-- Module Lightweight-Directory-Access-Protocol-V3 (RFC 4511:06/2006)
-- See also the README file
-- See also the index of all ASN.1 assignments needed in this Recommendation
Lightweight-Directory-Access-Protocol-V3 {1 3 6 1 1 18}
--
-- Copyright (C) The Internet Society (2006). This version of
-- this ASN.1 module is part of RFC 4511; see the RFC itself
-- for full legal notices.
--
DEFINITIONS IMPLICIT TAGS EXTENSIBILITY IMPLIED::=
BEGIN
LDAPMessage ::= SEQUENCE {
messageID MessageID,
protocolOp
CHOICE {bindRequest BindRequest,
bindResponse BindResponse,
unbindRequest UnbindRequest,
searchRequest SearchRequest,
searchResEntry SearchResultEntry,
searchResDone SearchResultDone,
searchResRef SearchResultReference,
modifyRequest ModifyRequest,
modifyResponse ModifyResponse,
addRequest AddRequest,
addResponse AddResponse,
delRequest DelRequest,
delResponse DelResponse,
modDNRequest ModifyDNRequest,
modDNResponse ModifyDNResponse,
compareRequest CompareRequest,
compareResponse CompareResponse,
abandonRequest AbandonRequest,
extendedReq ExtendedRequest,
extendedResp ExtendedResponse,
...,
intermediateResponse IntermediateResponse},
controls [0] Controls OPTIONAL
}
MessageID ::= INTEGER(0..maxInt)
maxInt INTEGER ::= 2147483647 -- (2^^31 - 1)
LDAPString ::= OCTET STRING -- UTF-8 encoded,
-- [ISO10646] characters
LDAPOID ::= OCTET STRING -- Constrained to <numericoid>
-- [RFC4512]
LDAPDN ::= LDAPString -- Constrained to <distinguishedName>
-- [RFC4514]
RelativeLDAPDN ::=
LDAPString -- Constrained to <name-component>
-- [RFC4514]
AttributeDescription ::= LDAPString
-- Constrained to <attributedescription>
-- [RFC4512]
AttributeValue ::= OCTET STRING
AttributeValueAssertion ::= SEQUENCE {
attributeDesc AttributeDescription,
assertionValue AssertionValue
}
AssertionValue ::= OCTET STRING
PartialAttribute ::= SEQUENCE {
type AttributeDescription,
vals SET OF value AttributeValue
}
Attribute ::= PartialAttribute(WITH COMPONENTS {
...,
vals (SIZE (1..MAX))
})
MatchingRuleId ::= LDAPString
LDAPResult ::= SEQUENCE {
resultCode
ENUMERATED {success(0), operationsError(1), protocolError(2),
timeLimitExceeded(3), sizeLimitExceeded(4), compareFalse(5),
compareTrue(6), authMethodNotSupported(7),
strongerAuthRequired(8),
-- 9 reserved
referral(10), adminLimitExceeded(11),
unavailableCriticalExtension(12), confidentialityRequired(13),
saslBindInProgress(14), noSuchAttribute(16),
undefinedAttributeType(17), inappropriateMatching(18),
constraintViolation(19), attributeOrValueExists(20),
invalidAttributeSyntax(21),
-- 22-31 unused
noSuchObject(32), aliasProblem(33),
invalidDNSyntax(34),
-- 35 reserved for undefined isLeaf
aliasDereferencingProblem(36),
-- 37-47 unused
inappropriateAuthentication(48), invalidCredentials(49),
insufficientAccessRights(50), busy(51), unavailable(52),
unwillingToPerform(53),
loopDetect(54),
-- 55-63 unused
namingViolation(64), objectClassViolation(65),
notAllowedOnNonLeaf(66), notAllowedOnRDN(67),
entryAlreadyExists(68),
objectClassModsProhibited(69),
-- 70 reserved for CLDAP
affectsMultipleDSAs(71),
-- 72-79 unused
other(80), ...
},
matchedDN LDAPDN,
diagnosticMessage LDAPString,
referral [3] Referral OPTIONAL
}
Referral ::= SEQUENCE SIZE (1..MAX) OF uri URI
URI ::= LDAPString -- limited to characters permitted in
-- URIs
Controls ::= SEQUENCE OF control Control
Control ::= SEQUENCE {
controlType LDAPOID,
criticality BOOLEAN DEFAULT FALSE,
controlValue OCTET STRING OPTIONAL
}
BindRequest ::= [APPLICATION 0] SEQUENCE {
version INTEGER(1..127),
name LDAPDN,
authentication AuthenticationChoice
}
AuthenticationChoice ::= CHOICE {
simple [0] OCTET STRING,
-- 1 and 2 reserved
sasl [3] SaslCredentials,
...
