LDAP scheme (ldap:///) is automatically imposed during the string representation of the value; this is required by the ACIv3 syntax.

func (BindDistinguishedName) Valid 

func (r BindDistinguishedName) Valid() (err error)

Valid returns an instance of error that reflects whether certain required elements or value combinations were present and deemed valid. A non-nil error indicates an undesirable receiver state.

type BindDistinguishedNames 

type BindDistinguishedNames stackage.Stack

BindDistinguishedNames is an alias type for stackage.Stack, and is intended to house one (1) or more DistinguishedName instances for the purpose of expression within a BindRule instance.

func GDNs 

func GDNs() (d BindDistinguishedNames)

GDNs returns a new instance of BindDistinguishedNames with an initialized embedded stack configured to function as a simple ORed list containing a single level of LDAP distinguished names. The BindGDN (groupdn) keyword is automatically assigned to the return value.

Only valid instances of BindDistinguishedName which bear the BindGDN keyword are to be considered eligible for push requests. If the input value is a string, it will be accepted and properly branded with the keyword.

See also the UDNs and RDNs functions for BindUDN and BindRDN keywords respectively.

func RDNs 

func RDNs() (d BindDistinguishedNames)

RDNs returns a new instance of BindDistinguishedNames with an initialized embedded stack configured to function as a simple ORed list containing a single level of LDAP distinguished names. The BindRDN (roledn) keyword is automatically assigned to the return value.

Only valid instances of BindDistinguishedName which bear the BindRDN keyword are to be considered eligible for push requests. If the input value is a string, it will be accepted and properly branded with the keyword.

See also the UDNs and GDNs functions for BindUDN and BindGDN keywords respectively.

func UDNs 

func UDNs() (d BindDistinguishedNames)

UDNs returns a new instance of BindDistinguishedNames with an initialized embedded stack configured to function as a simple ORed list containing a single level of LDAP distinguished names. The BindUDN (userdn) keyword is automatically assigned to the return value.

Only valid instances of BindDistinguishedName which bear the BindUDN keyword are to be considered eligible for push requests. If the input value is a string, it will be accepted and properly branded with the keyword.

See also the RDNs and GDNs functions for BindRDN and BindGDN keywords respectively.

func (BindDistinguishedNames) Category 

func (r BindDistinguishedNames) Category() string

Category wraps go-stackage's Stack.Category method.

func (BindDistinguishedNames) Contains 

func (r BindDistinguishedNames) Contains(x any) bool

Contains returns a boolean value indicative of whether value x, if a string or BindDistinguishedName instance, already resides within the receiver instance.

Case is not significant in the matching process.

func (BindDistinguishedNames) Eq 

func (r BindDistinguishedNames) Eq() BindRule

Eq initializes and returns a new BindRule instance configured to express the evaluation of the receiver value as Equal-To one (1) of the following keyword contexts:

• `userdn`

• `groupdn`

• `roledn`

func (BindDistinguishedNames) ID 

func (r BindDistinguishedNames) ID() string

ID wraps go-stackage's Stack.ID method.

func (BindDistinguishedNames) Index 

func (r BindDistinguishedNames) Index(idx int) BindDistinguishedName

Index wraps go-stackage's Stack.Index method. Note that the Boolean OK value returned by go-stackage's Stack.Index method by default will be shadowed and not obtainable by the caller.

func (BindDistinguishedNames) IsZero 

func (r BindDistinguishedNames) IsZero() bool

IsZero wraps go-stackage's Stack.IsZero method.

func (BindDistinguishedNames) Keyword 

func (r BindDistinguishedNames) Keyword() Keyword

Keyword returns the Keyword (interface) assigned to the receiver instance. This shall be the keyword that appears in a BindRule bearing the receiver as a condition value.

func (BindDistinguishedNames) Len 

func (r BindDistinguishedNames) Len() int

Len wraps go-stackage's Stack.Len method.

func (BindDistinguishedNames) Ne 

func (r BindDistinguishedNames) Ne() BindRule

Ne initializes and returns a new BindRule instance configured to express the evaluation of the receiver value as Not-Equal-To one (1) of the following keyword contexts:

• `userdn`

• `groupdn`

• `roledn`

Negated equality BindRule instances should be used with caution.

func (BindDistinguishedNames) Pop 

func (r BindDistinguishedNames) Pop() BindDistinguishedName

Pop wraps go-stackage's Stack.Pop method and performs type assertion to return a proper BindDistinguishedName instance.

func (BindDistinguishedNames) Push 

func (r BindDistinguishedNames) Push(x ...any) BindDistinguishedNames

Push wraps go-stackage's Stack.Push method. Valid input types are string and BindDistinguishedName.

In the case of a string value, it is automatically cast as an instance of BindDistinguishedName using the appropriate keyword, so long as the raw string is of a non-zero length.

func (BindDistinguishedNames) String 

func (r BindDistinguishedNames) String() string

String is a stringer method that returns the string representation of the receiver instance.

This method wraps go-stackage's Stack.String method.

type BindKeyword 

type BindKeyword uint8

BindKeyword contains the value describing a particular Bind Keyword to be used within a Bind Rule. 

const (
	BindUDN BindKeyword // `userdn`
	BindRDN             // `roledn`
	BindGDN             // `groupdn`
	BindUAT             // `userattr`
	BindGAT             // `groupattr`
	BindIP              // `ip`
	BindDNS             // `dns`
	BindDoW             // `dayofweek`
	BindToD             // `timeofday`
	BindAM              // `authmethod`
	BindSSF             // `ssf`
)

BindKeyword constants are intended for singular use within a Bind Rule condition.

func (BindKeyword) Kind 

func (r BindKeyword) Kind() string

Kind returns the string name for the kind of underlying Keyword (`bind`).

func (BindKeyword) String 

func (r BindKeyword) String() (k string)

String is a stringer method that returns the string representation of the receiver instance of Bind Rule Keyword.

type BindRule 

type BindRule stackage.Condition

BindRule is a stackage.Condition type alias intended to represent a single Bind Rule; that is, one (1) Bind Rule keyword, one (1) comparison operator and one (1) or more string values (called an 'expression').

For example: 

ssf >= "128"

Instances of this type may be assembled manually by users, or may be created logically as a result of textual parsing. Users may also want to use convenient Eq, Ne, Gt, Ge, Lt, and Le methods extended through various types (as permitted) for simplicity.

Instances of this type shall appear within BindRules instances and may or may not be parenthetical.

func ParseBindRule 

func ParseBindRule(raw string) (BindRule, error)

ParseBindRule returns an instance of Condition alongside an error instance.

The returned Condition instance shall contain

func (BindRule) Category 

func (r BindRule) Category() string

Category wraps go-stackage's Stack.Category method.

func (BindRule) Expression 

func (r BindRule) Expression() any

Expression wraps go-stackage's Condition.Expression method.

func (BindRule) ID 

func (r BindRule) ID() string

ID wraps go-stackage's Stack.ID method.

func (BindRule) IsNesting 

func (r BindRule) IsNesting() bool

IsNesting does not perform any useful task, and exists only to satisfy Go's interface signature requirements and to convey this message.

A Boolean value of false is returned in any scenario.

func (BindRule) IsZero 

func (r BindRule) IsZero() bool

IsZero wraps go-stackage's Condition.IsZero method.

func (BindRule) Keyword 

func (r BindRule) Keyword() Keyword

Keyword wraps go-stackage's Condition.Keyword method and resolves the raw value into a BindKeyword. Failure to do so will return a bogus Keyword.

func (BindRule) Kind 

func (r BindRule) Kind() string

Kind returns the string literal `condition` to identify the receiver as a stackage.Condition type alias.

func (BindRule) Len 

func (r BindRule) Len() int

Len does not perform any useful task, and exists only to satisfy Go's interface signature requirements and to convey this message.

An integer value of one (1) is returned in any scenario.

func (BindRule) Operator 

func (r BindRule) Operator() stackage.Operator

Operator wraps go-stackage's Condition.Operator method.

func (BindRule) Paren 

func (r BindRule) Paren(state ...bool) BindRule

Paren wraps go-stackage's Condition.Paren method.

func (*BindRule) SetExpression 

func (r *BindRule) SetExpression(expr any)

SetExpression wraps go-stackage's Condition.SetExpression method.

func (*BindRule) SetKeyword 

func (r *BindRule) SetKeyword(kw any)

SetKeyword wraps go-stackage's Condition.SetKeyword method.

func (*BindRule) SetOperator 

func (r *BindRule) SetOperator(op stackage.ComparisonOperator)

SetOperator wraps go-stackage's Condition.SetOperator method.

func (BindRule) String 

func (r BindRule) String() string

String is a stringer method that returns the string representation of the receiver instance.

This method wraps go-stackage's Condition.String method.

func (BindRule) Valid 

func (r BindRule) Valid() (err error)

Valid wraps go-stackage's Condition.Valid method.

type BindRules 

type BindRules stackage.Stack

BindRules is a stackage.Stack type alias intended to store and express one (1) or more Bind Rule statements, with or without nesting and (at least usually) bound by Boolean logical WORD operators 'AND', 'OR' and 'AND NOT'.

For example: 

ssf >= "128" AND ip = "192.168.*"

Instances of this type may be assembled manually by users, or may be created logically as a result of textual parsing. There are also some convenient operator-specific methods available (And() for 'AND', Or() for 'OR' and Not() for 'AND NOT'.

func And 

func And() (b BindRules)

And returns an instance of Rule configured to express Boolean AND logical operations. Instances of this design contain BindContext instances, which are qualified through instances of the following types:

• BindRule

• BindRules

The embedded type within the return is stackage.Stack via the go-stackage package's And function.

func Not 

func Not() (b BindRules)

Not returns an instance of Rule configured to express Boolean NOT logical operations. Instances of this design contain BindContext instances, which are qualified through instances of the following types:

• BindRule

• BindRules

The embedded type within the return is stackage.Stack via the go-stackage package's Not function.

func Or 

func Or() (b BindRules)

Or returns an instance of Rule configured to express Boolean OR logical operations. Instances of this design contain BindContext instances, which are qualified through instances of the following types:

• BindRule

• BindRules

The embedded type within the return is stackage.Stack via the go-stackage package's Or function.

func ParseBindRules 

func ParseBindRules(raw string) (BindRules, error)

ParseBindRules returns an instance of Rule alongside an error instance.

