347 lines
11 KiB
Plaintext
347 lines
11 KiB
Plaintext
-- Module Lightweight-Directory-Access-Protocol-V3 (RFC 2251:12/1997)
|
|
Lightweight-Directory-Access-Protocol-V3
|
|
--
|
|
-- Copyright (C) The Internet Society (1997). This version of
|
|
-- this ASN.1 module is part of RFC 2251;
|
|
-- see the RFC itself for full legal notices.
|
|
--
|
|
DEFINITIONS IMPLICIT TAGS ::=
|
|
BEGIN
|
|
|
|
LDAPMessage ::= SEQUENCE {
|
|
messageID MessageID,
|
|
protocolOp
|
|
CHOICE {bindRequest BindRequest,
|
|
bindResponse BindResponse,
|
|
unbindRequest UnbindRequest,
|
|
searchRequest SearchRequest,
|
|
searchResEntry SearchResultEntry,
|
|
searchResDone SearchResultDone,
|
|
searchResRef SearchResultReference,
|
|
modifyRequest ModifyRequest,
|
|
modifyResponse ModifyResponse,
|
|
addRequest AddRequest,
|
|
addResponse AddResponse,
|
|
delRequest DelRequest,
|
|
delResponse DelResponse,
|
|
modDNRequest ModifyDNRequest,
|
|
modDNResponse ModifyDNResponse,
|
|
compareRequest CompareRequest,
|
|
compareResponse CompareResponse,
|
|
abandonRequest AbandonRequest,
|
|
extendedReq ExtendedRequest,
|
|
extendedResp ExtendedResponse},
|
|
controls [0] Controls OPTIONAL
|
|
}
|
|
|
|
MessageID ::= INTEGER(0..maxInt)
|
|
|
|
maxInt INTEGER ::= 2147483647 -- (2^^31 - 1)
|
|
|
|
LDAPString ::= OCTET STRING
|
|
|
|
LDAPOID ::= OCTET STRING
|
|
|
|
LDAPDN ::= LDAPString
|
|
|
|
RelativeLDAPDN ::= LDAPString
|
|
|
|
AttributeType ::= LDAPString
|
|
|
|
AttributeDescription ::= LDAPString
|
|
|
|
AttributeDescriptionList ::= SEQUENCE OF AttributeDescription
|
|
|
|
AttributeValue ::= OCTET STRING
|
|
|
|
AttributeValueAssertion ::= SEQUENCE {
|
|
attributeDesc AttributeDescription,
|
|
assertionValue AssertionValue
|
|
}
|
|
|
|
AssertionValue ::= OCTET STRING
|
|
|
|
Attribute ::= SEQUENCE {type AttributeDescription,
|
|
vals SET OF AttributeValue
|
|
}
|
|
|
|
MatchingRuleId ::= LDAPString
|
|
|
|
LDAPResult ::= SEQUENCE {
|
|
resultCode
|
|
ENUMERATED {success(0), operationsError(1), protocolError(2),
|
|
timeLimitExceeded(3), sizeLimitExceeded(4), compareFalse(5),
|
|
compareTrue(6), authMethodNotSupported(7),
|
|
strongAuthRequired(8),
|
|
-- 9 reserved
|
|
referral(10),-- new-- adminLimitExceeded(11),-- new--
|
|
unavailableCriticalExtension(12),-- new--
|
|
confidentialityRequired(13),-- new--
|
|
saslBindInProgress(14),-- new-- noSuchAttribute(16),
|
|
undefinedAttributeType(17), inappropriateMatching(18),
|
|
constraintViolation(19), attributeOrValueExists(20),
|
|
invalidAttributeSyntax(21),
|
|
-- 22-31 unused
|
|
noSuchObject(32), aliasProblem(33),
|
|
invalidDNSyntax(34),
|
|
-- 35 reserved for undefined isLeaf
|
|
aliasDereferencingProblem(36),
|
|
-- 37-47 unused
|
|
inappropriateAuthentication(48), invalidCredentials(49),
|
|
insufficientAccessRights(50), busy(51), unavailable(52),
|
|
unwillingToPerform(53),
|
|
loopDetect(54),
|
|
-- 55-63 unused
|
|
namingViolation(64), objectClassViolation(65),
|
|
notAllowedOnNonLeaf(66), notAllowedOnRDN(67),
|
|
entryAlreadyExists(68),
|
|
objectClassModsProhibited(69),
|
|
-- 70 reserved for CLDAP
|
|
affectsMultipleDSAs(71),-- new--
|
|
-- 72-79 unused
|
|
other(80)},
|
|
-- 81-90 reserved for APIs
|
|
matchedDN LDAPDN,
|
|
errorMessage ErrorMessage,
|
|
referral [3] Referral OPTIONAL
|
|
}
|
|
|
|
Referral ::= SEQUENCE OF LDAPURL
|
|
|
|
LDAPURL ::= LDAPString -- limited to characters permitted in URLs
|
|
|
|
Controls ::= SEQUENCE OF Control