}
SaslCredentials ::= SEQUENCE {
mechanism LDAPString,
credentials OCTET STRING OPTIONAL
}
BindResponse ::= [APPLICATION 1] SEQUENCE {
COMPONENTS OF LDAPResult,
serverSaslCreds [7] OCTET STRING OPTIONAL
}
UnbindRequest ::= [APPLICATION 2] NULL
SearchRequest ::= [APPLICATION 3] SEQUENCE {
baseObject LDAPDN,
scope
ENUMERATED {baseObject(0), singleLevel(1), wholeSubtree(2), ...
},
derefAliases
ENUMERATED {neverDerefAliases(0), derefInSearching(1),
derefFindingBaseObj(2), derefAlways(3)},
sizeLimit INTEGER(0..maxInt),
timeLimit INTEGER(0..maxInt),
typesOnly BOOLEAN,
filter Filter,
attributes AttributeSelection
}
AttributeSelection ::= SEQUENCE OF selector LDAPString
-- The LDAPString is constrained to
-- <attributeSelector> in Section 4.5.1.8
Filter ::= CHOICE {
and [0] SET SIZE (1..MAX) OF filter Filter,
or [1] SET SIZE (1..MAX) OF filter Filter,
not [2] Filter,
equalityMatch [3] AttributeValueAssertion,
substrings [4] SubstringFilter,
greaterOrEqual [5] AttributeValueAssertion,
lessOrEqual [6] AttributeValueAssertion,
present [7] AttributeDescription,
approxMatch [8] AttributeValueAssertion,
extensibleMatch [9] MatchingRuleAssertion,
...
}
SubstringFilter ::= SEQUENCE {
type AttributeDescription,
substrings
SEQUENCE SIZE (1..MAX) OF substring
CHOICE {initial [0] AssertionValue, -- can occur at most once--
any [1] AssertionValue,
final [2] AssertionValue} -- can occur at most once
}
MatchingRuleAssertion ::= SEQUENCE {
matchingRule [1] MatchingRuleId OPTIONAL,
type [2] AttributeDescription OPTIONAL,
matchValue [3] AssertionValue,
dnAttributes [4] BOOLEAN DEFAULT FALSE
}
SearchResultEntry ::= [APPLICATION 4] SEQUENCE {
objectName LDAPDN,
attributes PartialAttributeList
}
PartialAttributeList ::= SEQUENCE OF partialAttribute PartialAttribute
SearchResultReference ::= [APPLICATION 19] SEQUENCE SIZE (1..MAX) OF uri URI
SearchResultDone ::= [APPLICATION 5] LDAPResult
ModifyRequest ::= [APPLICATION 6] SEQUENCE {
object LDAPDN,
changes
SEQUENCE OF change
SEQUENCE {operation ENUMERATED {add(0), delete(1), replace(2), ...
},
modification PartialAttribute}
}
ModifyResponse ::= [APPLICATION 7] LDAPResult
AddRequest ::= [APPLICATION 8] SEQUENCE {
entry LDAPDN,
attributes AttributeList
}
AttributeList ::= SEQUENCE OF attribute Attribute
AddResponse ::= [APPLICATION 9] LDAPResult
DelRequest ::= [APPLICATION 10] LDAPDN
DelResponse ::= [APPLICATION 11] LDAPResult
ModifyDNRequest ::= [APPLICATION 12] SEQUENCE {
entry LDAPDN,
newrdn RelativeLDAPDN,
deleteoldrdn BOOLEAN,
newSuperior [0] LDAPDN OPTIONAL
}
ModifyDNResponse ::= [APPLICATION 13] LDAPResult
CompareRequest ::= [APPLICATION 14] SEQUENCE {
entry LDAPDN,
ava AttributeValueAssertion
}
CompareResponse ::= [APPLICATION 15] LDAPResult
AbandonRequest ::= [APPLICATION 16] MessageID
ExtendedRequest ::= [APPLICATION 23] SEQUENCE {
requestName [0] LDAPOID,
requestValue [1] OCTET STRING OPTIONAL
}
ExtendedResponse ::= [APPLICATION 24] SEQUENCE {
COMPONENTS OF LDAPResult,
responseName [10] LDAPOID OPTIONAL,
responseValue [11] OCTET STRING OPTIONAL
}
IntermediateResponse ::= [APPLICATION 25] SEQUENCE {
responseName [0] LDAPOID OPTIONAL,
responseValue [1] OCTET STRING OPTIONAL
}
END
-- Generated by Asnp, the ASN.1 pretty-printer of France Telecom R&D