The returned Rule instance shall contain a complete hierarchical stack structure that represents the abstract rule (raw) input by the user.

func Timeframe 

func Timeframe(notBefore, notAfter TimeOfDay) (window BindRules)

Timeframe is a convenience function that returns a BindRules instance for the purpose of expressing a timeframe during which access may (or may not) be granted. This is achieved by combining the two (2) TimeOfDay input values in a Boolean "AND stack".

The notBefore input value defines the so-called "start" of the timeframe. It should be chronologically earlier than notAfter. This value will be used to craft a Greater-Than-Or-Equal (Ge) BindRule expressive statement.

The notAfter input value defines the so-called "end" of the timeframe. It should be chronologically later than notBefore. This value will be used to craft a Less-Than (Lt) BindRule expressive statement.

Example

This example demonstrates the creation of a timeframe BindRules instance using the convenient Timeframe package-level function.

The return value is a Boolean AND stack object containing the start (notBefore) and end (notAfter) TimeOfDay instances. 

notBefore := ToD(`1730`)
notAfter := ToD(`2400`)
tfr := Timeframe(notBefore, notAfter).Paren(true)
fmt.Printf("%s", tfr)

Output:

( timeofday >= "1730" AND timeofday < "2400" )

func (BindRules) Category 

func (r BindRules) Category() string

Category wraps go-stackage's Stack.Category method.

func (BindRules) Fold 

func (r BindRules) Fold(state ...bool) BindRules

Fold wraps go-stackage's Stack.Fold method to allow the case folding of logical Boolean 'AND', 'OR' and 'AND NOT' WORD operators to 'and', 'or' and 'and not' respectively, or vice versa.

func (BindRules) ID 

func (r BindRules) ID() string

ID wraps go-stackage's Stack.ID method.

func (BindRules) Index 

func (r BindRules) Index(idx int) BindContext

Index wraps go-stackage's Stack.Index method.

func (BindRules) IsNesting 

func (r BindRules) IsNesting() bool

IsNesting wraps go-stackage's Stack.IsNesting method.

func (BindRules) IsZero 

func (r BindRules) IsZero() bool

IsZero wraps go-stackage's Stack.IsZero method.

func (BindRules) Keyword 

func (r BindRules) Keyword() Keyword

Keyword wraps go-stackage's Stack.Category method and resolves the raw value into a BindKeyword. Failure to do so will return a bogus Keyword.

func (BindRules) Kind 

func (r BindRules) Kind() string

Kind returns the string literal `stack` to identify the receiver as a stackage.Stack type alias.

func (BindRules) Len 

func (r BindRules) Len() int

Len wraps go-stackage's Stack.Len method.

func (BindRules) NoPadding 

func (r BindRules) NoPadding(state ...bool) BindRules

NoPadding wraps go-stackage's Stack.NoPadding method.

func (BindRules) Paren 

func (r BindRules) Paren(state ...bool) BindRules

Paren wraps go-stackage's Stack.Paren method.

func (BindRules) Pop 

func (r BindRules) Pop() BindContext

Pop wraps go-stackage's Stack.Pop method. An instance of BindContext, which may or may not be nil, is returned following a call of this method.

Within the context of the receiver type, a BindContext, if non-nil, can represent any of the following instance types:

• BindRule

• BindRules

func (BindRules) Push 

func (r BindRules) Push(x ...BindContext) BindRules

Push wraps go-stackage's Stack.Push method.

func (BindRules) ReadOnly 

func (r BindRules) ReadOnly(state ...bool) BindRules

ReadOnly wraps go-stackage's Stack.ReadOnly method.

func (BindRules) String 

func (r BindRules) String() string

String is a stringer method that returns the string representation of the receiver instance.

This method wraps go-stackage's Stack.String method.

func (BindRules) Traverse 

func (r BindRules) Traverse(indices ...int) (any, bool)

Traverse wraps go-stackage's Stack.Traverse method.

func (BindRules) Valid 

func (r BindRules) Valid() (err error)

Valid wraps go-stackage's Stack.Valid method.

type BindType 

type BindType uint8

BindType describes one (1) of five (5) possible keywords used in certain Bind Rule *Condition values:

• USERDN

• GROUPDN

• ROLEDN

• SELFDN

• LDAPURL 

const (
	USERDN BindType
	GROUPDN
	ROLEDN
	SELFDN
	LDAPURL
)

BindType keyword constants are used in value matching definitions that utilizes either the UAT (userattr) or GAT (groupattr) BindKeyword constant within a BindRule *Condition instance.

func (BindType) String 

func (r BindType) String() (b string)

String is a stringer method that returns the string representation of the receiver instance of BindType.

type Day 

type Day uint8

Day represents the numerical abstraction of a single day of the week, such as Sunday (1). 

const (
	Sun  Day = 1 << iota // 1
	Mon                  // 2
	Tues                 // 4
	Wed                  // 8
	Thur                 // 16
	Fri                  // 32
	Sat                  // 64
)

Day constants can be shifted into an instance of DayOfWeek, allowing effective expressions such as "Sun,Tues". See the DayOfWeek.Set method.

func (Day) String 

func (r Day) String() (day string)

String is a stringer method that returns a single string name value for receiver instance of Day.

type DayOfWeek 

type DayOfWeek struct {
	// contains filtered or unexported fields
}

DayOfWeek contains embedded left-shifted bits that collectively represent one or more days of the week in a "dayofweek" Bind Rule condition.

func DoW 

func DoW(x ...any) (D DayOfWeek)

DoW initializes, shifts and returns a new instance of DayOfWeek in one shot. This function an alternative to separate assignment and set procedures.

Example 
fmt.Printf("%s", DoW(Thur, Sat))

Output:

Thur,Sat

func (DayOfWeek) Eq 

func (r DayOfWeek) Eq() BindRule

Eq initializes and returns a new BindRule instance configured to express the evaluation of the receiver value as Equal-To the `dayofweek` Bind keyword context.

func (DayOfWeek) IsZero 

func (r DayOfWeek) IsZero() bool

IsZero returns a boolean value indicative of whether the receiver is nil, or unset.

func (DayOfWeek) Ne 

func (r DayOfWeek) Ne() BindRule

Ne initializes and returns a new BindRule instance configured to express the evaluation of the receiver value as Not-Equal-To the `dayofweek` Bind keyword context.

Negated equality BindRule instances should be used with caution.

func (DayOfWeek) Positive 

func (r DayOfWeek) Positive(x Day) bool

Positive returns a boolean value indicative of whether the receiver instance of DayOfWeek includes Day x.

func (*DayOfWeek) Shift 

func (r *DayOfWeek) Shift(x Day) *DayOfWeek

Shift shifts the first (1st) byte within the receiver instance of DayOfWeek to include Day x, if not already present.

func (DayOfWeek) String 

func (r DayOfWeek) String() string

String is a stringer method that returns the string representation of the receiver instance. At least one Day's bits should register as positive in order for a valid string return to ensue.

func (*DayOfWeek) Unshift 

func (r *DayOfWeek) Unshift(x Day) *DayOfWeek

Unshift right-shifts the first (1st) byte within the receiver instance of DayOfWeek to remove Day x, if present.

func (DayOfWeek) Valid 

func (r DayOfWeek) Valid() (err error)

Valid returns a boolean value indicative of whether the receiver contains one or more valid bits representing known Day values. At least one Day must be positive within the receiver.

type FQDN 

type FQDN struct {
	// contains filtered or unexported fields
}

FQDN contains ordered domain labels that form a fully-qualified domain name.

func DNS 

func DNS(label ...string) FQDN

DNS initializes, sets and returns a new instance of FQDN in one shot. This function is an alternative to separate assignment and set procedures.

func (FQDN) Eq 

func (r FQDN) Eq() BindRule

Eq initializes and returns a new BindRule instance configured to express the evaluation of the receiver value as Equal-To the `dns` Bind keyword context.

Example 
var f FQDN = DNS()

// Can be set incrementally ...
f.Set(`www`)
f.Set(`example`)
f.Set(`com`)

// OR as a whole value ...
// f.Set(`www.example.com`)

fmt.Printf("%s", f.Eq())

Output:

dns = "www.example.com"
Example (OneShot) 
fmt.Printf("%s", DNS(`www.example.com`).Eq())

Output:

dns = "www.example.com"

func (FQDN) IsZero 

func (r FQDN) IsZero() bool

IsZero returns a boolean value indicative of whether the receiver is nil, or unset.

func (FQDN) Ne 

func (r FQDN) Ne() BindRule

Ne initializes and returns a new BindRule instance configured to express the evaluation of the receiver value as Not-Equal-To the `dns` Bind keyword context.

func (*FQDN) Set 

func (r *FQDN) Set(label ...string) *FQDN

Set appends one or more domain labels to the receiver. The total character length of a single label CANNOT exceed sixty-three (63) characters. When added up, all domain label instances present within the receiver SHALL NOT collectively exceed two hundred fifty-three (253) characters.

Valid characters within labels:

• a-z

• A-Z

• 0-9

• Hyphen ('-', limited to [1:length-1] slice range)

• Asterisk ('*', use with care for wildcard DNS-based ACI Bind Rule expressions)

• Full Stop ('.', see below for remarks on this character)

Users need not enter full stops (.) manually, given this method supports the use of variadic expressions, i.e.: 

Set(`www`,`example`,`com`)

However, should full stops (.) be used within input values: 

Set(`www.example.com`)

... the parser shall split the input into label components and add them to the receiver piecemeal in the intended order.

