1090 lines
33 KiB
Groff
1090 lines
33 KiB
Groff
DirectoryAbstractService {joint-iso-itu-t ds(5) module(1) directoryAbstractService(2) 8}
|
|
DEFINITIONS ::=
|
|
BEGIN
|
|
|
|
-- EXPORTS All
|
|
-- The types and values defined in this module are exported for use in the other ASN.1
|
|
-- modules contained within these Directory Specifications, and for the use of other
|
|
-- applications which will use them to access Directory services. Other applications may
|
|
-- use them for their own purposes, but this will not constrain extensions and
|
|
-- modifications needed to maintain or improve the Directory service.
|
|
|
|
IMPORTS
|
|
|
|
-- from Rec. ITU-T X.501 | ISO/IEC 9594-2
|
|
|
|
attributeCertificateDefinitions, authenticationFramework, basicAccessControl,
|
|
commonProtocolSpecification, directoryShadowAbstractService,
|
|
distributedOperations, enhancedSecurity, id-at, informationFramework,
|
|
selectedAttributeTypes, serviceAdministration, passwordPolicy
|
|
FROM UsefulDefinitions {joint-iso-itu-t ds(5) module(1) usefulDefinitions(0) 8}
|
|
|
|
Attribute{}, ATTRIBUTE, AttributeType, AttributeTypeAndValue, AttributeTypeAssertion,
|
|
AttributeValue, AttributeValueAssertion, CONTEXT, ContextAssertion,
|
|
DistinguishedName, MATCHING-RULE, Name, OBJECT-CLASS,
|
|
RelativeDistinguishedName, SupportedAttributes, SupportedContexts
|
|
FROM InformationFramework informationFramework
|
|
|
|
RelaxationPolicy
|
|
FROM ServiceAdministration serviceAdministration
|
|
|
|
OPTIONALLY-PROTECTED{}, OPTIONALLY-PROTECTED-SEQ{}
|
|
FROM EnhancedSecurity enhancedSecurity
|
|
|
|
-- from Rec. ITU-T X.518 | ISO/IEC 9594-4
|
|
|
|
AccessPoint, ContinuationReference, Exclusions, OperationProgress, ReferenceType
|
|
FROM DistributedOperations distributedOperations
|
|
|
|
-- from Rec. ITU-T X.519 | ISO/IEC 9594-5
|
|
|
|
Code, ERROR, id-errcode-abandoned, id-errcode-abandonFailed,
|
|
id-errcode-attributeError, id-errcode-nameError, id-errcode-referral,
|
|
id-errcode-securityError, id-errcode-serviceError, id-errcode-updateError,
|
|
id-opcode-abandon, id-opcode-addEntry, id-opcode-administerPassword,
|
|
id-opcode-compare, id-opcode-changePassword, id-opcode-ldapTransport,
|
|
id-opcode-linkedLDAP, id-opcode-list, id-opcode-modifyDN,
|
|
id-opcode-modifyEntry, id-opcode-read, id-opcode-removeEntry,
|
|
id-opcode-search, InvokeId, OPERATION
|
|
FROM CommonProtocolSpecification commonProtocolSpecification
|
|
|
|
-- from Rec. ITU-T X.520 | ISO/IEC 9594-6
|
|
|
|
DirectoryString{}, UnboundedDirectoryString
|
|
FROM SelectedAttributeTypes selectedAttributeTypes
|
|
|
|
-- from Rec. ITU-T X.509 | ISO/IEC 9594-8
|
|
|
|
AlgorithmIdentifier{}, CertificationPath, ENCRYPTED{}, HASH{}, SIGNED{},
|
|
SupportedAlgorithms
|
|
FROM AuthenticationFramework authenticationFramework
|
|
|
|
UserPwd
|
|
FROM PasswordPolicy passwordPolicy
|
|
|
|
AttributeCertificationPath
|
|
FROM AttributeCertificateDefinitions attributeCertificateDefinitions
|
|
|
|
-- from Rec. ITU-T X.525 | ISO/IEC 9594-9
|
|
|
|
AgreementID
|
|
FROM DirectoryShadowAbstractService directoryShadowAbstractService
|
|
|
|
-- from IETF RFC 2025
|
|
|
|
SPKM-ERROR, SPKM-REP-TI, SPKM-REQ
|
|
FROM SpkmGssTokens {iso(1) identified-organization(3) dod(6) internet(1)
|
|
security(5) mechanisms(5) spkm(1) spkmGssTokens(10)}
|
|
|
|
-- from IETF RFC 4511
|
|
|
|
LDAPMessage
|
|
FROM Lightweight-Directory-Access-Protocol-V3 {iso(1) identified-organization(3) dod(6) internet(1)
|
|
directory(1) ldap(18)} ;
|
|
|
|
-- Common data types
|
|
|
|
CommonArguments ::= SET {
|
|
serviceControls [30] ServiceControls DEFAULT {},
|
|
securityParameters [29] SecurityParameters OPTIONAL,
|
|
requestor [28] DistinguishedName OPTIONAL,
|
|
operationProgress [27] OperationProgress
|
|
DEFAULT {nameResolutionPhase notStarted},
|
|
aliasedRDNs [26] INTEGER OPTIONAL,
|
|
criticalExtensions [25] BIT STRING OPTIONAL,
|
|
referenceType [24] ReferenceType OPTIONAL,
|
|
