Rec. ITU-T X.511 (10/2019) Information technology – Open Systems Interconnection – The Directory: bstract service definition
Summary
History
FOREWORD
CONTENTS
Introduction
1 Scope
2 Normative references
2.1 Identical Recommendations | International Standards
2.2 Paired Recommendations | International Standards equivalent in technical content
2.3 Additional references
3 Definitions
3.1 OSI Reference Model security architecture definitions
3.2 Basic Directory definitions
3.3 Directory model definitions
3.4 Directory information base definitions
3.5 Directory entry definitions
3.6 Name definitions
3.7 Distributed operations definitions
3.8 Abstract service definitions
4 Abbreviations
5 Conventions
6 Overview of the Directory service
7 Information types and common procedures
7.1 Introduction
7.2 Information types defined elsewhere
7.3 Common arguments
7.3.1 Critical extensions
7.3.2 Family grouping
7.4 Common results
7.5 Service controls
7.6 Entry information selection
7.6.1 Use of contextSelection or context selection defaults
7.6.2 Evaluation of contextSelection
7.6.3 Evaluation of a TypeAndContextAssertion
7.6.4 Family Return
7.7 Entry information
7.7.1 Entry information data type
7.7.2 Family information in entry information
7.8 Filter
7.8.1 Filter parameter
7.8.2 Filter item
7.8.3 Evaluating filters with family information
7.9 Paged results
7.10 Security parameters
7.11 Common elements of procedure for access control
7.11.1 Common elements of procedure for basic access control
7.11.1.1 Alias dereferencing
7.11.1.2 Return of Name Error
7.11.1.3 Non-disclosure of the existence of an entry
7.11.1.4 Return of Distinguished Name
7.11.2 Common elements of procedure for rule-based-access-control
7.11.2.1 Accessing an entry (entry level permission)
7.11.2.2 Returning the name of an entry
7.11.2.3 Alias dereferencing
7.11.2.4 Return of Name Error (noSuchObject)
7.11.2.5 Accessing an attribute
7.11.2.6 Deleting information
7.11.2.7 Invoking search-rules
7.11.3 Family information
7.12 Managing the DSA Information Tree
7.13 Procedures for families of entries
8 Directory authentication
8.1 Simple authentication procedure
8.1.1 Generation of protected identifying information
8.1.2 Procedure for protected simple authentication
8.2 Password policy
8.2.1 Introduction
8.2.2 Operational attributes and procedures
8.2.3 Password history
9 Bind, Unbind operations, Change Password and Administer Password operations
9.1 Directory Bind
9.1.1 Directory Bind syntax
9.1.2 Directory Bind arguments
9.1.3 Directory Bind results
9.1.4 Directory Bind errors
9.2 Directory Unbind
10 Directory Read operations
10.1 Read
10.1.1 Read syntax
10.1.2 Read components
10.1.3 Read results
10.1.4 Read errors
10.1.5 Read operation decision points for basic access control
10.1.5.1 Error returns
10.1.5.2 Non-disclosure of incomplete results
10.1.6 Read operation decision points for rule-based access control
10.2 Compare
10.2.1 Compare syntax
10.2.2 Compare arguments
10.2.3 Compare results
10.2.4 Compare errors
10.2.5 Compare operation decision points for basic access control
10.2.5.1 Error returns
10.2.6 Compare operation decision points for rule-based access control
10.2.7 Remote checking of password
10.3 Abandon
11 Directory Search operations
11.1 List
11.1.1 List syntax
11.1.2 List arguments
11.1.3 List results
11.1.4 List errors
11.1.5 List operation decision points for basic access control
11.1.6 List operation decision points for rule-based access control
11.2 Search
11.2.1 Search syntax
11.2.2 Search components
11.2.3 Search results
11.2.4 Service administration
11.2.5 Search errors
11.2.6 Search operation decision points for basic access control
11.2.6.1 Search operation decision points for basic-access-control in the presence of additional searches
11.2.6.2 Alias dereferencing during Search
11.2.6.3 Non-disclosure of incomplete results
11.2.7 Search operation decision points for rule-based access control
12 Directory Modify operations
12.1 Add Entry
12.1.1 Add Entry syntax
12.1.2 Add Entry arguments
12.1.3 Add Entry results
12.1.4 Add Entry errors
12.1.5 Add operation decision points for basic access control
12.1.5.1 Error returns
12.1.6 Add Entry operation decision points for rule-based-access-control
12.2 Remove Entry
12.2.1 Remove Entry syntax
12.2.2 Remove Entry arguments
12.2.3 Remove Entry results
12.2.4 Remove Entry errors
12.2.5 Remove Entry operation decision points for basic access control
12.2.6 Remove Entry operation decision points for rule-based access control
12.3 Modify Entry
12.3.1 Modify Entry syntax
12.3.2 Modify Entry arguments
12.3.3 Modify Entry results
12.3.4 Modify Entry errors
12.3.5 Modify Entry operation decision points for basic access control
12.3.5.1 Error returns
12.3.6 Modify Entry operation decision points for rule-based access control
12.4 Modify DN
12.4.1 Modify DN syntax
12.4.2 Modify DN arguments
12.4.3 Modify DN results
12.4.4 Modify DN errors
12.4.5 ModifyDN decision points for basic access control
12.4.5.1 Error returns
12.4.6 Modify DN operation decision points for rule-based access control
12.5 Change Password
12.5.1 Change Password syntax
12.5.2 Change Password arguments
12.5.3 Change Password results
12.5.4 Change Password errors
12.6 Administer Password
12.6.1 Administer Password syntax
12.6.2 Administer Password arguments
12.6.3 Administer Password results
12.6.4 Administer Password errors
13 Operations for LDAP messages
13.1 LDAP Transport operation
13.1.1 LDAP Transport syntax
13.1.2 LDAP Transport arguments
13.1.3 LDAP Transport results
13.2 Linked LDAP operation
13.2.1 Linked LDAP syntax
13.2.2 Linked LDAP arguments
13.2.3 Linked LDAP results
14 Errors
14.1 Error precedence
14.2 Abandoned
14.3 Abandon Failed
14.4 Attribute Error
14.5 Name Error
14.6 Referral
14.7 Security Error
14.8 Service Error
14.9 Update Error
15 Analysis of search arguments
15.1 General check of search filter
15.2 Check of request-attribute-profiles
15.3 Check of controls and hierarchy selections
15.4 Check of matching use
C.1 Single family example
C.2 Multiple families example
C.2.1 Filter example 1
C.2.2 Filter example 2
C.2.3 Filter example 3
C.2.4 Filter example 4