Please note that it is not necessary to include a NULL terminating full stop character (.) at the end (TLD?) of the intended FQDN

func (FQDN) String 

func (r FQDN) String() string

String is a stringer method that returns the string representation of a fully-qualified domain name.

func (FQDN) Valid 

func (r FQDN) Valid() (err error)

Valid returns a boolean value indicative of whether the receiver contents represent a legal fully-qualified domain name value.

type IPAddr 

type IPAddr struct {
	// contains filtered or unexported fields
}

IPAddr embeds slices of address values, allowing simple composition of flexible IP-based Bind Rule conditions.

func IP 

func IP(addr ...string) IPAddr

IP initializes, sets and returns a new instance of IPAddr in one shot. This function is an alternative to separate assignment and set procedures.

func (IPAddr) Eq 

func (r IPAddr) Eq() BindRule

Eq initializes and returns a new BindRule instance configured to express the evaluation of the receiver value as Equal-To the `ip` Bind keyword context.

Example (OneShot) 
fmt.Printf("%s", IP(`192.168.0`, `12.3.45.*`, `10.0.0.0/8`).Eq())

Output:

ip = "192.168.0,12.3.45.*,10.0.0.0/8"

func (IPAddr) IsZero 

func (r IPAddr) IsZero() bool

IsZero returns a boolean value indicative of whether the receiver is considered nil, or unset.

func (IPAddr) Len 

func (r IPAddr) Len() int

Len returns the integer length of the receiver instance.

func (IPAddr) Ne 

func (r IPAddr) Ne() BindRule

Ne initializes and returns a new BindRule instance configured to express the evaluation of the receiver value as Not-Equal-To the `ip` Bind keyword context.

Example 
var i IPAddr
i.Set(`192.168.0`).Set(`12.3.45.*`).Set(`10.0.0.0/8`)
fmt.Printf("%s", i.Ne().Paren())

Output:

( ip != "192.168.0,12.3.45.*,10.0.0.0/8" )

func (*IPAddr) Set 

func (r *IPAddr) Set(addr ...string) *IPAddr

Set assigns the provided address component to the receiver and returns the receiver instance in fluent-form.

Multiple values can be provided in variadic form, or piecemeal.

func (IPAddr) String 

func (r IPAddr) String() string

String is a stringer method that returns the string representation of an IP address.

type Inheritance 

type Inheritance struct {
	// contains filtered or unexported fields
}

Inheritance describes an inherited Bind Rule syntax, allowing access control over child entry enumeration below the specified parent.

func Inherit 

func Inherit(x AttributeBindTypeOrValue, lvl ...any) Inheritance

Inherit creates a new instance of Inheritance bearing the provided AttributeBindTypeOrValue instance, as well as zero (0) or more Level instances for shifting.

Example (GAT) 
attr := AT(`owner`)
gat := GAT(attr, USERDN)
inh := Inherit(gat, 3, 4)
fmt.Printf("%s", inh.Eq())

Output:

groupattr = "parent[3,4].owner#USERDN"
Example (UAT) 
attr := AT(`manager`)
uat := UAT(attr, AV(`uid=frank,ou=People,dc=example,dc=com`))
inh := Inherit(uat, 1, 3)
fmt.Printf("%s", inh.Eq())

Output:

userattr = "parent[1,3].manager#uid=frank,ou=People,dc=example,dc=com"
Example (USERDN) 
attr := AT(`manager`)
uat := UAT(attr, AV(`USERDN`))
inh := Inherit(uat, 0, 1, 2, 8)
fmt.Printf("%s", inh.Eq())

Output:

userattr = "parent[0,1,2,8].manager#USERDN"

func (Inheritance) Eq 

func (r Inheritance) Eq() BindRule

Eq initializes and returns a new BindRule instance configured to express the evaluation of the receiver value as Equal-To the `userattr` or `groupattr` Bind keyword context.

func (Inheritance) IsZero 

func (r Inheritance) IsZero() bool

IsZero returns a boolean value indicative of whether the receiver instance is nil, or unset.

func (Inheritance) Ne 

func (r Inheritance) Ne() BindRule

Ne initializes and returns a new BindRule instance configured to express the evaluation of the receiver value as Not-Equal-To the `userattr` or `groupattr` Bind keyword context.

func (Inheritance) Positive 

func (r Inheritance) Positive(x any) bool

Positive returns a boolean value indicative of whether the receiver instance of Levels includes Level x.

func (*Inheritance) Shift 

func (r *Inheritance) Shift(x ...any) *Inheritance

Shift shifts the receiver instance of Levels to include Level x, if not already present.

func (Inheritance) String 

func (r Inheritance) String() string

String is a stringer method that returns the string name value for receiver instance of Inheritance.

The return value(s) are enclosed within square-brackets, comma-delimited and prefixed with "parent".

func (*Inheritance) Unshift 

func (r *Inheritance) Unshift(x ...any) *Inheritance

Unshift right-shifts the receiver instance of Levels to remove Level x, if present.

func (Inheritance) Valid 

func (r Inheritance) Valid() (err error)

type Instruction 

type Instruction struct {
	// contains filtered or unexported fields
}

Instruction conforms to the ACI syntax specification associated with the Version constant value of this package.

Instances of this type, when represented in their string form, are intended for submission to an X.500/LDAP DSA for assignment (via the 'aci' LDAP Attribute Type) to the relevant directory entry.

Example (Build) 
// Make a target rule that encompasses any account
// with a DN syntax of "uid=<userid>,ou=People,dc=example,dc=com"
C := TDN(`uid=*,ou=People,dc=example,dc=com`).Eq()

// push into a new instance of Rule automatically
// configured to store Target Rule Condition instances.
tgt := TRs().Push(C)

// define a timeframe for our PermissionBindRule
// using two Condition instances
notBefore := ToD(`1730`).Ge()                    // Condition: greater than or equal to time
notAfter := ToD(`2400`).Lt()                     // Condition: less than time
brule := And().Paren().Push(notBefore, notAfter) // our actual bind rule expression

// Define the permission (rights).
perms := Allow(ReadAccess, CompareAccess, SearchAccess)

// Make our PermissionBindRule instance, which defines the
// granting of access within a particular timeframe.
pbrule := PBR(perms, brule)

// The ACI's effective name (should be unique within the directory)
acl := `Limit people access to timeframe`

// Finally, craft the Instruction instance
var i Instruction
i.Set(acl, tgt, pbrule)

fmt.Printf("%s", i)

Output:

( target = "ldap:///uid=*,ou=People,dc=example,dc=com" )(version 3.0; acl "Limit people access to timeframe"; allow(read,search,compare) ( timeofday >= "1730" AND timeofday < "2400" );)
Example (BuildNested) 
// Make a target rule that encompasses any account
// with a DN syntax of "uid=<userid>,ou=People,dc=example,dc=com"
C := TDN(`uid=*,ou=People,dc=example,dc=com`).Eq()

// push into a new instance of Rule automatically
// configured to store Target Rule Condition instances.
tgt := TRs().Push(C)

// create an ORed stack, pushing the two specified
// userdn equality conditions into its collection.
ors := Or().Paren().Push(
	UDN(`uid=jesse,ou=admin,dc=example,dc=com`).Eq(),
	UDN(`uid=courtney,ou=admin,dc=example,dc=com`).Eq(),
)

// create our AttributeBindTypeOrValue instance,
// setting the AttributeType as `ninja`, and the
// AttributeValue as `FALSE`
attr := AT(`ninja`)       // attributeType
aval := AV(`FALSE`)       // attributeValue
userat := UAT(attr, aval) // attributeBindTypeOrValue

// create a negated (NOT) stack, pushing
// our AttributeBindTypeOrValue BindRule
// (Eq()) instance into its collection.
// Also, make stack parenthetical.
nots := Not().Paren().Push(userat.Eq())

// define a timeframe for our PermissionBindRule
// using two Condition instances. Make both AND
// stacks parenthetical, and push our OR and NOT
// stacks defined above.
brule := And().Paren().Push(
	And().Paren().Push(
		ToD(`1730`).Ge(), // Condition: greater than or equal to time
		ToD(`2400`).Lt(), // Condition: less than time
	),
	ors,
	nots,
)

// Define the permission (rights).
perms := Allow(ReadAccess, CompareAccess, SearchAccess)

// Make our PermissionBindRule instance, which defines the
// granting of access within a particular timeframe.
pbr := PBR(perms, brule)

// The ACI's effective name (should be unique within the directory)
acl := `Limit people access to timeframe`

// Finally, craft the Instruction instance
var i Instruction
i.Set(acl, tgt, pbr)

fmt.Printf("%s", i)

Output:

( target = "ldap:///uid=*,ou=People,dc=example,dc=com" )(version 3.0; acl "Limit people access to timeframe"; allow(read,search,compare) ( ( timeofday >= "1730" AND timeofday < "2400" ) AND ( userdn = "ldap:///uid=jesse,ou=admin,dc=example,dc=com" OR userdn = "ldap:///uid=courtney,ou=admin,dc=example,dc=com" ) AND NOT ( userattr = "ninja#FALSE" ) );)

func ACI 

func ACI(x ...any) Instruction

ACI initializes, (optionally) sets and returns a new instance of the Instruction type.

Input values must conform to the following specifications per the intended field within the return instance:

• A non-zero string value shall be used for the effective Name, or "ACL"

• One (1) or more non-zero and unique PermissionBindRule instances

• One (1) or more non-zero and unique Condition instances bearing the `target` categorical label

Please note the following constraints for the name of the receiver:

• Value cannot be reset (i.e.: renamed)

• Value should not contain the "version <float>" statement, as that is imposed automatically during string representation procedures

func (Instruction) ACL 

func (r Instruction) ACL() (acl string)

ACL returns the access control label of the receiver, else a zero string if unset.

func (Instruction) IsZero 

func (r Instruction) IsZero() bool

IsZero returns a boolean value indicative of whether the receiver is nil, or unset.

func (Instruction) PBs 

func (r Instruction) PBs() (pbrs PermissionBindRules)

PB returns the PermissionBindRules found within the underlying receiver instance. Note that a bogus Rule is returned if the receiver is nil, or unset.

func (*Instruction) Set 

func (r *Instruction) Set(x ...any) *Instruction

Set assigns one (1) or more values to the receiver. The input value(s) must conform to the following conditions:

• If the value is a string, it shall become the immutable name (or "ACL") of a given Instruction instance; this value cannot be changed once set

• If the value is a TargetRule instance, it shall be appended to the receiver's TargetRules instance

• If the value is a TargetRules instance, it shall have all stack slice members appended to the receiver's TargetRules instance

• If the value is a PermissionBindRule, and if it is valid (i.e.: contains exactly one (1) valid Permission statement and exactly one (1) BindRules), it shall be appended to the receiver's PermissionBindRules stack

func (Instruction) String 

func (r Instruction) String() string

String is a stringer method that returns the string representation of the receiver instance.

func (Instruction) TRs 

func (r Instruction) TRs() (trs TargetRules)

T returns the Target Rule found within the underlying receiver instance. Note that a bogus Rule is returned if the receiver is nil, or unset.

func (Instruction) Valid 

func (r Instruction) Valid() (err error)

Valid returns an instance of error that reflects any perceived errors or deficiencies within the receiver instance.

type Instructions 

type Instructions stackage.Stack

func ACIs 

func ACIs() Instructions

ACIs initializes, optionally sets and returns a new instance of Instructions configured to store valid Instruction instances.