entryOnly [23] BOOLEAN DEFAULT TRUE,
|
|
exclusions [22] Exclusions OPTIONAL,
|
|
nameResolveOnMaster [21] BOOLEAN DEFAULT FALSE,
|
|
operationContexts [20] ContextSelection OPTIONAL,
|
|
familyGrouping [19] FamilyGrouping DEFAULT entryOnly,
|
|
... }
|
|
|
|
CommonArgumentsSeq ::= SEQUENCE {
|
|
serviceControls [30] ServiceControls DEFAULT {},
|
|
securityParameters [29] SecurityParameters OPTIONAL,
|
|
requestor [28] DistinguishedName OPTIONAL,
|
|
operationProgress [27] OperationProgress
|
|
DEFAULT {nameResolutionPhase notStarted},
|
|
aliasedRDNs [26] INTEGER OPTIONAL,
|
|
criticalExtensions [25] BIT STRING OPTIONAL,
|
|
referenceType [24] ReferenceType OPTIONAL,
|
|
entryOnly [23] BOOLEAN DEFAULT TRUE,
|
|
exclusions [22] Exclusions OPTIONAL,
|
|
nameResolveOnMaster [21] BOOLEAN DEFAULT FALSE,
|
|
operationContexts [20] ContextSelection OPTIONAL,
|
|
familyGrouping [19] FamilyGrouping DEFAULT entryOnly,
|
|
... }
|
|
|
|
FamilyGrouping ::= ENUMERATED {
|
|
entryOnly (1),
|
|
compoundEntry (2),
|
|
strands (3),
|
|
multiStrand (4),
|
|
... }
|
|
|
|
CommonResults ::= SET {
|
|
securityParameters [30] SecurityParameters OPTIONAL,
|
|
performer [29] DistinguishedName OPTIONAL,
|
|
aliasDereferenced [28] BOOLEAN DEFAULT FALSE,
|
|
notification [27] SEQUENCE SIZE (1..MAX) OF Attribute
|
|
{{SupportedAttributes}} OPTIONAL,
|
|
... }
|
|
|
|
CommonResultsSeq ::= SEQUENCE {
|
|
securityParameters [30] SecurityParameters OPTIONAL,
|
|
performer [29] DistinguishedName OPTIONAL,
|
|
aliasDereferenced [28] BOOLEAN DEFAULT FALSE,
|
|
notification [27] SEQUENCE SIZE (1..MAX) OF Attribute
|
|
{{SupportedAttributes}} OPTIONAL,
|
|
... }
|
|
|
|
ServiceControls ::= SET {
|
|
options [0] ServiceControlOptions DEFAULT {},
|
|
priority [1] INTEGER {low(0), medium(1), high(2)} DEFAULT medium,
|
|
timeLimit [2] INTEGER OPTIONAL,
|
|
sizeLimit [3] INTEGER OPTIONAL,
|
|
scopeOfReferral [4] INTEGER {dmd(0), country(1)} OPTIONAL,
|
|
attributeSizeLimit [5] INTEGER OPTIONAL,
|
|
manageDSAITPlaneRef [6] SEQUENCE {
|
|
dsaName Name,
|
|
agreementID AgreementID,
|
|
...} OPTIONAL,
|
|
serviceType [7] OBJECT IDENTIFIER OPTIONAL,
|
|
userClass [8] INTEGER OPTIONAL,
|
|
... }
|
|
|
|
ServiceControlOptions ::= BIT STRING {
|
|
preferChaining (0),
|
|
chainingProhibited (1),
|
|
localScope (2),
|
|
dontUseCopy (3),
|
|
dontDereferenceAliases (4),
|
|
subentries (5),
|
|
copyShallDo (6),
|
|
partialNameResolution (7),
|
|
manageDSAIT (8),
|
|
noSubtypeMatch (9),
|
|
noSubtypeSelection (10),
|
|
countFamily (11),
|
|
dontSelectFriends (12),
|
|
dontMatchFriends (13),
|
|
allowWriteableCopy (14)}
|
|
|
|
EntryInformationSelection ::= SET {
|
|
attributes CHOICE {
|
|
allUserAttributes [0] NULL,
|
|
select [1] SET OF AttributeType
|
|
-- empty set implies no attributes are requested -- } DEFAULT allUserAttributes:NULL,
|
|
infoTypes [2] INTEGER {
|
|
attributeTypesOnly (0),
|
|
attributeTypesAndValues (1)} DEFAULT attributeTypesAndValues,
|
|
extraAttributes CHOICE {
|
|
allOperationalAttributes [3] NULL,
|
|
select [4] SET SIZE (1..MAX) OF AttributeType } OPTIONAL,
|
|
contextSelection ContextSelection OPTIONAL,
|
|
returnContexts BOOLEAN DEFAULT FALSE,
|
|
familyReturn FamilyReturn DEFAULT
|
|
{memberSelect contributingEntriesOnly} }
|
|
|
|
ContextSelection ::= CHOICE {
|
|
allContexts NULL,
|
|
selectedContexts SET SIZE (1..MAX) OF TypeAndContextAssertion,
|
|
... }
|
|
|
|
TypeAndContextAssertion ::= SEQUENCE {
|
|
type AttributeType,
|
|
contextAssertions CHOICE {
|
|
preference SEQUENCE OF ContextAssertion,
|
|
all SET OF ContextAssertion,
|
|
...},
|
|
... }
|
|
|
|
FamilyReturn ::= SEQUENCE {
|
|
memberSelect ENUMERATED {
|
|
contributingEntriesOnly (1),
|
|
participatingEntriesOnly (2),
|
|
compoundEntry (3),
|
|
...},
|
|
familySelect SEQUENCE SIZE (1..MAX) OF OBJECT-CLASS.&id OPTIONAL,
|
|
... }
|
|
|
|
EntryInformation ::= SEQUENCE {
|
|
name Name,
|
|
fromEntry BOOLEAN DEFAULT TRUE,
|
|
information SET SIZE (1..MAX) OF CHOICE {