|
|
|
|
Control ::= SEQUENCE {
|
|
controlType ControlType,
|
|
criticality BOOLEAN DEFAULT FALSE,
|
|
controlValue OCTET STRING OPTIONAL
|
|
}
|
|
|
|
ControlType ::= LDAPOID
|
|
|
|
BindRequest ::= [APPLICATION 0] SEQUENCE {
|
|
version INTEGER(1..127),
|
|
name LDAPDN,
|
|
authentication AuthenticationChoice
|
|
}
|
|
|
|
AuthenticationChoice ::= CHOICE {
|
|
simple [0] OCTET STRING,
|
|
-- 1 and 2 reserved
|
|
sasl [3] SaslCredentials
|
|
}
|
|
|
|
SaslCredentials ::= SEQUENCE {
|
|
mechanism Mechanism,
|
|
credentials OCTET STRING OPTIONAL
|
|
}
|
|
|
|
Mechanism ::= LDAPString
|
|
|
|
BindResponse ::= [APPLICATION 1] SEQUENCE {
|
|
-- COMPONENTS OF LDAPResult,
|
|
resultCode
|
|
ENUMERATED {success(0), operationsError(1), protocolError(2),
|
|
timeLimitExceeded(3), sizeLimitExceeded(4), compareFalse(5),
|
|
compareTrue(6), authMethodNotSupported(7),
|
|
strongAuthRequired(8),
|
|
-- 9 reserved
|
|
referral(10),-- new-- adminLimitExceeded(11),-- new--
|
|
unavailableCriticalExtension(12),-- new--
|
|
confidentialityRequired(13),-- new--
|
|
saslBindInProgress(14),-- new-- noSuchAttribute(16),
|
|
undefinedAttributeType(17), inappropriateMatching(18),
|
|
constraintViolation(19), attributeOrValueExists(20),
|
|
invalidAttributeSyntax(21),
|
|
-- 22-31 unused
|
|
noSuchObject(32), aliasProblem(33),
|
|
invalidDNSyntax(34),
|
|
-- 35 reserved for undefined isLeaf
|
|
aliasDereferencingProblem(36),
|
|
-- 37-47 unused
|
|
inappropriateAuthentication(48), invalidCredentials(49),
|
|
insufficientAccessRights(50), busy(51), unavailable(52),
|
|
unwillingToPerform(53),
|
|
loopDetect(54),
|
|
-- 55-63 unused
|
|
namingViolation(64), objectClassViolation(65),
|
|
notAllowedOnNonLeaf(66), notAllowedOnRDN(67),
|
|
entryAlreadyExists(68),
|
|
objectClassModsProhibited(69),
|
|
-- 70 reserved for CLDAP
|
|
affectsMultipleDSAs(71),-- new--
|
|
-- 72-79 unused
|
|
other(80)},
|
|
-- 81-90 reserved for APIs
|
|
matchedDN LDAPDN,
|
|
errorMessage ErrorMessage,
|
|
referral [3] Referral OPTIONAL,
|
|
|
|
-- end of components
|
|
serverSaslCreds [7] OCTET STRING OPTIONAL
|
|
}
|
|
|
|
ErrorMessage ::= LDAPString
|
|
|
|
UnbindRequest ::= [APPLICATION 2] NULL
|
|
|
|
SearchRequest ::= [APPLICATION 3] SEQUENCE {
|
|
baseObject LDAPDN,
|
|
scope ENUMERATED {baseObject(0), singleLevel(1), wholeSubtree(2)},
|
|
derefAliases
|
|
ENUMERATED {neverDerefAliases(0), derefInSearching(1),
|
|
derefFindingBaseObj(2), derefAlways(3)},
|
|
sizeLimit INTEGER(0..maxInt),
|
|
timeLimit INTEGER(0..maxInt),
|
|
typesOnly BOOLEAN,
|
|
filter Filter,
|
|
attributes AttributeDescriptionList
|
|
}
|
|
|
|
Filter ::= CHOICE {
|
|
and [0] SET OF Filter,
|
|
or [1] SET OF Filter,
|
|
not [2] Filter,
|
|
equalityMatch [3] AttributeValueAssertion,
|
|
substrings [4] SubstringFilter,
|
|
greaterOrEqual [5] AttributeValueAssertion,
|
|
lessOrEqual [6] AttributeValueAssertion,
|
|
present [7] AttributeDescription,
|
|
approxMatch [8] AttributeValueAssertion,
|
|
extensibleMatch [9] MatchingRuleAssertion
|
|
}
|
|
|
|
SubstringFilter ::= SEQUENCE {
|
|
type AttributeDescription,
|
|
-- at least one must be present
|
|
substrings
|
|
SEQUENCE OF
|
|
CHOICE {initial [0] LDAPString,
|
|
any [1] LDAPString,
|
|
final [2] LDAPString}
|
|
}
|
|
|
|
MatchingRuleAssertion ::= SEQUENCE {
|
|
matchingRule [1] MatchingRuleId OPTIONAL,
|
|
type [2] AttributeDescription OPTIONAL,
|
|
matchValue [3] AssertionValue,