Note that the concept of a list of Instruction instances does not come from the ACIv3 syntax per se, and is implemented here merely for convenience. Use of this type is not required in any scenario.

type Keyword 

type Keyword interface {
	String() string
	Kind() string
}

Keyword describes the effective "type" within the context of a given Bind or Target Rule. The available keywords vary based on the rule type in which a given Keyword resides.

See the Keyword constants defined in this package for a complete list.

type LDAPURI 

type LDAPURI struct {
	// contains filtered or unexported fields
}

LDAPURI contains the components of a fully-qualified LDAP Search URI, including:

• An LDAP Distinguished Name

• An LDAP Search Scope

• An AttributeBindTypeOrValue

• A comma-delimited list of AttributeType names

• An LDAP Search Filter

func URI 

func URI(x ...any) LDAPURI

URI initializes, (optionally) sets and returns a new instance of LDAPURI, which represents a fully-qualified LDAP Search URI of the following syntax: 

scheme:///<dn>?<at[,...]>?<scope>?<filter>

As a practical example: 

ldap:///ou=People,dc=example,dc=com?sn,cn,givenName?one?(objectClass=*)

URIs of this format are used within UDN (userdn) and GDN (groupdn) Bind Rules.

Additionally, the ACI syntax specification honored by this package allows the use of an AttributeBindTypeOrValue instance INSTEAD of a comma-delimited list of attributeTypes, a search scope and a search filter: 

scheme:///<dn>?<atbtv>

As a practical example: 

ldap:///ou=People,dc=example,dc=com?owner#GROUPDN

Be advised that only UAT (userattr) Bind Rules will make use of this particular URI format. An instance of AttributeBindTypeOrValue submitted as a URI component bearing the GAT (groupattr) bind keyword will have this keyword IGNORED in favor of UAT automatically.

func (LDAPURI) Eq 

func (r LDAPURI) Eq() BindRule

Eq initializes and returns a new BindRule instance configured to express the evaluation of the receiver value as Equal-To one (1) of the following keyword contexts:

• `userdn` (Bind Rule)

• `userattr` (Bind Rule)

• `groupdn` (Bind Rule)

The appropriate keyword is automatically imposed based on the following scenarios:

• If an AttributeBindTypeOrValue (as created by UAT() package-level function) is set within the receiver, the keyword shall be BindUAT; this is regardless to the keyword assigned to the DistinguishedName instance.

• If an AttributeBindTypeOrValue is NOT set within the receiver, the keyword shall fallback to that which is found within the DistinguishedName assigned to the receiver; this keyword was set by the UDN() or GDN() package-level functions respectively during DistinguishedName creation.

func (LDAPURI) IsZero 

func (r LDAPURI) IsZero() bool

IsZero returns a boolean value indicative of whether the receiver is nil, or unset.

func (LDAPURI) Ne 

func (r LDAPURI) Ne() BindRule

Ne initializes and returns a new BindRule instance configured to express the evaluation of the receiver value as Not-Equal-To one (1) of the following keywords:

• `userdn` (Bind Rule)

• `userattr` (Bind Rule)

• `groupdn` (Bind Rule)

The appropriate keyword is automatically imposed based on the following scenarios:

• If an AttributeBindTypeOrValue (as created by UAT() package-level function) is set within the receiver, the keyword shall be BindUAT; this is regardless to the keyword assigned to the DistinguishedName instance.

• If an AttributeBindTypeOrValue is NOT set within the receiver, the keyword shall fallback to that which is found within the DistinguishedName assigned to the receiver; this keyword was set by the UDN() or GDN() package-level functions respectively during DistinguishedName creation.

Negated equality BindRule instances should be used with caution.

func (*LDAPURI) Set 

func (r *LDAPURI) Set(x ...any) *LDAPURI

Set assigns the provided instances to the receiver. The order in which instances are assigned to the receiver is immaterial. The semantics of type instance assignment are as follows:

• An instance of DistinguishedName will be set as the URI DN; this is ALWAYS required. Valid DN creator functions are UDN (userdn), and GDN (groupdn) for instances of this type.

• An instance of SearchScope shall be set as the URI Search Scope

• An instance of AttributeBindTypeOrValue shall be set as a component within the receiver. Please see a special remark below related to the use of instances of this type within LDAP URIs.

• An instance of Rule, IF it bears the categorical label string value of `attributes` (as branded using the Attrs package-level function), shall be set as the URI attribute(s) list. Note that a complete list will be appended to the receiver through iteration and is NOT used to clobber (or overwrite) any preexisting attribute list.

• An instance of []string is regarded the same as an instance of Rule bearing the categorical label string value of `attributes`. Instances of this type are allowed for convenience and because they can be read and preserved unambiguously. A []string instance should be used even if only one AttributeType (e.g.: `cn`) is requested.

• An instance of SearchFilter shall be set as the URI Search Filter. Please see a special remark below related to the use of instances of this type within LDAP URIs.

At no point will a string primitive be tolerated as an input value for any reason.

When an AttributeBindTypeOrValue is specified, an LDAP Search Filter MUST NOT BE SET, as it will supercede the AttributeBindTypeOrValue instance during string representation.

In short, choose:

• DN and AttributeType(s), Scope, Filter

... OR ...

• DN and AttributeBindTypeOrValue

func (LDAPURI) String 

func (r LDAPURI) String() string

String is a stringer method that returns the string representation of the receiver instance.

func (LDAPURI) Valid 

func (r LDAPURI) Valid() error

Valid returns an error instance in the event the receiver is in an aberrant state.

type Level 

type Level uint16

Level describes a discrete numerical abstract of a subordinate level. Level describes one (1) or more additive values of Level that collectively express the subordinate level condition within a given Bind Rule that involves inheritance.

Valid levels are level zero (0) through level nine (9), though this may vary across implementations. 

const (
	Level0 Level = 1 << iota //   1 - base  (0) (current Object)
	Level1                   //   2 - one   (1) level below baseObject
	Level2                   //   4 - two   (2) levels below baseObject
	Level3                   //   8 - three (3) levels below baseObject
	Level4                   //  16 - four  (4) levels below baseObject
	Level5                   //  32 - five  (5) levels below baseObject
	Level6                   //  64 - six   (6) levels below baseObject
	Level7                   // 128 - seven (7) levels below baseObject
	Level8                   // 256 - eight (8) levels below baseObject
	Level9                   // 512 - nine  (9) levels below baseObject

	AllLevels Level = Level(1023) // ALL levels; zero (0) through nine (9)
)

Level uint16 constants are left-shifted into an instance of Levels to define a range of vertical (depth) rule statements.

func (Level) String 

func (r Level) String() (lvl string)

String is a stringer method that returns a single string name value for receiver instance of Level.

type ObjectIdentifier 

type ObjectIdentifier struct {
	// contains filtered or unexported fields
}

ObjectIdentifier embeds an instance of go-objectid's DotNotation type.

Within the context of this package, instances of this type are used mainly for Target Rule definitions that bear the targetcontrol or extop keywords.

func Ctrl 

func Ctrl(x ...any) ObjectIdentifier

Ctrl initializes a new instance of ObjectIdentifier, which embeds an instance of go-objectid's DotNotation type.

Instances of this design are used in the creation of Target Rule Conditions that bear the `targetcontrol` keyword. OIDs produced as a result of this function are generally expected to be LDAP Control Object Identifiers.

Example

This example demonstrates the creation of a single LDAP Control Object Identifier, intended for use in the creation of targetcontrol TargetRule expressions. 

o := Ctrl(`1.3.6.1.4.1.56521.999.5`)
fmt.Printf("%s", o)

Output:

1.3.6.1.4.1.56521.999.5

func ExtOp 

func ExtOp(x ...any) ObjectIdentifier

ExtOp initializes a new instance of ObjectIdentifier, which embeds an instance of go-objectid's DotNotation type.

Instances of this design are used in the creation of Target Rule Conditions that bear the `extop` keyword. OIDs produced as a result of this function are generally expected to be LDAP Extended Operation Object Identifiers.

Example

This example demonstrates the creation of a single LDAP Extended Operation Object Identifier, intended for use in the creation of extop TargetRule expressions. 

o := ExtOp(`1.3.6.1.4.1.56521.999.5`)
fmt.Printf("%s", o)

Output:

1.3.6.1.4.1.56521.999.5

func OID 

func OID(x any, kw Keyword) ObjectIdentifier

OID returns a new instance of ObjectIdentifier. Instances of this type are used in the following scenarios:

• For appending (by Push) to an instance of ObjectIdentifers when crafting a multi-valued TargetRule instance containing a sequence of ObjectIdentifier instances, OR ...

• For use directly in creating a unary TargetRule instance

In either case, valid Target keyword contexts are `extop` and `targetcontrol`.

func (ObjectIdentifier) Eq 

func (r ObjectIdentifier) Eq() TargetRule

Eq initializes and returns a new TargetRule instance configured to express the evaluation of the receiver value as Equal-To an `extop` or `targetcontrol` keyword context.

func (ObjectIdentifier) IsZero 

func (r ObjectIdentifier) IsZero() bool

IsZero wraps go-objectid's DotNotation.IsZero method.

func (ObjectIdentifier) Ne 

func (r ObjectIdentifier) Ne() TargetRule

Ne initializes and returns a new TargetRule instance configured to express the evaluation of the receiver value as Not-Equal-To an `extop` or `targetcontrol` keyword context.