|
|
attributeType AttributeType,
|
|
attribute Attribute{{SupportedAttributes}},
|
|
...} OPTIONAL,
|
|
incompleteEntry [3] BOOLEAN DEFAULT FALSE, -- not in first edition systems
|
|
partialName [4] BOOLEAN DEFAULT FALSE, -- not in first or second edition systems
|
|
derivedEntry [5] BOOLEAN DEFAULT FALSE, -- not in pre-fourth edition systems --
|
|
... }
|
|
|
|
family-information ATTRIBUTE ::= {
|
|
WITH SYNTAX FamilyEntries
|
|
USAGE directoryOperation
|
|
ID id-at-family-information }
|
|
|
|
FamilyEntries ::= SEQUENCE {
|
|
family-class OBJECT-CLASS.&id, -- structural object class value
|
|
familyEntries SEQUENCE OF FamilyEntry,
|
|
... }
|
|
|
|
FamilyEntry ::= SEQUENCE {
|
|
rdn RelativeDistinguishedName,
|
|
information SEQUENCE OF CHOICE {
|
|
attributeType AttributeType,
|
|
attribute Attribute{{SupportedAttributes}},
|
|
...},
|
|
family-info SEQUENCE SIZE (1..MAX) OF FamilyEntries OPTIONAL,
|
|
... }
|
|
|
|
Filter ::= CHOICE {
|
|
item [0] FilterItem,
|
|
and [1] SET OF Filter,
|
|
or [2] SET OF Filter,
|
|
not [3] Filter,
|
|
... }
|
|
|
|
FilterItem ::= CHOICE {
|
|
equality [0] AttributeValueAssertion,
|
|
substrings [1] SEQUENCE {
|
|
type ATTRIBUTE.&id({SupportedAttributes}),
|
|
strings SEQUENCE OF CHOICE {
|
|
initial [0] ATTRIBUTE.&Type
|
|
({SupportedAttributes}{@substrings.type}),
|
|
any [1] ATTRIBUTE.&Type
|
|
({SupportedAttributes}{@substrings.type}),
|
|
final [2] ATTRIBUTE.&Type
|
|
({SupportedAttributes}{@substrings.type}),
|
|
control Attribute{{SupportedAttributes}},
|
|
-- Used to specify interpretation of following items
|
|
... },
|
|
... },
|
|
greaterOrEqual [2] AttributeValueAssertion,
|
|
lessOrEqual [3] AttributeValueAssertion,
|
|
present [4] AttributeType,
|
|
approximateMatch [5] AttributeValueAssertion,
|
|
extensibleMatch [6] MatchingRuleAssertion,
|
|
contextPresent [7] AttributeTypeAssertion,
|
|
... }
|
|
|
|
MatchingRuleAssertion ::= SEQUENCE {
|
|
matchingRule [1] SET SIZE (1..MAX) OF MATCHING-RULE.&id,
|
|
type [2] AttributeType OPTIONAL,
|
|
matchValue [3] MATCHING-RULE.&AssertionType (CONSTRAINED BY {
|
|
-- matchValue shall be a value of type specified by the &AssertionType field of
|
|
-- one of the MATCHING-RULE information objects identified by matchingRule -- }),
|
|
dnAttributes [4] BOOLEAN DEFAULT FALSE,
|
|
... }
|
|
|
|
PagedResultsRequest ::= CHOICE {
|
|
newRequest SEQUENCE {
|
|
pageSize INTEGER,
|
|
sortKeys SEQUENCE SIZE (1..MAX) OF SortKey OPTIONAL,
|
|
reverse [1] BOOLEAN DEFAULT FALSE,
|
|
unmerged [2] BOOLEAN DEFAULT FALSE,
|
|
pageNumber [3] INTEGER OPTIONAL,
|
|
...},
|
|
queryReference OCTET STRING,
|
|
abandonQuery [0] OCTET STRING,
|
|
... }
|
|
|
|
SortKey ::= SEQUENCE {
|
|
type AttributeType,
|
|
orderingRule MATCHING-RULE.&id OPTIONAL,
|
|
... }
|
|
|
|
SecurityParameters ::= SET {
|
|
certification-path [0] CertificationPath OPTIONAL,
|
|
name [1] DistinguishedName OPTIONAL,
|
|
time [2] Time OPTIONAL,
|
|
random [3] BIT STRING OPTIONAL,
|
|
target [4] ProtectionRequest OPTIONAL,
|
|
-- [5] Not to be used
|
|
operationCode [6] Code OPTIONAL,
|
|
-- [7] Not to be used
|
|
errorProtection [8] ErrorProtectionRequest OPTIONAL,
|
|
errorCode [9] Code OPTIONAL,
|
|
... }
|
|
|
|
ProtectionRequest ::= INTEGER {none(0), signed(1)}
|
|
|
|
Time ::= CHOICE {
|
|
utcTime UTCTime,
|
|
generalizedTime GeneralizedTime,
|
|
... }
|
|
|
|
ErrorProtectionRequest ::= INTEGER {none(0), signed(1)}
|
|
|
|
-- Bind and unbind operations
|
|
|
|
directoryBind OPERATION ::= {
|
|
ARGUMENT DirectoryBindArgument
|
|
RESULT DirectoryBindResult
|
|
ERRORS {directoryBindError} }
|
|
|
|
DirectoryBindArgument ::= SET {
|
|
credentials [0] Credentials OPTIONAL,
|
|
versions [1] Versions DEFAULT {v1},
|
|
... }
|
|
|
|
Credentials ::= CHOICE {
|
|
simple [0] SimpleCredentials,
|
|
strong [1] StrongCredentials,
|
|
externalProcedure [2] EXTERNAL,
|
|
spkm [3] SpkmCredentials,
|
|
sasl [4] SaslCredentials,
|
|
... }
|
|
|
|
