Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AllowOKProtocols ¶
type AllowOKProtocols struct {
// contains filtered or unexported fields
}
AllowOKProtocols filters for ExpectedOK==true and allowed protocols.
func NewAllowOKProtocols ¶
func NewAllowOKProtocols(protocols []string) *AllowOKProtocols
NewAllowOKProtocols constructs a filter for the provided protocols.
func (*AllowOKProtocols) Allow ¶
func (f *AllowOKProtocols) Allow(r *Record) bool
Allow accepts only records that are expected OK and protocol is in allowed set.
type App ¶
type App struct {
Source RecordSource
Filter RecordFilter
Render Renderer
Sink Sink
}
App wires source->filter->renderer->sink and runs the pipeline.
type Argon2Encoder ¶
type CSVSource ¶
type CSVSource struct {
// contains filtered or unexported fields
}
CSVSource implements RecordSource backed by a CSV file.
func NewCSVSource ¶
NewCSVSource opens the CSV and prepares header index mapping.
type Config ¶
type Config struct {
// Paths
InCSVPath string
TemplatePath string
OutLDIFPath string
// CSV column names
ColUsername string
ColPassword string
ColProtocol string
ColExpectedOK string
// Filter knobs
ExpectTrueValue string
AllowedProtocols []string
// Password formatting
// PasswordFormat selects how {{ password }} is rendered into the LDIF entry.
// Supported: "sha", "ssha256", "ssha512", "argon2i", "argon2id".
PasswordFormat string
// SSHAEncoding selects payload encoding: "b64" or "hex". Default: b64.
SSHAEncoding string
// Argon2 parameters (only used for argon2i/argon2id)
ArgonTime uint32 // iterations
ArgonMemoryKiB uint32 // memory in KiB
ArgonParallelism uint8 // threads
ArgonKeyLen uint32 // length of derived key in bytes
// If true, prepend {ARGON2} to the PHC string for OpenLDAP compatibility.
ArgonOpenLDAPPrefix bool
}
Config carries file paths, CSV column names and filter settings.
func DefaultConfig ¶
func DefaultConfig() Config
DefaultConfig provides sensible defaults rooted in ./client/* as requested.
type LDIFFileSink ¶
type LDIFFileSink struct {
// contains filtered or unexported fields
}
LDIFFileSink writes LDIF entries to a file using a buffered writer.
func NewLDIFFileSink ¶
func NewLDIFFileSink(outPath string) (*LDIFFileSink, error)
NewLDIFFileSink creates or truncates the output file.
func (*LDIFFileSink) Close ¶
func (s *LDIFFileSink) Close() error
Close flushes and closes the underlying file.
func (*LDIFFileSink) WriteEntry ¶
func (s *LDIFFileSink) WriteEntry(entry string) error
WriteEntry writes a single LDIF entry as-is.
type PasswordEncoder ¶
PasswordEncoder abstracts password formatting for LDIF.
type RecordFilter ¶
RecordFilter decides whether a record should be processed.
type RecordSource ¶
type RecordSource interface {
Next() (*Record, error) // returns io.EOF when exhausted
Close() error
}
RecordSource yields records sequentially and must be closed when done.
type SHAEncoder ¶ added in v1.11.3
type SHAEncoder struct {
// Encoding: "b64" or "hex" (default b64)
Encoding string
}
SHAEncoder renders passwords as LDAP-style {SHA} digests. It computes SHA-1 over the plain text password without a salt. The payload can be encoded as base64 (default) or hex to match the SSHA encoder behavior when Encoding is set to "hex".
Output format examples: - Base64 (default): {SHA}BASE64(SHA1(password)) - Hex: {SHA.HEX}HEX(SHA1(password))
type SSHAEncoder ¶
type TemplateRenderer ¶
type TemplateRenderer struct {
// contains filtered or unexported fields
}
TemplateRenderer replaces placeholders in a loaded LDIF template. Supported placeholders: {{ uuid4 }}, {{ localpart }}, {{ password }}
func NewTemplateRenderer ¶
func NewTemplateRenderer(templatePath string, enc PasswordEncoder) (*TemplateRenderer, error)
NewTemplateRenderer reads template file into memory and wires a PasswordEncoder.
Source Files