Negated equality TargetRule instances should be used with caution.

func (ObjectIdentifier) String 

func (r ObjectIdentifier) String() string

String wraps go-objectid's DotNotation.String method.

func (ObjectIdentifier) Valid 

func (r ObjectIdentifier) Valid() (err error)

Valid returns an instance of error in the event the receiver is in an aberrant state.

type ObjectIdentifiers 

type ObjectIdentifiers stackage.Stack

ObjectIdentifiers is an alias type for stackage.Stack, and is intended to house one (1) or more ObjectIdentifier instances for the purpose of expression within a TargetRule instance.

func Ctrls 

func Ctrls() (o ObjectIdentifiers)

Ctrls returns a freshly initialized instance of ObjectIdentifiers, configured to store one (1) or more ObjectIdentifier instances for the purpose of Target Rule expression when using the targetcontrol keyword.

Example

This example demonstrates the creation of a multi-valued targetcontrol (LDAP Control) Target Rule expression. 

// note: these are phony OIDs
o1 := Ctrl(`1.3.6.1.4.1.56521.999.5`)
o2 := Ctrl(`1.3.6.1.4.1.56521.999.7`)

// Initialize the stack (Ctrls) and
// immediately push o1 and o2.
ctrls := Ctrls().Push(o1, o2)

fmt.Printf("%s", ctrls.Eq())

Output:

( targetcontrol = "1.3.6.1.4.1.56521.999.5 || 1.3.6.1.4.1.56521.999.7" )

func ExtOps 

func ExtOps() (o ObjectIdentifiers)

ExtOps returns a freshly initialized instance of ObjectIdentifiers, configured to store one (1) or more ObjectIdentifier instances for the purpose of Target Rule expression when using the extop keyword.

Example

This example demonstrates the creation of a multi-valued extop (LDAP Extended Operation) Target Rule expression. 

// note: these are phony OIDs
o1 := ExtOp(`1.3.6.1.4.1.56521.999.5`)
o2 := ExtOp(`1.3.6.1.4.1.56521.999.7`)

// Initialize the stack (Ctrls) and
// immediately push o1 and o2.
exop := ExtOps().Push(o1, o2)

fmt.Printf("%s", exop.Eq())

Output:

( extop = "1.3.6.1.4.1.56521.999.5 || 1.3.6.1.4.1.56521.999.7" )
Example (AlternativeQuotationScheme)

This example demonstrates a similar scenario to the one described in the above example, but with an alternative means of quotation demonstrated. 

// Here we set double-quote encapsulation
// upon the Rule instance created by the
// ExtOps function.
ext := ExtOps().Push(
	// These aren't real control OIDs.
	ExtOp(`1.3.6.1.4.1.56521.999.5`),
	ExtOp(`1.3.6.1.4.1.56521.999.6`),
	ExtOp(`1.3.6.1.4.1.56521.999.7`),
)

fmt.Printf("%s", ext.Eq())

Output:

( extop = "1.3.6.1.4.1.56521.999.5 || 1.3.6.1.4.1.56521.999.6 || 1.3.6.1.4.1.56521.999.7" )

func (ObjectIdentifiers) Category 

func (r ObjectIdentifiers) Category() string

Category wraps go-stackage's Stack.Category method.

func (ObjectIdentifiers) Contains 

func (r ObjectIdentifiers) Contains(x any) bool

Contains returns a boolean value indicative of whether value x, if a string or ObjectIdentifier instance, already resides within the receiver instance.

Case is not significant in the matching process.

func (ObjectIdentifiers) Eq 

func (r ObjectIdentifiers) Eq() TargetRule

Eq initializes and returns a new TargetRule instance configured to express the evaluation of the receiver value as Equal-To an `extop` or `targetcontrol` keyword context.

func (ObjectIdentifiers) ID 

func (r ObjectIdentifiers) ID() string

ID wraps go-stackage's Stack.ID method.

func (ObjectIdentifiers) Index 

func (r ObjectIdentifiers) Index(idx int) (x ObjectIdentifier)

Index wraps go-stackage's Stack.Index method. Note that the Boolean OK value returned by go-stackage by default will be shadowed and not obtainable by the caller.

func (ObjectIdentifiers) IsZero 

func (r ObjectIdentifiers) IsZero() bool

IsZero wraps go-stackage's Stack.IsZero method.

func (ObjectIdentifiers) Keyword 

func (r ObjectIdentifiers) Keyword() Keyword

func (ObjectIdentifiers) Len 

func (r ObjectIdentifiers) Len() int

Len wraps go-stackage's Stack.Len method.

func (ObjectIdentifiers) Ne 

func (r ObjectIdentifiers) Ne() TargetRule

Ne initializes and returns a new TargetRule instance configured to express the evaluation of the receiver value as Not-Equal-To an `extop` or `targetcontrol` keyword context.

Negated equality TargetRule instances should be used with caution.

func (ObjectIdentifiers) Pop 

func (r ObjectIdentifiers) Pop() (x ObjectIdentifier)

Pop wraps go-stackage's Stack.Pop method.

func (ObjectIdentifiers) Push 

func (r ObjectIdentifiers) Push(x ...any) ObjectIdentifiers

Push wraps go-stackage's Stack.Push method.

func (ObjectIdentifiers) String 

func (r ObjectIdentifiers) String() string

String is a stringer method that returns the string representation of the receiver instance.

This method wraps go-stackage's Stack.String method.

type Permission 

type Permission struct {
	// contains filtered or unexported fields
}

Permission defines a level of access bestowed (or withheld) by an ACI.

func Allow 

func Allow(x ...any) Permission

Allow returns a granting Permission instance bearing the provided instances of Right.

Example

This example demonstrates the granting (allowance) of read, compare and search access. 

// allow read, compare and search privileges ...
G := Allow(ReadAccess, CompareAccess, SearchAccess)

// order is always fixed for string representation
// regardless of order-of-input ...
fmt.Printf("%s", G)

Output:

allow(read,search,compare)

func Deny 

func Deny(x ...any) Permission

Deny returns a withholding Permission instance bearing the provided instances of Right.

Example

This example demonstrates the withholding (denial) of all privileges except proxy. 

// deny everything (this does not include proxy privilege)
D := Deny(AllAccess)
fmt.Printf("%s", D)

Output:

deny(all)

func (Permission) Disposition 

func (r Permission) Disposition() string

Disposition returns the string disposition `allow` or 'deny', depending on the state of the receiver.

func (Permission) IsZero 

func (r Permission) IsZero() bool

IsZero returns a boolean value indicative of whether the receiver is nil, or unset.

func (Permission) Positive 

func (r Permission) Positive(x any) bool

Positive returns a boolean value indicative of whether a particular bit is positive (is set). Negation implies negative, or unset.

func (Permission) Shift 

func (r Permission) Shift(x any) Permission

Shift left-shifts the receiver instance to include Right x, if not already present.

func (Permission) String 

func (r Permission) String() string

String is a stringer method that returns the string representation of the receiver instance.

func (Permission) Unshift 

func (r Permission) Unshift(x any) Permission

Unshift right-shifts the receiver instance to remove Right x, if present.

func (Permission) Valid 

func (r Permission) Valid() (err error)

Valid returns a non-error instance if the receiver fails to pass basic validity checks.

type PermissionBindRule 

type PermissionBindRule struct {
	P Permission
	B BindRules
}

PB contains one (1) Permission instance and one (1) BindRules instance. Instances of this type are used to create top-level ACI Permission+Bind Rule pairs, of which at least one (1) is required in any given access control instructor definition.

Users may compose instances of this type manually, or using the PB package level function, which automatically invokes value checks.

func PBR 

func PBR(P Permission, B BindRules) (r PermissionBindRule)

PBR returns an instance of PermissionBindRule, bearing the Permission P and the Bind Rule B. The values P and B shall undergo validity checks per the conditions of the PermissionBindRule.Valid method automatically.

Instances of this kind are intended for submission (via Push) into instances of PermissionBindRules.

Generally, an ACI only has a single PermissionBindRule, though multiple instances of this type are allowed per the syntax specification honored by this package.

func (PermissionBindRule) Category 

func (r PermissionBindRule) Category() string

Category wraps go-stackage's Stack.Category method.

func (PermissionBindRule) ID 

func (r PermissionBindRule) ID() string

ID wraps go-stackage's Stack.ID method.

func (PermissionBindRule) IsZero 

func (r PermissionBindRule) IsZero() bool

func (PermissionBindRule) Kind 

func (r PermissionBindRule) Kind() string

func (PermissionBindRule) String 

func (r PermissionBindRule) String() string

String is a stringer method that returns the string representation of the receiver.

func (PermissionBindRule) Valid 

func (r PermissionBindRule) Valid() (err error)

Valid returns an error instance should any of the following conditions evaluate as true:

• Permission.Valid returns an error for P

• Rule.Valid returns an error for B

• Rule.Len returns zero (0) for B

type PermissionBindRules 

type PermissionBindRules stackage.Stack

PermissionBindRules is a stackage.Stack type alias used to store one (1) or more instances of PermissionBindRule. Instances of this kind are used in top-level Instruction (ACI) assembly.

func PBRs 

func PBRs() PermissionBindRules

PBRs returns a freshly initialized instance of PermissionBindRules, configured to store one (1) or more instances of PermissionBindRule.

Instances of this kind are used as a component in top-level Instruction (ACI) assembly.

func (PermissionBindRules) Category 

func (r PermissionBindRules) Category() string

Category wraps go-stackage's Stack.Category method.

func (PermissionBindRules) ID 

func (r PermissionBindRules) ID() string

Category wraps go-stackage's Stack.ID method.

func (PermissionBindRules) Index 

func (r PermissionBindRules) Index(idx int) (pbr PermissionBindRule)

Index wraps go-stackage's Stack.Index method and performs type assertion in order to return an instance of PermissionBindRule.

func (PermissionBindRules) IsZero 

func (r PermissionBindRules) IsZero() bool

IsZero wraps go-stackage's Stack.IsZero method.

func (PermissionBindRules) Len 

func (r PermissionBindRules) Len() int

Len wraps go-stackage's Stack.Len method.

func (PermissionBindRules) Pop 

func (r PermissionBindRules) Pop() (pbr PermissionBindRule)

Pop wraps go-stackage's Stack.Pop method. An instance of PermissionBindRule, which may or may not be nil, is returned following a call of this method.

