1-- Lightweight-Directory-Access-Protocol-V3 {1 3 6 1 1 18} 2-- Copyright (C) The Internet Society (2006). This version of 3-- this ASN.1 module is part of RFC 4511; see the RFC itself 4-- for full legal notices. 5ELDAPv3 DEFINITIONS 6IMPLICIT TAGS 7EXTENSIBILITY IMPLIED ::= 8 9BEGIN 10 11LDAPMessage ::= SEQUENCE { 12 messageID MessageID, 13 protocolOp CHOICE { 14 bindRequest BindRequest, 15 bindResponse BindResponse, 16 unbindRequest UnbindRequest, 17 searchRequest SearchRequest, 18 searchResEntry SearchResultEntry, 19 searchResDone SearchResultDone, 20 searchResRef SearchResultReference, 21 modifyRequest ModifyRequest, 22 modifyResponse ModifyResponse, 23 addRequest AddRequest, 24 addResponse AddResponse, 25 delRequest DelRequest, 26 delResponse DelResponse, 27 modDNRequest ModifyDNRequest, 28 modDNResponse ModifyDNResponse, 29 compareRequest CompareRequest, 30 compareResponse CompareResponse, 31 abandonRequest AbandonRequest, 32 extendedReq ExtendedRequest, 33 extendedResp ExtendedResponse, 34 ..., 35 intermediateResponse IntermediateResponse }, 36 controls [0] Controls OPTIONAL } 37 38MessageID ::= INTEGER (0 .. maxInt) 39 40maxInt INTEGER ::= 2147483647 -- (2^^31 - 1) -- 41 42LDAPString ::= OCTET STRING -- UTF-8 encoded, 43 -- [ISO10646] characters 44 45LDAPOID ::= OCTET STRING -- Constrained to <numericoid> 46 -- [RFC4512] 47 48LDAPDN ::= LDAPString -- Constrained to <distinguishedName> 49 -- [RFC4514] 50 51RelativeLDAPDN ::= LDAPString -- Constrained to <name-component> 52 -- [RFC4514] 53 54AttributeDescription ::= LDAPString 55 -- Constrained to <attributedescription> 56 -- [RFC4512] 57 58AttributeValue ::= OCTET STRING 59 60AttributeValueAssertion ::= SEQUENCE { 61 attributeDesc AttributeDescription, 62 assertionValue AssertionValue } 63 64AssertionValue ::= OCTET STRING 65 66PartialAttribute ::= SEQUENCE { 67 type AttributeDescription, 68 vals SET OF value AttributeValue } 69 70Attribute ::= PartialAttribute(WITH COMPONENTS { 71 ..., 72 vals (SIZE(1..MAX))}) 73 74MatchingRuleId ::= LDAPString 75 76LDAPResult ::= SEQUENCE { 77 resultCode ENUMERATED { 78 success (0), 79 operationsError (1), 80 protocolError (2), 81 timeLimitExceeded (3), 82 sizeLimitExceeded (4), 83 compareFalse (5), 84 compareTrue (6), 85 authMethodNotSupported (7), 86 strongerAuthRequired (8), 87 -- 9 reserved -- 88 referral (10), 89 adminLimitExceeded (11), 90 unavailableCriticalExtension (12), 91 confidentialityRequired (13), 92 saslBindInProgress (14), 93 94 noSuchAttribute (16), 95 undefinedAttributeType (17), 96 inappropriateMatching (18), 97 constraintViolation (19), 98 attributeOrValueExists (20), 99 invalidAttributeSyntax (21), 100 -- 22-31 unused -- 101 noSuchObject (32), 102 aliasProblem (33), 103 invalidDNSyntax (34), 104 -- 35 reserved for undefined isLeaf -- 105 aliasDereferencingProblem (36), 106 -- 37-47 unused -- 107 inappropriateAuthentication (48), 108 invalidCredentials (49), 109 insufficientAccessRights (50), 110 busy (51), 111 unavailable (52), 112 unwillingToPerform (53), 113 loopDetect (54), 114 -- 55-63 unused -- 115 namingViolation (64), 116 objectClassViolation (65), 117 notAllowedOnNonLeaf (66), 118 notAllowedOnRDN (67), 119 entryAlreadyExists (68), 120 objectClassModsProhibited (69), 121 -- 70 reserved for CLDAP -- 122 affectsMultipleDSAs (71), 123 -- 72-79 unused -- 124 other (80), 125 ... }, 126 matchedDN LDAPDN, 127 diagnosticMessage LDAPString, 128 referral [3] Referral OPTIONAL } 129 130Referral ::= SEQUENCE SIZE (1..MAX) OF uri URI 131 132URI ::= LDAPString -- limited to characters permitted in 133 -- URIs 134 135Controls ::= SEQUENCE OF control Control 136 137Control ::= SEQUENCE { 138 controlType LDAPOID, 139 criticality BOOLEAN DEFAULT FALSE, 140 controlValue OCTET STRING OPTIONAL } 141 142BindRequest ::= [APPLICATION 0] SEQUENCE { 143 version INTEGER (1 .. 