|
|
dnAttributes [4] BOOLEAN DEFAULT FALSE
|
|
}
|
|
|
|
SearchResultEntry ::= [APPLICATION 4] SEQUENCE {
|
|
objectName LDAPDN,
|
|
attributes PartialAttributeList
|
|
}
|
|
|
|
PartialAttributeList ::=
|
|
SEQUENCE OF SEQUENCE {type AttributeDescription,
|
|
vals SET OF AttributeValue}
|
|
|
|
SearchResultReference ::= [APPLICATION 19] SEQUENCE OF LDAPURL
|
|
|
|
SearchResultDone ::= [APPLICATION 5] LDAPResult
|
|
|
|
ModifyRequest ::= [APPLICATION 6] SEQUENCE {
|
|
object LDAPDN,
|
|
modification
|
|
SEQUENCE OF
|
|
SEQUENCE {operation ENUMERATED {add(0), delete(1), replace(2)},
|
|
modification AttributeTypeAndValues}
|
|
}
|
|
|
|
AttributeTypeAndValues ::= SEQUENCE {
|
|
type AttributeDescription,
|
|
vals SET OF AttributeValue
|
|
}
|
|
|
|
ModifyResponse ::= [APPLICATION 7] LDAPResult
|
|
|
|
AddRequest ::= [APPLICATION 8] SEQUENCE {
|
|
entry LDAPDN,
|
|
attributes AttributeList
|
|
}
|
|
|
|
AttributeList ::=
|
|
SEQUENCE OF SEQUENCE {type AttributeDescription,
|
|
vals SET OF AttributeValue}
|
|
|
|
AddResponse ::= [APPLICATION 9] LDAPResult
|
|
|
|
DelRequest ::= [APPLICATION 10] LDAPDN
|
|
|
|
DelResponse ::= [APPLICATION 11] LDAPResult
|
|
|
|
ModifyDNRequest ::= [APPLICATION 12] SEQUENCE {
|
|
entry LDAPDN,
|
|
newrdn RelativeLDAPDN,
|
|
deleteoldrdn BOOLEAN,
|
|
newSuperior [0] LDAPDN OPTIONAL
|
|
}
|
|
|
|
ModifyDNResponse ::= [APPLICATION 13] LDAPResult
|
|
|
|
CompareRequest ::= [APPLICATION 14] SEQUENCE {
|
|
entry LDAPDN,
|
|
ava AttributeValueAssertion
|
|
}
|
|
|
|
CompareResponse ::= [APPLICATION 15] LDAPResult
|
|
|
|
AbandonRequest ::= [APPLICATION 16] MessageID
|
|
|
|
ExtendedRequest ::= [APPLICATION 23] SEQUENCE {
|
|
requestName [0] LDAPOID,
|
|
requestValue [1] OCTET STRING OPTIONAL
|
|
}
|
|
|
|
ExtendedResponse ::= [APPLICATION 24] SEQUENCE {
|
|
-- COMPONENTS OF LDAPResult,
|
|
resultCode
|
|
ENUMERATED {success(0), operationsError(1), protocolError(2),
|
|
timeLimitExceeded(3), sizeLimitExceeded(4), compareFalse(5),
|
|
compareTrue(6), authMethodNotSupported(7),
|
|
strongAuthRequired(8),
|
|
-- 9 reserved
|
|
referral(10),-- new-- adminLimitExceeded(11),-- new--
|
|
unavailableCriticalExtension(12),-- new--
|
|
confidentialityRequired(13),-- new--
|
|
saslBindInProgress(14),-- new-- noSuchAttribute(16),
|
|
undefinedAttributeType(17), inappropriateMatching(18),
|
|
constraintViolation(19), attributeOrValueExists(20),
|
|
invalidAttributeSyntax(21),
|
|
-- 22-31 unused
|
|
noSuchObject(32), aliasProblem(33),
|
|
invalidDNSyntax(34),
|
|
-- 35 reserved for undefined isLeaf
|
|
aliasDereferencingProblem(36),
|
|
-- 37-47 unused
|
|
inappropriateAuthentication(48), invalidCredentials(49),
|
|
insufficientAccessRights(50), busy(51), unavailable(52),
|
|
unwillingToPerform(53),
|
|
loopDetect(54),
|
|
-- 55-63 unused
|
|
namingViolation(64), objectClassViolation(65),
|
|
notAllowedOnNonLeaf(66), notAllowedOnRDN(67),
|
|
entryAlreadyExists(68),
|
|
objectClassModsProhibited(69),
|
|
-- 70 reserved for CLDAP
|
|
affectsMultipleDSAs(71),-- new--
|
|
-- 72-79 unused
|
|
other(80)},
|
|
-- 81-90 reserved for APIs
|
|
matchedDN LDAPDN,
|
|
errorMessage ErrorMessage,
|
|
referral [3] Referral OPTIONAL,
|
|
-- end of COMPONENTS
|
|
responseName [10] ResponseName OPTIONAL,
|
|
response [11] OCTET STRING OPTIONAL
|
|
}
|
|
|
|
ResponseName ::= LDAPOID
|
|
|
|
END
|
|
|
|
-- Generated by Asnp, the ASN.1 pretty-printer of France Telecom R&D
|
|
|