Within the context of the receiver type, a PermissionBindRule, if non-nil, can only represent a PermissionBindRule instance.

func (PermissionBindRules) Push 

func (r PermissionBindRules) Push(x ...any) PermissionBindRules

Push wraps go-stackage's Stack.Push method.

func (PermissionBindRules) String 

func (r PermissionBindRules) String() string

String is a stringer method that returns the string representation of the receiver instance.

This method wraps go-stackage's Stack.String method.

func (PermissionBindRules) Valid 

func (r PermissionBindRules) Valid() (err error)

Valid wraps go-stackage's Stack.Valid method. 

type Right uint16

Right contains the specific bit value of a single user privilege. Constants of this type are intended for submission to the Permission.Shift, Permission.Unshift and Permission.Positive methods. 

const (
	ReadAccess      Right = 1 << iota // 1
	WriteAccess                       // 2
	AddAccess                         // 4
	DeleteAccess                      // 8
	SearchAccess                      // 16
	CompareAccess                     // 32
	SelfWriteAccess                   // 64
	ProxyAccess                       // 128
	ImportAccess                      // 256
	ExportAccess                      // 512

	NoAccess  Right = 0
	AllAccess Right = 895 // DOES NOT INCLUDE "proxy"
)

Right constants are discrete left-shifted privilege aggregates that can be used in an additive (or subtractive) manner to form a complete Permission.

func (Right) String 

func (r Right) String() (p string)

String is a stringer method that returns a single string name value for receiver instance of Right.

type SearchFilter 

type SearchFilter struct {
	// contains filtered or unexported fields
}

SearchFilter is a struct type that embeds an LDAP search filter. Instances of this type may be used in a variety of areas, from LDAPURI composition to targetfilter rules.

func Filter 

func Filter(x ...any) (r SearchFilter)

Filter initializes (and optionally sets) a new instance of SearchFilter. Instances of this kind are used in LDAPURIs, as well as certain target rules.

Example

This example demonstrates how to craft a Target Rule Condition bearing the `targetfilter` keyword and an LDAP Search Filter. 

tf := Filter(`(&(uid=jesse)(objectClass=*))`)
fmt.Printf("%s", tf.Eq())

Output:

( targetfilter = "(&(uid=jesse)(objectClass=*))" )

func (SearchFilter) Eq 

func (r SearchFilter) Eq() TargetRule

Eq initializes and returns a new TargetRule instance configured to express the evaluation of the receiver value as Equal-To a `targetfilter` Target Keyword context.

func (SearchFilter) IsZero 

func (r SearchFilter) IsZero() bool

IsZero returns a boolean value indicative of whether the receiver is nil, or unset.

func (SearchFilter) Ne 

func (r SearchFilter) Ne() TargetRule

Ne initializes and returns a new TargetRule instance configured to express the evaluation of the receiver value as Not-Equal-To a `targetfilter` Target Keyword context.

func (SearchFilter) Set 

func (r SearchFilter) Set(x ...any) SearchFilter

Set assigns the provided value as the LDAP Search Filter instance within the receiver. Note that this should only be done once, as filters cannot easily built "incrementally" by the user.

func (SearchFilter) String 

func (r SearchFilter) String() string

String is a stringer method that returns the string representation of an LDAP Search Filter.

type SearchScope 

type SearchScope uint8

SearchScope is a type definition used to represent one of the four (4) possible LDAP Search Scope types that are eligible for use within the ACI syntax specification honored by this package.

SearchScope constants are generally used for crafting TargetRule instances that bear the `targetscope` keyword, as well as for crafting fully-qualified LDAP Search URIs.

See the SearchScope constants defined in this package for specific scopes available. 

const (
	BaseObject  SearchScope // 0x0, `base`
	SingleLevel             // 0x1, `one` or `onelevel`
	Subtree                 // 0x2, `sub` or `subtree`
	Subordinate             // 0x3, `subordinate`
)

SearchScope constants define four (4) known LDAP Search Scopes permitted for use per the ACI syntax specification honored by this package.

func Scope 

func Scope(x any) (s SearchScope)

Scope initializes, sets and returns an instance of SearchScope in one shot. Valid input types are as follows:

• Standard scope names as string values (e.g.: `base`, `sub`, `subtree` and others)

• Integer representations of scopes (see the predefined SearchScope constants for details)

This function may only be needed in certain situations where a scope needs to be parsed from values with different representations. Usually the predefined SearchScope constants are sufficient.

func (SearchScope) Eq 

func (r SearchScope) Eq() TargetRule

Eq initializes and returns a new TargetRule instance configured to express the evaluation of the receiver value as Equal-To an `targetscope` keyword context.

Example (TargetScopeOneLevel)

This example demonstrates how to craft a Target Scope Rule Condition for a onelevel Search Scope. 

fmt.Printf("%s", SingleLevel.Eq())

Output:

( targetscope = "onelevel" )

func (SearchScope) Ne 

func (r SearchScope) Ne() TargetRule

Ne performs no useful task, as negated equality comparison does not apply to TargetRule instances that bear the `targetscope` keyword.

This method exists solely to convey this message and to conform to Go's interface type qualifier requirements. When executed, this method returns a bogus TargetRule instance.

func (SearchScope) String 

func (r SearchScope) String() string

String is a stringer method that returns the string representation of the receiver. In this particular case, the more succinct and standard string variant is returned, e.g.: `one` for SingleLevel. This will normally be used within LDAPURI instances.

See the SearchScope.Target method for Target Rule related scope names.

func (SearchScope) Target 

func (r SearchScope) Target() string

Target is a stringer method that returns the string representation of the receiver.

This method is primarily intended for creation of a new `targetscope`-style TargetRule instance, and is executed automatically during that process.

type SecurityStrengthFactor 

type SecurityStrengthFactor struct {
	// contains filtered or unexported fields
}

SecurityStrengthFactor embeds a pointer to uint8. A nil uint8 value indicates an effective security strength factor of zero (0). A non-nil uint8 value expresses uint8 + 1, thereby allowing a range of 0-256 "within" a uint8 instance.

func SSF 

func SSF(factor ...any) SecurityStrengthFactor

SSF initializes, sets and returns a new instance of SecurityStrengthFactor in one shot. This function is an alternative to separate assignment and set procedures.

Example 
// convenient alternative to "var X SecurityStrengthFactor, X.Set(...) ..."
fmt.Printf("%s", SSF(128))

Output:

128
Example (SetLater) 
s := SSF() // this is functionally the same ...
// var s SecurityStrengthFactor // ... as this.

// ... later in your code ...

fmt.Printf("%s", s.Set(127))

Output:

127

func (SecurityStrengthFactor) Eq 

func (r SecurityStrengthFactor) Eq() BindRule

Eq initializes and returns a new BindRule instance configured to express the evaluation of the receiver value as Equal-To the `ssf` Bind keyword context.

Example 
var s SecurityStrengthFactor
fmt.Printf("%s", s.Set(128).Eq().Paren())

Output:

( ssf = "128" )

func (SecurityStrengthFactor) Ge 

func (r SecurityStrengthFactor) Ge() BindRule

Ge initializes and returns a new BindRule instance configured to express the evaluation of the receiver value as Greater-Than-Or-Equal to the `ssf` Bind keyword context.

func (SecurityStrengthFactor) Gt 

func (r SecurityStrengthFactor) Gt() BindRule

Gt initializes and returns a new BindRule instance configured to express the evaluation of the receiver value as Greater-Than the `ssf` Bind keyword context.

func (SecurityStrengthFactor) IsZero 

func (r SecurityStrengthFactor) IsZero() bool

IsZero returns a boolean value indicative of whether the receiver is nil, or unset.

func (SecurityStrengthFactor) Le 

func (r SecurityStrengthFactor) Le() BindRule

Le initializes and returns a new BindRule instance configured to express the evaluation of the receiver value as Less-Than-Or-Equal to the `ssf` Bind keyword context.

func (SecurityStrengthFactor) Lt 

func (r SecurityStrengthFactor) Lt() BindRule

Lt initializes and returns a new BindRule instance configured to express the evaluation of the receiver value as Less-Than the `ssf` Bind keyword context.

func (SecurityStrengthFactor) Ne 

func (r SecurityStrengthFactor) Ne() BindRule

Ne initializes and returns a new BindRule instance configured to express the evaluation of the receiver value as Not-Equal-To the `ssf` Bind keyword context.

Negated equality BindRule instances should be used with caution.

func (*SecurityStrengthFactor) Set 

func (r *SecurityStrengthFactor) Set(factor any) SecurityStrengthFactor

Set modifies the receiver to reflect the desired security strength factor (SSF), which can represent any numerical value between 0 (off) and 256 (max).

Valid input types are int, string and nil.

A value of nil wipes out any previous value, making the SSF effectively zero (0).

A string value of `full` or `max` sets the SSF to its maximum value. A value of `none` or `off` has the same effect as when providing a nil value. A numerical string value is cast as int and (if valid) will be resubmitted silently. Case is not significant during the string matching process.

An int value less than or equal to zero (0) has the same effect as when providing a nil value. A value between 1 and 256 is acceptable and will be used. A value greater than 256 will be silently reduced back to the maximum.

