282 lines
11 KiB
Groff
282 lines
11 KiB
Groff
Lightweight-Directory-Access-Protocol-V3 {1 3 6 1 1 18}
|
|
--
|
|
-- Copyright (C) The Internet Society (2006). This version of
|
|
-- this ASN.1 module is part of RFC 4511; see the RFC itself
|
|
-- for full legal notices.
|
|
--
|
|
DEFINITIONS
|
|
IMPLICIT TAGS
|
|
EXTENSIBILITY IMPLIED ::=
|
|
|
|
BEGIN
|
|
|
|
LDAPMessage ::= SEQUENCE {
|
|
messageID MessageID,
|
|
protocolOp CHOICE {
|
|
bindRequest BindRequest,
|
|
bindResponse BindResponse,
|
|
unbindRequest UnbindRequest,
|
|
searchRequest SearchRequest,
|
|
searchResEntry SearchResultEntry,
|
|
searchResDone SearchResultDone,
|
|
searchResRef SearchResultReference,
|
|
modifyRequest ModifyRequest,
|
|
modifyResponse ModifyResponse,
|
|
addRequest AddRequest,
|
|
addResponse AddResponse,
|
|
delRequest DelRequest,
|
|
delResponse DelResponse,
|
|
modDNRequest ModifyDNRequest,
|
|
modDNResponse ModifyDNResponse,
|
|
compareRequest CompareRequest,
|
|
compareResponse CompareResponse,
|
|
abandonRequest AbandonRequest,
|
|
extendedReq ExtendedRequest,
|
|
extendedResp ExtendedResponse,
|
|
...,
|
|
intermediateResponse IntermediateResponse },
|
|
controls [0] Controls OPTIONAL }
|
|
|
|
MessageID ::= INTEGER (0 .. maxInt)
|
|
|
|
maxInt INTEGER ::= 2147483647 -- (2^^31 - 1) --
|
|
|
|
LDAPString ::= OCTET STRING -- UTF-8 encoded,
|
|
-- [ISO10646] characters
|
|
|
|
|
|
LDAPOID ::= OCTET STRING -- Constrained to <numericoid>
|
|
-- [RFC4512]
|
|
|
|
LDAPDN ::= LDAPString -- Constrained to <distinguishedName>
|
|
-- [RFC4514]
|
|
|
|
RelativeLDAPDN ::= LDAPString -- Constrained to <name-component>
|
|
-- [RFC4514]
|
|
|
|
AttributeDescription ::= LDAPString
|
|
-- Constrained to <attributedescription>
|
|
-- [RFC4512]
|
|
|
|
AttributeValue ::= OCTET STRING
|
|
|
|
AttributeValueAssertion ::= SEQUENCE {
|
|
attributeDesc AttributeDescription,
|
|
assertionValue AssertionValue }
|
|
|
|
AssertionValue ::= OCTET STRING
|
|
|
|
PartialAttribute ::= SEQUENCE {
|
|
type AttributeDescription,
|
|
vals SET OF value AttributeValue }
|
|
|
|
Attribute ::= PartialAttribute(WITH COMPONENTS {
|
|
...,
|
|
vals (SIZE(1..MAX))})
|
|
|
|
MatchingRuleId ::= LDAPString
|
|
|
|
LDAPResult ::= SEQUENCE {
|
|
resultCode ENUMERATED {
|
|
success (0),
|
|
operationsError (1),
|
|
protocolError (2),
|
|
timeLimitExceeded (3),
|
|
sizeLimitExceeded (4),
|
|
compareFalse (5),
|
|
compareTrue (6),
|
|
authMethodNotSupported (7),
|
|
strongerAuthRequired (8),
|
|
-- 9 reserved --
|
|
referral (10),
|
|
adminLimitExceeded (11),
|
|
unavailableCriticalExtension (12),
|
|
confidentialityRequired (13),
|
|
saslBindInProgress (14),