SimpleCredentials ::= SEQUENCE {
|
|
name [0] DistinguishedName,
|
|
validity [1] SET {
|
|
time1 [0] CHOICE {
|
|
utc UTCTime,
|
|
gt GeneralizedTime} OPTIONAL,
|
|
time2 [1] CHOICE {
|
|
utc UTCTime,
|
|
gt GeneralizedTime} OPTIONAL,
|
|
random1 [2] BIT STRING OPTIONAL,
|
|
random2 [3] BIT STRING OPTIONAL} OPTIONAL,
|
|
password [2] CHOICE {
|
|
unprotected OCTET STRING,
|
|
protected HASH{OCTET STRING},
|
|
...,
|
|
userPwd [0] UserPwd } OPTIONAL }
|
|
|
|
StrongCredentials ::= SET {
|
|
certification-path [0] CertificationPath OPTIONAL,
|
|
bind-token [1] Token,
|
|
name [2] DistinguishedName OPTIONAL,
|
|
attributeCertificationPath [3] AttributeCertificationPath OPTIONAL,
|
|
... }
|
|
|
|
SpkmCredentials ::= CHOICE {
|
|
req [0] SPKM-REQ,
|
|
rep [1] SPKM-REP-TI,
|
|
... }
|
|
|
|
SaslCredentials ::= SEQUENCE {
|
|
mechanism [0] DirectoryString{ub-saslMechanism},
|
|
credentials [1] OCTET STRING OPTIONAL,
|
|
saslAbort [2] BOOLEAN DEFAULT FALSE,
|
|
... }
|
|
|
|
ub-saslMechanism INTEGER ::= 20 -- According to RFC 2222
|
|
|
|
Token ::= SIGNED{TokenContent}
|
|
|
|
TokenContent ::= SEQUENCE {
|
|
algorithm [0] AlgorithmIdentifier{{SupportedAlgorithms}},
|
|
name [1] DistinguishedName,
|
|
time [2] Time,
|
|
random [3] BIT STRING,
|
|
response [4] BIT STRING OPTIONAL,
|
|
... }
|
|
|
|
Versions ::= BIT STRING {v1(0), v2(1)}
|
|
|
|
DirectoryBindResult ::= SET {
|
|
credentials [0] Credentials OPTIONAL,
|
|
versions [1] Versions DEFAULT {v1},
|
|
...,
|
|
pwdResponseValue [2] PwdResponseValue OPTIONAL }
|
|
|
|
PwdResponseValue ::= SEQUENCE {
|
|
warning CHOICE {
|
|
timeLeft [0] INTEGER (0..MAX),
|
|
graceRemaining [1] INTEGER (0..MAX),
|
|
... } OPTIONAL,
|
|
error ENUMERATED {
|
|
passwordExpired (0),
|
|
changeAfterReset (1),
|
|
... } OPTIONAL}
|
|
|
|
directoryBindError ERROR ::= {
|
|
PARAMETER OPTIONALLY-PROTECTED {SET {
|
|
versions [0] Versions DEFAULT {v1},
|
|
error CHOICE {
|
|
serviceError [1] ServiceProblem,
|
|
securityError [2] SecurityProblem,
|
|
...},
|
|
securityParameters [30] SecurityParameters OPTIONAL }}}
|
|
|
|
BindKeyInfo ::= ENCRYPTED{BIT STRING}
|
|
|
|
-- Operations, arguments, and results
|
|
|
|
|
|
read OPERATION ::= {
|
|
ARGUMENT ReadArgument
|
|
RESULT ReadResult
|
|
ERRORS {attributeError |
|
|
nameError |
|
|
serviceError |
|
|
referral |
|
|
abandoned |
|
|
securityError}
|
|
CODE id-opcode-read }
|
|
|
|
ReadArgument ::= OPTIONALLY-PROTECTED { ReadArgumentData }
|
|
|
|
ReadArgumentData ::= SET {
|
|
object [0] Name,
|
|
selection [1] EntryInformationSelection DEFAULT {},
|
|
modifyRightsRequest [2] BOOLEAN DEFAULT FALSE,
|
|
...,
|
|
...,
|
|
COMPONENTS OF CommonArguments }
|
|
|
|
ReadResult ::= OPTIONALLY-PROTECTED { ReadResultData }
|
|
|
|
ReadResultData ::= SET {
|
|
entry [0] EntryInformation,
|
|
modifyRights [1] ModifyRights OPTIONAL,
|
|
...,
|
|
...,
|
|
COMPONENTS OF CommonResults }
|
|
|
|
ModifyRights ::= SET OF SEQUENCE {
|
|
item CHOICE {
|
|
entry [0] NULL,
|
|
attribute [1] AttributeType,
|
|
value [2] AttributeValueAssertion,
|
|
...},
|
|
permission [3] BIT STRING {
|
|
add (0),
|
|
remove (1),
|
|
rename (2),
|
|
move (3)},
|
|
... }
|
|
|
|
compare OPERATION ::= {
|
|
ARGUMENT CompareArgument
|
|
RESULT CompareResult
|
|
ERRORS {attributeError |
|
|
nameError |
|
|
serviceError |
|
|
referral |
|
|
abandoned |
|
|
securityError}
|
|
CODE id-opcode-compare }
|
|
|
|
CompareArgument ::= OPTIONALLY-PROTECTED { CompareArgumentData }
|
|
|
|
CompareArgumentData ::= SET {
|
|
object [0] Name,
|
|
purported [1] AttributeValueAssertion,
|
|
...,
|
|
...,
|
|
COMPONENTS OF CommonArguments }
|
|
|
|
CompareResult ::= OPTIONALLY-PROTECTED { CompareResultData }
|
|
|
|
CompareResultData ::= SET {
|
|
name Name OPTIONAL,
|
|
matched [0] BOOLEAN,
|
|
fromEntry [1] BOOLEAN DEFAULT TRUE,
|
|
matchedSubtype [2] AttributeType OPTIONAL,
|
|
...,
|
|
...,
|
|
COMPONENTS OF CommonResults }
|
|
|
|
abandon OPERATION ::= {
|
|
ARGUMENT AbandonArgument
|
|