Example (ByNumber) 
var s SecurityStrengthFactor
s.Set(128)
fmt.Printf("%s\n", s)

Output:

128
Example (ByWordMaxFactor) 
var s SecurityStrengthFactor
s.Set(`FULL`) // case is not significant
//s.Set(`max`) // alternative term
fmt.Printf("%s", s)

Output:

256
Example (ByWordNoFactor) 
var s SecurityStrengthFactor
s.Set(`noNe`) // case is not significant
fmt.Printf("%s", s)

Output:

0

func (SecurityStrengthFactor) String 

func (r SecurityStrengthFactor) String() string

func (SecurityStrengthFactor) Valid 

func (r SecurityStrengthFactor) Valid() (err error)

Valid returns a boolean value indicative of whether the receiver represents a security strength factor greater than zero (0).

type TargetDistinguishedName 

type TargetDistinguishedName struct {
	// contains filtered or unexported fields
}

TargetDistinguishedName describes a single LDAP distinguished name. For example: 

ou=People,dc=example,dc=com

For efficiency reasons, the LDAP "local scheme" prefix (ldap:///) is not stored in literal form within any DistinguishedName instance, however it will appear during string representation operations, e.g.: 

ldap:///ou=People,dc=example,dc=com

Instances of this kind can be crafted using the DN package-level function with the appropriate Target keyword as the input argument:

• DN(<dn>, Target) for a `target` Distinguished Name

• DN(<dn>, TargetTo) for a `target_to` Distinguished Name

• DN(<dn>, TargetFrom) for a `target_from` Distinguished Name

In order to fashion multi-valued TargetRule instances using values of this type, they must reside within an appropriate stack type instance. For further details, see the BindDistinguishedNames and TargetDistinguishedNames types.

func TDN 

func TDN(x string) TargetDistinguishedName

TDN initializes, sets and returns an instance of DistinguishedName in one shot.

An LDAP distinguished name, in string form and WITHOUT the leading `ldap:///` scheme, is required.

The return value shall be suitable for use in creating a Target Rule Condition that bears the `target` keyword.

func TFDN 

func TFDN(x string) TargetDistinguishedName

TFDN initializes, sets and returns an instance of DistinguishedName in one shot.

An LDAP distinguished name, in string form and WITHOUT the leading `ldap:///` scheme, is required.

The return value shall be suitable for use in creating a Target Rule Condition that bears the `target_from` keyword.

func TTDN 

func TTDN(x string) TargetDistinguishedName

TTDN initializes, sets and returns an instance of DistinguishedName in one shot.

An LDAP distinguished name, in string form and WITHOUT the leading `ldap:///` scheme, is required.

The return value shall be suitable for use in creating a Target Rule Condition that bears the `target_to` keyword.

func (TargetDistinguishedName) Eq 

func (r TargetDistinguishedName) Eq() TargetRule

Eq initializes and returns a new TargetRule instance configured to express the evaluation of the receiver value as Equal-To one (1) of the following keyword contexts:

• `target`

• `target_to`

• `target_from`

Example (Target)

This example demonstrates how to use a single Target DN to craft a Target Rule Equality Condition. 

dn := TDN(`uid=jesse,ou=People,dc=example,dc=com`)
fmt.Printf("%s", dn.Eq())

Output:

( target = "ldap:///uid=jesse,ou=People,dc=example,dc=com" )

func (TargetDistinguishedName) IsZero 

func (r TargetDistinguishedName) IsZero() bool

IsZero returns a boolean value indicative of whether the receiver is considered nil, or unset.

func (TargetDistinguishedName) Keyword 

func (r TargetDistinguishedName) Keyword() Keyword

Keyword returns the Keyword (interface) assigned to the receiver instance. This shall be the keyword that appears in a TargetRule bearing the receiver as a condition value.

func (TargetDistinguishedName) Kind 

func (r TargetDistinguishedName) Kind() string

Kind returns the string name `target`.

func (TargetDistinguishedName) Ne 

func (r TargetDistinguishedName) Ne() TargetRule

Ne initializes and returns a new BindRule instance configured to express the evaluation of the receiver value as Not-Equal-To one (1) of the following keyword contexts:

• `target`

• `target_to`

• `target_from`

func (TargetDistinguishedName) String 

func (r TargetDistinguishedName) String() string

String is a stringer method that returns the string representation of the receiver instance.

The Local LDAP scheme (ldap:///) is automatically imposed during the string representation of the value; this is required by the ACIv3 syntax.

func (TargetDistinguishedName) Valid 

func (r TargetDistinguishedName) Valid() (err error)

Valid returns an instance of error that reflects whether certain required elements or value combinations were present and deemed valid. A non-nil error indicates an undesirable receiver state.

type TargetDistinguishedNames 

type TargetDistinguishedNames stackage.Stack

TargetDistinguishedNames is an alias type for stackage.Stack, and is intended to house one (1) or more DistinguishedName instances for the purpose of expression within a TargetRule instance.

func TDNs 

func TDNs() (d TargetDistinguishedNames)

TDNs returns a new instance of TargetDistinguishedNames with an initialized embedded stack configured to function as a simple ORed list containing a single level of LDAP distinguished names. The Target (target) keyword is automatically assigned to the return value.

Only valid instances of TargetDistinguishedName which bear the Target keyword are to be considered eligible for push requests. If the input value is a string, it will be accepted and properly branded with the keyword.

See also the TTDNs and TFDNs functions for TargetTo and TargetFrom keywords respectively.

func TFDNs 

func TFDNs() (d TargetDistinguishedNames)

TFDNs returns a new instance of TargetDistinguishedNames with an initialized embedded stack configured to function as a simple ORed list containing a single level of LDAP distinguished names. The TargetFrom (target_from) keyword will be automatically assigned to the return value.

Only valid instances of TargetDistinguishedName which bear the TargetFrom keyword are to be considered eligible for push requests. If the input value is a string, it will be accepted and properly branded with the keyword.

See also the TDNs and TTDNs functions for Target and TargetTo keywords respectively.

func TTDNs 

func TTDNs() (d TargetDistinguishedNames)

TTDNs returns a new instance of TargetDistinguishedNames with an initialized embedded stack configured to function as a simple ORed list containing a single level of LDAP distinguished names. The TargetTo (target_to) keyword is automatically assigned to the return value.

Only valid instances of TargetDistinguishedName which bear the TargetTo keyword are to be considered eligible for push requests. If the input value is a string, it will be accepted and properly branded with the keyword.

See also the TDNs and TFDNs functions for Target and TargetFrom keywords respectively.

func (TargetDistinguishedNames) Category 

func (r TargetDistinguishedNames) Category() string

Category wraps go-stackage's Stack.Category method.

func (TargetDistinguishedNames) Contains 

func (r TargetDistinguishedNames) Contains(x any) bool

Contains returns a boolean value indicative of whether value x, if a string or TargetDistinguishedName instance, already resides within the receiver instance.

Case is not significant in the matching process.

func (TargetDistinguishedNames) Eq 

func (r TargetDistinguishedNames) Eq() TargetRule

Eq initializes and returns a new TargetRule instance configured to express the evaluation of the receiver value as Equal-To one (1) of the following keyword contexts:

• `target`

• `target_to`

• `target_from`

Example

This example demonstrates how a list of Target DNs can be used to create a single Target Rule. First, create a Rule using TDNs().Parens(), then push N desired TDN (Target DN) values into the Rule. 

tdns := TDNs().Push(
	TDN(`uid=jesse,ou=People,dc=example,dc=com`),
	TDN(`uid=courtney,ou=People,dc=example,dc=com`),
)

// Craft an equality Condition
fmt.Printf("%s", tdns.Eq())

Output:

( target = "ldap:///uid=jesse,ou=People,dc=example,dc=com || ldap:///uid=courtney,ou=People,dc=example,dc=com" )

func (TargetDistinguishedNames) ID 

func (r TargetDistinguishedNames) ID() string

ID wraps go-stackage's Stack.ID method.

func (TargetDistinguishedNames) Index 

func (r TargetDistinguishedNames) Index(idx int) TargetDistinguishedName

Index wraps go-stackage's Stack.Index method. Note that the Boolean OK value returned by go-stackage by default will be shadowed and not obtainable by the caller.

func (TargetDistinguishedNames) IsZero 

func (r TargetDistinguishedNames) IsZero() bool

IsZero wraps go-stackage's Stack.IsZero method.

func (TargetDistinguishedNames) Keyword 

func (r TargetDistinguishedNames) Keyword() Keyword

Keyword returns the Keyword (interface) assigned to the receiver instance. This shall be the keyword that appears in a TargetRule bearing the receiver as a condition value.

func (TargetDistinguishedNames) Len 

func (r TargetDistinguishedNames) Len() int

Len wraps go-stackage's Stack.Len method.

func (TargetDistinguishedNames) Ne 

func (r TargetDistinguishedNames) Ne() TargetRule

Ne initializes and returns a new TargetRule instance configured to express the evaluation of the receiver value as Not-Equal-To one (1) of the following keyword contexts:

• `target`

• `target_to`

• `target_from`

Negated equality TargetRule instances should be used with caution.

func (TargetDistinguishedNames) Pop 

func (r TargetDistinguishedNames) Pop() TargetDistinguishedName

Pop wraps go-stackage's Stack.Pop method and performs type assertion to return a proper TargetDistinguishedName instance.

func (TargetDistinguishedNames) Push 

func (r TargetDistinguishedNames) Push(x ...any) TargetDistinguishedNames

Push wraps go-stackage's Stack.Push method. Valid input types are string and TargetDistinguishedName.

In the case of a string value, it is automatically cast as an instance of TargetDistinguishedName using the appropriate keyword, so long as the raw string is of a non-zero length.

func (TargetDistinguishedNames) String 

func (r TargetDistinguishedNames) String() string

String is a stringer method that returns the string representation of the receiver instance.

This method wraps go-stackage's Stack.String method.

type TargetKeyword 

type TargetKeyword uint8

TargetKeyword contains the value describing a particular Target Keyword to be used within a Target Rule. 

const (
	Target            TargetKeyword // 0x1, target
	TargetTo                        // 0x2, target_to
	TargetAttr                      // 0x3, targetattr
	TargetCtrl                      // 0x4, targetcontrol
	TargetFrom                      // 0x5, target_from
	TargetScope                     // 0x6, targetscope
	TargetFilter                    // 0x7, targetfilter
	TargetAttrFilters               // 0x8, targattrfilters (yes, "targ". As in "wild Klingon boars").
	TargetExtOp                     // 0x9, extop
)

TargetKeyword constants are intended for singular use within a Target Rule condition.

func (TargetKeyword) Kind 

func (r TargetKeyword) Kind() string

Kind returns the string name for the kind of underlying Keyword (`target`).

func (TargetKeyword) String 

func (r TargetKeyword) String() (k string)

String is a stringer method that returns the string representation of the receiver instance of TargetKeyword.

type TargetRule 

type TargetRule stackage.Condition

TargetRule is a stackage.Condition type alias intended to represent a single Target Rule; that is, one (1) Target Rule keyword, one (1) comparison operator and one (1) or more string values (called an 'expression').