|
|
noSuchAttribute (16),
|
|
undefinedAttributeType (17),
|
|
inappropriateMatching (18),
|
|
constraintViolation (19),
|
|
attributeOrValueExists (20),
|
|
invalidAttributeSyntax (21),
|
|
-- 22-31 unused --
|
|
noSuchObject (32),
|
|
aliasProblem (33),
|
|
invalidDNSyntax (34),
|
|
-- 35 reserved for undefined isLeaf --
|
|
aliasDereferencingProblem (36),
|
|
-- 37-47 unused --
|
|
inappropriateAuthentication (48),
|
|
invalidCredentials (49),
|
|
insufficientAccessRights (50),
|
|
busy (51),
|
|
unavailable (52),
|
|
unwillingToPerform (53),
|
|
loopDetect (54),
|
|
-- 55-63 unused --
|
|
namingViolation (64),
|
|
objectClassViolation (65),
|
|
notAllowedOnNonLeaf (66),
|
|
notAllowedOnRDN (67),
|
|
entryAlreadyExists (68),
|
|
objectClassModsProhibited (69),
|
|
-- 70 reserved for CLDAP --
|
|
affectsMultipleDSAs (71),
|
|
-- 72-79 unused --
|
|
other (80),
|
|
... },
|
|
matchedDN LDAPDN,
|
|
diagnosticMessage LDAPString,
|
|
referral [3] Referral OPTIONAL }
|
|
|
|
Referral ::= SEQUENCE SIZE (1..MAX) OF uri URI
|
|
|
|
URI ::= LDAPString -- limited to characters permitted in
|
|
-- URIs
|
|
|
|
Controls ::= SEQUENCE OF control Control
|
|
|
|
Control ::= SEQUENCE {
|
|
controlType LDAPOID,
|
|
criticality BOOLEAN DEFAULT FALSE,
|
|
controlValue OCTET STRING OPTIONAL }
|
|
|
|
|
|
|
|
BindRequest ::= [APPLICATION 0] SEQUENCE {
|
|
version INTEGER (1 .. 127),
|
|
name LDAPDN,
|
|
authentication AuthenticationChoice }
|
|
|
|
AuthenticationChoice ::= CHOICE {
|
|
simple [0] OCTET STRING,
|
|
-- 1 and 2 reserved
|
|
sasl [3] SaslCredentials,
|
|
... }
|
|
|
|
SaslCredentials ::= SEQUENCE {
|
|
mechanism LDAPString,
|
|
credentials OCTET STRING OPTIONAL }
|
|
|
|
BindResponse ::= [APPLICATION 1] SEQUENCE {
|
|
COMPONENTS OF LDAPResult,
|
|
serverSaslCreds [7] OCTET STRING OPTIONAL }
|
|
|
|
UnbindRequest ::= [APPLICATION 2] NULL
|
|
|
|
SearchRequest ::= [APPLICATION 3] SEQUENCE {
|
|
baseObject LDAPDN,
|
|
scope ENUMERATED {
|
|
baseObject (0),
|
|
singleLevel (1),
|
|
wholeSubtree (2),
|
|
... },
|
|
derefAliases ENUMERATED {
|
|
neverDerefAliases (0),
|
|
derefInSearching (1),
|
|
derefFindingBaseObj (2),
|
|
derefAlways (3) },
|
|
sizeLimit INTEGER (0 .. maxInt),
|
|
timeLimit INTEGER (0 .. maxInt),
|
|
typesOnly BOOLEAN,
|
|
filter Filter,
|
|
attributes AttributeSelection }
|
|
|
|
AttributeSelection ::= SEQUENCE OF selector LDAPString
|
|
-- The LDAPString is constrained to
|
|
-- <attributeSelector> in Section 4.5.1.8
|
|
|
|
Filter ::= CHOICE {
|
|
and [0] SET SIZE (1..MAX) OF filter Filter,
|
|
or [1] SET SIZE (1..MAX) OF filter Filter,
|
|
not [2] Filter,
|
|