RESULT AbandonResult
|
|
ERRORS {abandonFailed}
|
|
CODE id-opcode-abandon }
|
|
|
|
AbandonArgument ::=
|
|
OPTIONALLY-PROTECTED-SEQ { AbandonArgumentData }
|
|
|
|
AbandonArgumentData ::= SEQUENCE {
|
|
invokeID [0] InvokeId,
|
|
... }
|
|
|
|
AbandonResult ::= CHOICE {
|
|
null NULL,
|
|
information OPTIONALLY-PROTECTED-SEQ { AbandonResultData },
|
|
... }
|
|
|
|
AbandonResultData ::= SEQUENCE {
|
|
invokeID InvokeId,
|
|
...,
|
|
...,
|
|
COMPONENTS OF CommonResultsSeq }
|
|
|
|
list OPERATION ::= {
|
|
ARGUMENT ListArgument
|
|
RESULT ListResult
|
|
ERRORS {nameError |
|
|
serviceError |
|
|
referral |
|
|
abandoned |
|
|
securityError}
|
|
CODE id-opcode-list }
|
|
|
|
ListArgument ::= OPTIONALLY-PROTECTED { ListArgumentData }
|
|
|
|
ListArgumentData ::= SET {
|
|
object [0] Name,
|
|
pagedResults [1] PagedResultsRequest OPTIONAL,
|
|
listFamily [2] BOOLEAN DEFAULT FALSE,
|
|
...,
|
|
...,
|
|
COMPONENTS OF CommonArguments
|
|
}
|
|
|
|
ListResult ::= OPTIONALLY-PROTECTED { ListResultData }
|
|
|
|
ListResultData ::= CHOICE {
|
|
listInfo SET {
|
|
name Name OPTIONAL,
|
|
subordinates [1] SET OF SEQUENCE {
|
|
rdn RelativeDistinguishedName,
|
|
aliasEntry [0] BOOLEAN DEFAULT FALSE,
|
|
fromEntry [1] BOOLEAN DEFAULT TRUE,
|
|
... },
|
|
partialOutcomeQualifier [2] PartialOutcomeQualifier OPTIONAL,
|
|
...,
|
|
...,
|
|
COMPONENTS OF CommonResults
|
|
},
|
|
uncorrelatedListInfo [0] SET OF ListResult,
|
|
... }
|
|
|
|
PartialOutcomeQualifier ::= SET {
|
|
limitProblem [0] LimitProblem OPTIONAL,
|
|
unexplored [1] SET SIZE (1..MAX) OF ContinuationReference OPTIONAL,
|
|
unavailableCriticalExtensions [2] BOOLEAN DEFAULT FALSE,
|
|
unknownErrors [3] SET SIZE (1..MAX) OF ABSTRACT-SYNTAX.&Type OPTIONAL,
|
|
queryReference [4] OCTET STRING OPTIONAL,
|
|
overspecFilter [5] Filter OPTIONAL,
|
|
notification [6] SEQUENCE SIZE (1..MAX) OF
|
|
Attribute{{SupportedAttributes}} OPTIONAL,
|
|
entryCount CHOICE {
|
|
bestEstimate [7] INTEGER,
|
|
lowEstimate [8] INTEGER,
|
|
exact [9] INTEGER,
|
|
...} OPTIONAL
|
|
-- [10] Not to be used -- }
|
|
|
|
LimitProblem ::= INTEGER {
|
|
timeLimitExceeded (0),
|
|
sizeLimitExceeded (1),
|
|
administrativeLimitExceeded (2) }
|
|
|
|
search OPERATION ::= {
|
|
ARGUMENT SearchArgument
|
|
RESULT SearchResult
|
|
ERRORS {attributeError |
|
|
nameError |
|
|
serviceError |
|
|
referral |
|
|
abandoned |
|
|
securityError}
|
|
CODE id-opcode-search }
|
|
|
|
SearchArgument ::= OPTIONALLY-PROTECTED { SearchArgumentData }
|
|
|
|
SearchArgumentData ::= SET {
|
|
baseObject [0] Name,
|
|
subset [1] INTEGER {
|
|
baseObject (0),
|
|
oneLevel (1),
|
|
wholeSubtree (2)} DEFAULT baseObject,
|
|
filter [2] Filter DEFAULT and:{},
|
|
searchAliases [3] BOOLEAN DEFAULT TRUE,
|
|
selection [4] EntryInformationSelection DEFAULT {},
|
|
pagedResults [5] PagedResultsRequest OPTIONAL,
|
|
matchedValuesOnly [6] BOOLEAN DEFAULT FALSE,
|
|
extendedFilter [7] Filter OPTIONAL,
|
|
checkOverspecified [8] BOOLEAN DEFAULT FALSE,
|
|
relaxation [9] RelaxationPolicy OPTIONAL,
|
|
extendedArea [10] INTEGER OPTIONAL,
|
|
hierarchySelections [11] HierarchySelections DEFAULT {self},
|
|
searchControlOptions [12] SearchControlOptions DEFAULT {searchAliases},
|
|
joinArguments [13] SEQUENCE SIZE (1..MAX) OF JoinArgument OPTIONAL,
|
|
joinType [14] ENUMERATED {
|
|
innerJoin (0),
|
|
leftOuterJoin (1),
|
|
fullOuterJoin (2)} DEFAULT leftOuterJoin,
|
|
...,
|
|
...,
|
|
COMPONENTS OF CommonArguments }
|
|
|
|
HierarchySelections ::= BIT STRING {
|
|
self (0),
|
|
children (1),
|
|
parent (2),
|
|
hierarchy (3),
|
|
top (4),
|
|
subtree (5),
|
|
siblings (6),
|
|
siblingChildren (7),
|
|
siblingSubtree (8),
|
|
all (9) }
|
|
|
|
SearchControlOptions ::= BIT STRING {
|
|
searchAliases (0),
|
|
matchedValuesOnly (1),
|
|
checkOverspecified (2),
|
|
performExactly (3),
|
|
includeAllAreas (4),
|
|
noSystemRelaxation (5),
|
|
dnAttribute (6),
|
|
matchOnResidualName (7),
|
|
entryCount (8),
|
|