127), 144 name LDAPDN, 145 authentication AuthenticationChoice } 146 147AuthenticationChoice ::= CHOICE { 148 simple [0] OCTET STRING, 149 -- 1 and 2 reserved 150 sasl [3] SaslCredentials, 151 ... } 152 153SaslCredentials ::= SEQUENCE { 154 mechanism LDAPString, 155 credentials OCTET STRING OPTIONAL } 156 157BindResponse ::= [APPLICATION 1] SEQUENCE { 158 COMPONENTS OF LDAPResult, 159 serverSaslCreds [7] OCTET STRING OPTIONAL } 160 161UnbindRequest ::= [APPLICATION 2] NULL 162 163SearchRequest ::= [APPLICATION 3] SEQUENCE { 164 baseObject LDAPDN, 165 scope ENUMERATED { 166 baseObject (0), 167 singleLevel (1), 168 wholeSubtree (2), 169 ... }, 170 derefAliases ENUMERATED { 171 neverDerefAliases (0), 172 derefInSearching (1), 173 derefFindingBaseObj (2), 174 derefAlways (3) }, 175 sizeLimit INTEGER (0 .. maxInt), 176 timeLimit INTEGER (0 .. maxInt), 177 typesOnly BOOLEAN, 178 filter Filter, 179 attributes AttributeSelection } 180 181AttributeSelection ::= SEQUENCE OF selector LDAPString 182 -- The LDAPString is constrained to 183 -- <attributeSelector> in Section 4.5.1.8 184 185Filter ::= CHOICE { 186 and [0] SET SIZE (1..MAX) OF filter Filter, 187 or [1] SET SIZE (1..MAX) OF filter Filter, 188 not [2] Filter, 189 equalityMatch [3] AttributeValueAssertion, 190 substrings [4] SubstringFilter, 191 greaterOrEqual [5] AttributeValueAssertion, 192 lessOrEqual [6] AttributeValueAssertion, 193 present [7] AttributeDescription, 194 approxMatch [8] AttributeValueAssertion, 195 extensibleMatch [9] MatchingRuleAssertion, 196 ... } 197 198SubstringFilter ::= SEQUENCE { 199 type AttributeDescription, 200 substrings SEQUENCE SIZE (1..MAX) OF substring CHOICE { 201 initial [0] AssertionValue, -- can occur at most once 202 any [1] AssertionValue, 203 final [2] AssertionValue } -- can occur at most once 204 } 205 206MatchingRuleAssertion ::= SEQUENCE { 207 matchingRule [1] MatchingRuleId OPTIONAL, 208 type [2] AttributeDescription OPTIONAL, 209 matchValue [3] AssertionValue, 210 dnAttributes [4] BOOLEAN DEFAULT FALSE } 211 212SearchResultEntry ::= [APPLICATION 4] SEQUENCE { 213 objectName LDAPDN, 214 attributes PartialAttributeList } 215 216PartialAttributeList ::= SEQUENCE OF 217 partialAttribute PartialAttribute 218 219SearchResultReference ::= [APPLICATION 19] SEQUENCE 220 SIZE (1..MAX) OF uri URI 221 222SearchResultDone ::= [APPLICATION 5] LDAPResult 223 224ModifyRequest ::= [APPLICATION 6] SEQUENCE { 225 object LDAPDN, 226 changes SEQUENCE OF change SEQUENCE { 227 operation ENUMERATED { 228 add (0), 229 delete (1), 230 replace (2), 231 ... }, 232 modification PartialAttribute } } 233 234ModifyResponse ::= [APPLICATION 7] LDAPResult 235 236AddRequest ::= [APPLICATION 8] SEQUENCE { 237 entry LDAPDN, 238 attributes AttributeList } 239 240AttributeList ::= SEQUENCE OF attribute Attribute 241 242AddResponse ::= [APPLICATION 9] LDAPResult 243 244DelRequest ::= [APPLICATION 10] LDAPDN 245 246DelResponse ::= [APPLICATION 11] LDAPResult 247 248ModifyDNRequest ::= [APPLICATION 12] SEQUENCE { 249 entry LDAPDN, 250 newrdn RelativeLDAPDN, 251 deleteoldrdn BOOLEAN, 252 newSuperior [0] LDAPDN OPTIONAL } 253 254ModifyDNResponse ::= [APPLICATION 13] LDAPResult 255 256CompareRequest ::= [APPLICATION 14] SEQUENCE { 257 entry LDAPDN, 258 ava AttributeValueAssertion } 259 260CompareResponse ::= [APPLICATION 15] LDAPResult 261 262AbandonRequest ::= [APPLICATION 16] MessageID 263 264ExtendedRequest ::= [APPLICATION 23] SEQUENCE { 265 requestName [0] LDAPOID, 266 requestValue [1] OCTET STRING OPTIONAL } 267 268ExtendedResponse ::= [APPLICATION 24] SEQUENCE { 269 COMPONENTS OF LDAPResult, 270 responseName [10] LDAPOID OPTIONAL, 271 responseValue [11] OCTET STRING OPTIONAL } 272 273IntermediateResponse ::= [APPLICATION 25] SEQUENCE { 274 responseName [0] LDAPOID OPTIONAL, 275 responseValue [1] OCTET STRING OPTIONAL } 276 277-- Extended syntax for Password Modify (RFC 3062, Section 2) 278 279-- passwdModifyOID OBJECT IDENTIFIER ::= 1.3.6.1.4.1.4203.1.11.1 280 281PasswdModifyRequestValue ::= SEQUENCE { 282 userIdentity [0] OCTET STRING OPTIONAL, 283 oldPasswd [1] OCTET STRING OPTIONAL, 284 newPasswd [2] OCTET STRING OPTIONAL } 285 286PasswdModifyResponseValue ::= SEQUENCE { 287 genPasswd [0] OCTET STRING OPTIONAL } 288 289END 290 291