For example: 

( targetscope = "subordinate" )

Instances of this type may be assembled manually by users, or may be created logically as a result of textual parsing. Users may also want to use convenient Eq and Ne methods extended through various types (as permitted) for simplicity.

Instances of this type shall appear within TargetRules instances.

TargetRule instances are always parenthetical. No parenthetical control methods exist for instances of this type.

func ParseTargetRule 

func ParseTargetRule(raw string) (TargetRule, error)

ParseTargetRule processes the raw input string value, which should represent a single Target Rule expressive statement, into an instance of TargetRule. This, along with an error instance, are returned upom completion of processing.

func (TargetRule) Category 

func (r TargetRule) Category() string

Category wraps go-stackage's Condition.Category method.

func (TargetRule) Expression 

func (r TargetRule) Expression() any

Expression wraps go-stackage's Condition.Expression method.

func (TargetRule) ID 

func (r TargetRule) ID() string

ID wraps go-stackage's Condition.ID method.

func (TargetRule) IsZero 

func (r TargetRule) IsZero() bool

IsZero wraps go-stackage's Condition.IsZero method.

func (TargetRule) Keyword 

func (r TargetRule) Keyword() Keyword

Keyword wraps go-stackage's Condition.Keyword method and resolves the raw value into a TargetKeyword. Failure to do so will return a bogus Keyword.

func (TargetRule) Kind 

func (r TargetRule) Kind() string

Kind returns the string literal `condition` to identify the receiver as a stackage.Condition type alias.

func (TargetRule) Operator 

func (r TargetRule) Operator() stackage.Operator

Operator wraps go-stackage's Condition.Operator method.

func (*TargetRule) SetExpression 

func (r *TargetRule) SetExpression(expr any) TargetRule

SetExpression wraps go-stackage's Condition.SetExpression method.

func (*TargetRule) SetKeyword 

func (r *TargetRule) SetKeyword(kw any) TargetRule

SetKeyword wraps go-stackage's Condition.SetKeyword method.

func (*TargetRule) SetOperator 

func (r *TargetRule) SetOperator(op stackage.ComparisonOperator) TargetRule

SetOperator wraps go-stackage's Condition.SetOperator method.

func (TargetRule) SetQuoteStyle 

func (r TargetRule) SetQuoteStyle(style int) TargetRule

func (TargetRule) String 

func (r TargetRule) String() string

String is a stringer method that returns the string representation of the receiver instance.

This method wraps go-stackage's Condition.String method.

func (TargetRule) Valid 

func (r TargetRule) Valid() (err error)

Valid wraps go-stackage's Condition.Valid method.

type TargetRules 

type TargetRules stackage.Stack

TargetRules is a stackage.Stack type alias intended to store and express one (1) or more Target Rule statements.

For example: 

( targetscope = "subordinate" )( targetattr = "cn || sn || givenName || objectClass" )

Instances of this type may be assembled manually by users, or may be created logically as a result of textual parsing. See the T function for easily initializing and returning instances of this type.

Instances of this type will not allow nesting (i.e.: the addition of any stackage.Stack type alias instances). Only individual TargetRule instances may be pushed into instances of this type.

func ParseTargetRules 

func ParseTargetRules(raw string) (TargetRules, error)

ParseTargetRules processes the raw input string value, which should represent one (1) or more valid Target Rule expressive statements, into an instance of TargetRules. This, alongside an error instance, are returned at the completion of processing.

func TRs 

func TRs() TargetRules

TRs creates and returns a new instance of TargetRules with an initialized embedded stack configured to function as a Target Rule store that is meant to contain one (1) or more Condition instances, each of which bear one (1) of the following Target Rule keyword constants:

• Target

• TargetTo

• TargetFrom

• TargetAttr

• TargetCtrl

• TargetScope

• TargetFilter

• TargetAttrFilters

• TargetExtOp

Please note that instances of this design are set with a maximum capacity of nine (9) for both the following reasons:

• There are only said number of Target Rule keywords supported within the ACI syntax specification honored by this package, and ...

• Individual Target Rule keywords can only be used once per ACI; in other words, one cannot specify multiple `target` conditions within the same TargetRules instance.

Instances of this design generally are assigned to top-level instances of Instruction, and never allow nesting elements (e.g.: other stackage.Stack derived type aliases).

Example

This example demonstrates how to craft a set of Target Rule Conditions. 

t := TRs().Push(
	TDN(`uid=jesse,ou=People,dc=example,dc=com`).Eq(),
	Filter(`(&(uid=jesse)(objectClass=*))`).Eq(),
	ExtOp(`1.3.6.1.4.1.56521.999.5`).Eq(),
)
fmt.Printf("%s", t)

Output:

( target = "ldap:///uid=jesse,ou=People,dc=example,dc=com" ) ( targetfilter = "(&(uid=jesse)(objectClass=*))" ) ( extop = "1.3.6.1.4.1.56521.999.5" )

func (TargetRules) Category 

func (r TargetRules) Category() string

Category wraps go-stackage's Stack.Category method.

func (TargetRules) ID 

func (r TargetRules) ID() string

ID wraps go-stackage's Stack.ID method.

func (TargetRules) Index 

func (r TargetRules) Index(idx int) TargetRule

Index wraps go-stackage's Stack.Index method.

func (TargetRules) IsZero 

func (r TargetRules) IsZero() bool

IsZero wraps go-stackage's Stack.IsZero method.

func (TargetRules) Kind 

func (r TargetRules) Kind() string

Kind returns the string literal `stack` to identify the receiver as a stackage.Stack type alias.

func (TargetRules) Len 

func (r TargetRules) Len() int

Len wraps go-stackage's Stack.Len method.

func (TargetRules) NoPadding 

func (r TargetRules) NoPadding(state ...bool) TargetRules

NoPadding wraps go-stackage's Stack.NoPadding method.

func (TargetRules) Pop 

func (r TargetRules) Pop() TargetRule

Pop wraps go-stackage's Stack.Pop method. An instance of TargetRule is returned following a call of this method.

Within the context of the receiver type, a RuleContext, if non-nil, can only represent a TargetRule instance.

func (TargetRules) Push 

func (r TargetRules) Push(x ...TargetRule) TargetRules

Push wraps go-stackage's Stack.Push method.

func (TargetRules) ReadOnly 

func (r TargetRules) ReadOnly(state ...bool) TargetRules

ReadOnly wraps go-stackage's Stack.ReadOnly method.

func (TargetRules) String 

func (r TargetRules) String() string

String is a stringer method that returns the string representation of the receiver instance.

This method wraps go-stackage's Stack.String method.

func (TargetRules) Valid 

func (r TargetRules) Valid() (err error)

Valid wraps go-stackage's Stack.Valid method.

type TimeOfDay 

type TimeOfDay struct {
	// contains filtered or unexported fields
}

TimeOfDay is a [2]byte type used to represent a specific point in 24-hour time using hours and minutes (such as 1215 for 12:15 PM, or 1945 for 7:45 PM). Instances of this type contain a big endian unsigned 16-bit integer value, one that utilizes the first (1st) and second (2nd) slices. The value is used within "timeofday" Bind Rule statements.

Example (SetLater) 
var t TimeOfDay
t.Set(`2301`)
fmt.Printf("%s", t)

Output:

2301

func ToD 

func ToD(x ...any) TimeOfDay

ToD initializes, sets and returns a new instance of TimeOfDay in one shot. This function is an alternative to separate assignment and set procedures.

func (TimeOfDay) Eq 

func (r TimeOfDay) Eq() BindRule

Eq initializes and returns a new BindRule instance configured to express the evaluation of the receiver value as Equal-To the `timeofday` Bind keyword context.

func (TimeOfDay) Ge 

func (r TimeOfDay) Ge() BindRule

Ge initializes and returns a new BindRule instance configured to express the evaluation of the receiver value as Greater-Than-Or-Equal to the `timeofday` Bind keyword context.

func (TimeOfDay) Gt 

func (r TimeOfDay) Gt() BindRule

Gt initializes and returns a new BindRule instance configured to express the evaluation of the receiver value as Greater-Than the `timeofday` Bind keyword context.

func (TimeOfDay) IsZero 

func (r TimeOfDay) IsZero() bool

IsZero returns a boolean value indicative of whether the receiver is nil, or unset.

func (TimeOfDay) Le 

func (r TimeOfDay) Le() BindRule

Le initializes and returns a new BindRule instance configured to express the evaluation of the receiver value as Less-Than-Or-Equal to the `timeofday` Bind keyword context.

func (TimeOfDay) Lt 

func (r TimeOfDay) Lt() BindRule

Lt initializes and returns a new BindRule instance configured to express the evaluation of the receiver value as Less-Than the `timeofday` Bind keyword context.

func (TimeOfDay) Ne 

func (r TimeOfDay) Ne() BindRule

Ne initializes and returns a new BindRule instance configured to express the evaluation of the receiver value as Not-Equal-To the `timeofday` Bind keyword context.

Negated equality BindRule instances should be used with caution.

func (*TimeOfDay) Set 

func (r *TimeOfDay) Set(t any) *TimeOfDay

Set encodes the specified 24-hour (a.k.a.: military) time value into the receiver instance.

Valid input types are string and time.Time. The effective hour and minute values, when combined, should ALWAYS fall within the valid clock range of 0000 up to and including 2400. Bogus values within said range, such as 0477, will return an error.

func (TimeOfDay) String 

func (r TimeOfDay) String() string

String is a stringer method that returns the string representation of the receiver instance.

func (TimeOfDay) Valid 

func (r TimeOfDay) Valid() (err error)

Valid returns a boolean value indicative of whether the receiver is believed to be in a valid state.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.