useSubset (9),
|
|
separateFamilyMembers (10),
|
|
searchFamily (11) }
|
|
|
|
JoinArgument ::= SEQUENCE {
|
|
joinBaseObject [0] Name,
|
|
domainLocalID [1] DomainLocalID OPTIONAL,
|
|
joinSubset [2] ENUMERATED {
|
|
baseObject (0),
|
|
oneLevel (1),
|
|
wholeSubtree (2),
|
|
... } DEFAULT baseObject,
|
|
joinFilter [3] Filter OPTIONAL,
|
|
joinAttributes [4] SEQUENCE SIZE (1..MAX) OF JoinAttPair OPTIONAL,
|
|
joinSelection [5] EntryInformationSelection,
|
|
... }
|
|
|
|
DomainLocalID ::= UnboundedDirectoryString
|
|
|
|
JoinAttPair ::= SEQUENCE {
|
|
baseAtt AttributeType,
|
|
joinAtt AttributeType,
|
|
joinContext SEQUENCE SIZE (1..MAX) OF JoinContextType OPTIONAL,
|
|
... }
|
|
|
|
JoinContextType ::= CONTEXT.&id({SupportedContexts})
|
|
|
|
SearchResult ::= OPTIONALLY-PROTECTED { SearchResultData }
|
|
|
|
SearchResultData ::= CHOICE {
|
|
searchInfo SET {
|
|
name Name OPTIONAL,
|
|
entries [0] SET OF EntryInformation,
|
|
partialOutcomeQualifier [2] PartialOutcomeQualifier OPTIONAL,
|
|
altMatching [3] BOOLEAN DEFAULT FALSE,
|
|
...,
|
|
...,
|
|
COMPONENTS OF CommonResults
|
|
},
|
|
uncorrelatedSearchInfo [0] SET OF SearchResult,
|
|
... }
|
|
|
|
addEntry OPERATION ::= {
|
|
ARGUMENT AddEntryArgument
|
|
RESULT AddEntryResult
|
|
ERRORS {attributeError |
|
|
nameError |
|
|
serviceError |
|
|
referral |
|
|
securityError |
|
|
updateError}
|
|
CODE id-opcode-addEntry }
|
|
|
|
AddEntryArgument ::= OPTIONALLY-PROTECTED { AddEntryArgumentData }
|
|
|
|
AddEntryArgumentData ::= SET {
|
|
object [0] Name,
|
|
entry [1] SET OF Attribute{{SupportedAttributes}},
|
|
targetSystem [2] AccessPoint OPTIONAL,
|
|
...,
|
|
...,
|
|
COMPONENTS OF CommonArguments }
|
|
|
|
AddEntryResult ::= CHOICE {
|
|
null NULL,
|
|
information OPTIONALLY-PROTECTED-SEQ { AddEntryResultData },
|
|
... }
|
|
|
|
AddEntryResultData ::= SEQUENCE {
|
|
...,
|
|
...,
|
|
COMPONENTS OF CommonResultsSeq }
|
|
|
|
removeEntry OPERATION ::= {
|
|
ARGUMENT RemoveEntryArgument
|
|
RESULT RemoveEntryResult
|
|
ERRORS {nameError |
|
|
serviceError |
|
|
referral |
|
|
securityError |
|
|
updateError}
|
|
CODE id-opcode-removeEntry }
|
|
|
|
RemoveEntryArgument ::= OPTIONALLY-PROTECTED { RemoveEntryArgumentData }
|
|
|
|
RemoveEntryArgumentData ::= SET {
|
|
object [0] Name,
|
|
...,
|
|
...,
|
|
COMPONENTS OF CommonArguments
|
|
}
|
|
|
|
RemoveEntryResult ::= CHOICE {
|
|
null NULL,
|
|
information OPTIONALLY-PROTECTED-SEQ { RemoveEntryResultData },
|
|
... }
|
|
|
|
RemoveEntryResultData ::= SEQUENCE {
|
|
...,
|
|
...,
|
|
COMPONENTS OF CommonResultsSeq }
|
|
|
|
modifyEntry OPERATION ::= {
|
|
ARGUMENT ModifyEntryArgument
|
|
RESULT ModifyEntryResult
|
|
ERRORS {attributeError |
|
|
nameError |
|
|
serviceError |
|
|
referral |
|
|
securityError |
|
|
updateError}
|
|
CODE id-opcode-modifyEntry }
|
|
|
|
ModifyEntryArgument ::= OPTIONALLY-PROTECTED { ModifyEntryArgumentData }
|
|
|
|
ModifyEntryArgumentData ::= SET {
|
|
object [0] Name,
|
|
changes [1] SEQUENCE OF EntryModification,
|
|
selection [2] EntryInformationSelection OPTIONAL,
|
|
...,
|
|
...,
|
|
COMPONENTS OF CommonArguments }
|
|
|
|
ModifyEntryResult ::= CHOICE {
|
|
null NULL,
|
|
information OPTIONALLY-PROTECTED-SEQ { ModifyEntryResultData },
|
|
... }
|
|
|
|
ModifyEntryResultData ::= SEQUENCE {
|
|
entry [0] EntryInformation OPTIONAL,
|
|
...,
|
|
...,
|
|
COMPONENTS OF CommonResultsSeq }
|
|
|
|
EntryModification ::= CHOICE {
|
|
addAttribute [0] Attribute{{SupportedAttributes}},
|
|
removeAttribute [1] AttributeType,
|
|
addValues [2] Attribute{{SupportedAttributes}},
|
|
removeValues [3] Attribute{{SupportedAttributes}},
|
|
alterValues [4] AttributeTypeAndValue,
|
|
resetValue [5] AttributeType,
|
|
replaceValues [6] Attribute{{SupportedAttributes}},
|
|
... }
|
|
|
|
modifyDN OPERATION ::= {
|
|
ARGUMENT ModifyDNArgument
|
|
RESULT ModifyDNResult
|
|
ERRORS {nameError |
|
|
serviceError |
|
|
referral |
|
|
securityError |
|
|
updateError}
|