equalityMatch [3] AttributeValueAssertion,
|
|
substrings [4] SubstringFilter,
|
|
greaterOrEqual [5] AttributeValueAssertion,
|
|
lessOrEqual [6] AttributeValueAssertion,
|
|
present [7] AttributeDescription,
|
|
approxMatch [8] AttributeValueAssertion,
|
|
extensibleMatch [9] MatchingRuleAssertion,
|
|
... }
|
|
|
|
SubstringFilter ::= SEQUENCE {
|
|
type AttributeDescription,
|
|
substrings SEQUENCE SIZE (1..MAX) OF substring CHOICE {
|
|
initial [0] AssertionValue, -- can occur at most once
|
|
any [1] AssertionValue,
|
|
final [2] AssertionValue } -- can occur at most once
|
|
}
|
|
|
|
MatchingRuleAssertion ::= SEQUENCE {
|
|
matchingRule [1] MatchingRuleId OPTIONAL,
|
|
type [2] AttributeDescription OPTIONAL,
|
|
matchValue [3] AssertionValue,
|
|
dnAttributes [4] BOOLEAN DEFAULT FALSE }
|
|
|
|
SearchResultEntry ::= [APPLICATION 4] SEQUENCE {
|
|
objectName LDAPDN,
|
|
attributes PartialAttributeList }
|
|
|
|
PartialAttributeList ::= SEQUENCE OF
|
|
partialAttribute PartialAttribute
|
|
|
|
SearchResultReference ::= [APPLICATION 19] SEQUENCE
|
|
SIZE (1..MAX) OF uri URI
|
|
|
|
SearchResultDone ::= [APPLICATION 5] LDAPResult
|
|
|
|
ModifyRequest ::= [APPLICATION 6] SEQUENCE {
|
|
object LDAPDN,
|
|
changes SEQUENCE OF change SEQUENCE {
|
|
operation ENUMERATED {
|
|
add (0),
|
|
delete (1),
|
|
replace (2),
|
|
... },
|
|
modification PartialAttribute } }
|
|
|
|
ModifyResponse ::= [APPLICATION 7] LDAPResult
|
|
|
|
AddRequest ::= [APPLICATION 8] SEQUENCE {
|
|
entry LDAPDN,
|
|
attributes AttributeList }
|
|
|
|
AttributeList ::= SEQUENCE OF attribute Attribute
|
|
|
|
AddResponse ::= [APPLICATION 9] LDAPResult
|
|
|
|
DelRequest ::= [APPLICATION 10] LDAPDN
|
|
|
|
DelResponse ::= [APPLICATION 11] LDAPResult
|
|
|
|
ModifyDNRequest ::= [APPLICATION 12] SEQUENCE {
|
|
entry LDAPDN,
|
|
newrdn RelativeLDAPDN,
|
|
deleteoldrdn BOOLEAN,
|
|
newSuperior [0] LDAPDN OPTIONAL }
|
|
|
|
ModifyDNResponse ::= [APPLICATION 13] LDAPResult
|
|
|
|
CompareRequest ::= [APPLICATION 14] SEQUENCE {
|
|
entry LDAPDN,
|
|
ava AttributeValueAssertion }
|
|
|
|
CompareResponse ::= [APPLICATION 15] LDAPResult
|
|
|
|
AbandonRequest ::= [APPLICATION 16] MessageID
|
|
|
|
ExtendedRequest ::= [APPLICATION 23] SEQUENCE {
|
|
requestName [0] LDAPOID,
|
|
requestValue [1] OCTET STRING OPTIONAL }
|
|
|
|
ExtendedResponse ::= [APPLICATION 24] SEQUENCE {
|
|
COMPONENTS OF LDAPResult,
|
|
responseName [10] LDAPOID OPTIONAL,
|
|
responseValue [11] OCTET STRING OPTIONAL }
|
|
|
|
IntermediateResponse ::= [APPLICATION 25] SEQUENCE {
|
|
responseName [0] LDAPOID OPTIONAL,
|
|
responseValue [1] OCTET STRING OPTIONAL }
|
|
|
|
END
|