|
CODE id-opcode-modifyDN }
|
|
|
|
ModifyDNArgument ::= OPTIONALLY-PROTECTED { ModifyDNArgumentData }
|
|
|
|
ModifyDNArgumentData ::= SET {
|
|
object [0] DistinguishedName,
|
|
newRDN [1] RelativeDistinguishedName,
|
|
deleteOldRDN [2] BOOLEAN DEFAULT FALSE,
|
|
newSuperior [3] DistinguishedName OPTIONAL,
|
|
...,
|
|
...,
|
|
COMPONENTS OF CommonArguments }
|
|
|
|
ModifyDNResult ::= CHOICE {
|
|
null NULL,
|
|
information OPTIONALLY-PROTECTED-SEQ { ModifyDNResultData },
|
|
... }
|
|
|
|
ModifyDNResultData ::= SEQUENCE {
|
|
newRDN RelativeDistinguishedName,
|
|
...,
|
|
...,
|
|
COMPONENTS OF CommonResultsSeq }
|
|
|
|
changePassword OPERATION ::= {
|
|
ARGUMENT ChangePasswordArgument
|
|
RESULT ChangePasswordResult
|
|
ERRORS {securityError |
|
|
updateError }
|
|
CODE id-opcode-changePassword }
|
|
|
|
ChangePasswordArgument ::= OPTIONALLY-PROTECTED-SEQ { ChangePasswordArgumentData }
|
|
|
|
ChangePasswordArgumentData ::= SEQUENCE {
|
|
object [0] DistinguishedName,
|
|
oldPwd [1] UserPwd,
|
|
newPwd [2] UserPwd,
|
|
... }
|
|
|
|
ChangePasswordResult ::= CHOICE {
|
|
null NULL,
|
|
information OPTIONALLY-PROTECTED-SEQ { ChangePasswordResultData },
|
|
...}
|
|
|
|
ChangePasswordResultData ::= SEQUENCE {
|
|
...,
|
|
...,
|
|
COMPONENTS OF CommonResultsSeq }
|
|
|
|
administerPassword OPERATION ::= {
|
|
ARGUMENT AdministerPasswordArgument
|
|
RESULT AdministerPasswordResult
|
|
ERRORS {securityError |
|
|
updateError}
|
|
CODE id-opcode-administerPassword }
|
|
|
|
AdministerPasswordArgument ::=
|
|
OPTIONALLY-PROTECTED-SEQ { AdministerPasswordArgumentData }
|
|
|
|
AdministerPasswordArgumentData ::= SEQUENCE {
|
|
object [0] DistinguishedName,
|
|
newPwd [1] UserPwd,
|
|
... }
|
|
|
|
AdministerPasswordResult ::= CHOICE {
|
|
null NULL,
|
|
information OPTIONALLY-PROTECTED-SEQ { AdministerPasswordResultData },
|
|
...}
|
|
|
|
AdministerPasswordResultData ::= SEQUENCE {
|
|
...,
|
|
...,
|
|
COMPONENTS OF CommonResultsSeq }
|
|
|
|
ldapTransport OPERATION ::= {
|
|
ARGUMENT LdapArgument
|
|
RESULT SEQUENCE OF LDAPMessage
|
|
ERRORS { abandonFailed | abandoned }
|
|
CODE id-opcode-ldapTransport }
|
|
|
|
LdapArgument ::= OPTIONALLY-PROTECTED-SEQ { LdapArgumentData }
|
|
|
|
LdapArgumentData ::= SEQUENCE {
|
|
object DistinguishedName,
|
|
ldapMessage LDAPMessage,
|
|
linkId LinkId OPTIONAL,
|
|
...,
|
|
...,
|
|
COMPONENTS OF CommonArgumentsSeq }
|
|
|
|
LinkId ::= INTEGER
|
|
|
|
LdapResult ::= OPTIONALLY-PROTECTED-SEQ { LdapResultData }
|
|
|
|
LdapResultData ::= SEQUENCE {
|
|
ldapMessages SEQUENCE SIZE (1..MAX) OF LDAPMessage OPTIONAL,
|
|
returnToClient BOOLEAN DEFAULT FALSE,
|
|
...,
|
|
...,
|
|
COMPONENTS OF CommonResultsSeq }
|
|
|
|
linkedLDAP OPERATION ::= {
|
|
ARGUMENT LinkedArgument
|
|
RESULT LinkedResult
|
|
CODE id-opcode-linkedLDAP }
|
|
|
|
LinkedArgument ::= OPTIONALLY-PROTECTED-SEQ { LinkedArgumentData }
|
|
|
|
LinkedArgumentData ::= SEQUENCE {
|
|
object DistinguishedName,
|
|
ldapMessage LDAPMessage,
|
|
linkId LinkId,
|
|
returnToClient BOOLEAN DEFAULT FALSE,
|
|
...,
|
|
...,
|
|
COMPONENTS OF CommonArgumentsSeq }
|
|
|
|
LinkedResult ::= NULL
|
|
|
|
-- Errors and parameters
|
|
|
|
abandoned ERROR ::= {-- not literally an "error"
|
|
PARAMETER OPTIONALLY-PROTECTED { AbandonedData }
|
|
CODE id-errcode-abandoned }
|
|
|
|
AbandonedData ::= SET {
|
|
problem AbandonedProblem OPTIONAL,
|
|
...,
|
|
...,
|
|
COMPONENTS OF CommonResults }
|
|
|
|
AbandonedProblem ::= ENUMERATED {
|
|
pagingAbandoned (0) }
|
|
|
|
abandonFailed ERROR ::= {
|
|
PARAMETER OPTIONALLY-PROTECTED { AbandonFailedData }
|
|
CODE id-errcode-abandonFailed }
|
|
|
|
AbandonFailedData ::= SET {
|
|
problem [0] AbandonProblem,
|
|
operation [1] InvokeId,
|
|
...,
|
|
...,
|
|
COMPONENTS OF CommonResults }
|
|
|
|
AbandonProblem ::= INTEGER {
|
|
noSuchOperation (1),
|
|
tooLate (2),
|
|
cannotAbandon (3) }
|
|
|
|
attributeError ERROR ::= {
|
|
PARAMETER OPTIONALLY-PROTECTED { AttributeErrorData }
|
|
CODE id-errcode-attributeError }
|
|
|
|
AttributeErrorData ::= SET {
|
|
object [0] Name,
|
|
problems [1] SET OF SEQUENCE {
|
|
problem [0] AttributeProblem,
|
|
type [1] AttributeType,
|
|
value [2] AttributeValue OPTIONAL,
|
|
...},
|
|
...,
|
|
...,
|
|
COMPONENTS OF CommonResults }
|
|
|
|
AttributeProblem ::= INTEGER {
|
|
noSuchAttributeOrValue (1),
|
|
invalidAttributeSyntax (2),
|
|
undefinedAttributeType (3),
|
|
inappropriateMatching (4),
|
|
constraintViolation (5),
|
|
attributeOrValueAlreadyExists (6),
|
|
contextViolation (7) }
|
|
|
|
nameError ERROR ::= {
|
|
PARAMETER OPTIONALLY-PROTECTED { NameErrorData }
|
|
CODE id-errcode-nameError }
|
|
|
|
NameErrorData ::= SET {
|
|
problem [0] NameProblem,
|
|
matched [1] Name,
|
|
...,
|
|
...,
|
|
COMPONENTS OF CommonResults }
|
|
|
|
NameProblem ::= INTEGER {
|
|
noSuchObject (1),
|
|
aliasProblem (2),
|
|
invalidAttributeSyntax (3),
|
|
aliasDereferencingProblem (4)
|
|
-- not to be used (5)-- }
|
|
|
|
referral ERROR ::= { -- not literally an "error"
|
|
PARAMETER OPTIONALLY-PROTECTED { ReferralData }
|
|
CODE id-errcode-referral }
|
|
|
|
ReferralData ::= SET {
|
|
candidate [0] ContinuationReference,
|
|
...,
|
|
...,
|
|
COMPONENTS OF CommonResults }
|
|
|
|
securityError ERROR ::= {
|
|
PARAMETER OPTIONALLY-PROTECTED { SecurityErrorData }
|
|
CODE id-errcode-securityError }
|
|
|
|
SecurityErrorData ::= SET {
|
|
problem [0] SecurityProblem,
|
|
spkmInfo [1] SPKM-ERROR OPTIONAL,
|
|
encPwdInfo [2] EncPwdInfo OPTIONAL,
|
|
...,
|
|
...,
|
|
COMPONENTS OF CommonResults }
|
|
|
|
SecurityProblem ::= INTEGER {
|
|
inappropriateAuthentication (1),
|
|
invalidCredentials (2),
|
|
insufficientAccessRights (3),
|
|
invalidSignature (4),
|
|
protectionRequired (5),
|
|
noInformation (6),
|
|
blockedCredentials (7),
|
|
-- invalidQOPMatch (8), obsolete
|
|
spkmError (9),
|
|
unsupportedAuthenticationMethod (10),
|
|
passwordExpired (11),
|
|
inappropriateAlgorithms (12) }
|
|
|
|
EncPwdInfo ::= SEQUENCE {
|
|
algorithms [0] SEQUENCE OF AlgorithmIdentifier
|
|
{{SupportedAlgorithms}} OPTIONAL,
|
|
pwdQualityRule [1] SEQUENCE OF AttributeTypeAndValue OPTIONAL,
|
|
... }
|
|
|
|
serviceError ERROR ::= {
|
|
PARAMETER OPTIONALLY-PROTECTED { ServiceErrorData }
|
|
CODE id-errcode-serviceError }
|
|
|
|
ServiceErrorData ::= SET {
|
|
problem [0] ServiceProblem,
|
|
...,
|
|
...,
|
|
COMPONENTS OF CommonResults }
|
|
|
|
ServiceProblem ::= INTEGER {
|
|
busy (1),
|
|
unavailable (2),
|
|
unwillingToPerform (3),
|
|
chainingRequired (4),
|
|
unableToProceed (5),
|
|
invalidReference (6),
|
|
timeLimitExceeded (7),
|
|
administrativeLimitExceeded (8),
|
|
loopDetected (9),
|
|
unavailableCriticalExtension (10),
|
|
outOfScope (11),
|
|
ditError (12),
|
|
invalidQueryReference (13),
|
|
requestedServiceNotAvailable (14),
|
|
unsupportedMatchingUse (15),
|
|
ambiguousKeyAttributes (16),
|
|
saslBindInProgress (17),
|
|
notSupportedByLDAP (18) }
|
|
|
|
updateError ERROR ::= {
|
|
PARAMETER OPTIONALLY-PROTECTED { UpdateErrorData }
|
|
CODE id-errcode-updateError }
|
|
|
|
UpdateErrorData ::= SET {
|
|
problem [0] UpdateProblem,
|
|
attributeInfo [1] SET SIZE (1..MAX) OF CHOICE {
|
|
attributeType AttributeType,
|
|
attribute Attribute{{SupportedAttributes}},
|
|
... } OPTIONAL,
|
|
...,
|
|
...,
|
|
COMPONENTS OF CommonResults }
|
|
|
|
UpdateProblem ::= INTEGER {
|
|
namingViolation (1),
|
|
objectClassViolation (2),
|
|
notAllowedOnNonLeaf (3),
|
|
notAllowedOnRDN (4),
|
|
entryAlreadyExists (5),
|
|
affectsMultipleDSAs (6),
|
|
objectClassModificationProhibited (7),
|
|
noSuchSuperior (8),
|
|
notAncestor (9),
|
|
parentNotAncestor (10),
|
|
hierarchyRuleViolation (11),
|
|
familyRuleViolation (12),
|
|
insufficientPasswordQuality (13),
|
|
passwordInHistory (14),
|
|
noPasswordSlot (15) }
|
|
|
|
-- attribute types
|
|
|
|
id-at-family-information OBJECT IDENTIFIER ::= {id-at 64}
|
|
|
|
END -- DirectoryAbstractService |