1-- LDAPv3 ASN.1 specification, taken from RFC 2251 2 3-- Lightweight-Directory-Access-Protocol-V3 DEFINITIONS 4ELDAPv3 DEFINITIONS 5IMPLICIT TAGS ::= 6 7BEGIN 8 9LDAPMessage ::= SEQUENCE { 10 messageID MessageID, 11 protocolOp CHOICE { 12 bindRequest BindRequest, 13 bindResponse BindResponse, 14 unbindRequest UnbindRequest, 15 searchRequest SearchRequest, 16 searchResEntry SearchResultEntry, 17 searchResDone SearchResultDone, 18 searchResRef SearchResultReference, 19 modifyRequest ModifyRequest, 20 modifyResponse ModifyResponse, 21 addRequest AddRequest, 22 addResponse AddResponse, 23 delRequest DelRequest, 24 delResponse DelResponse, 25 modDNRequest ModifyDNRequest, 26 modDNResponse ModifyDNResponse, 27 compareRequest CompareRequest, 28 compareResponse CompareResponse, 29 abandonRequest AbandonRequest, 30 extendedReq ExtendedRequest, 31 extendedResp ExtendedResponse }, 32 controls [0] Controls OPTIONAL } 33 34MessageID ::= INTEGER (0 .. maxInt) 35 36maxInt INTEGER ::= 2147483647 -- (2^^31 - 1) -- 37 38LDAPString ::= OCTET STRING 39 40LDAPOID ::= OCTET STRING 41 42LDAPDN ::= LDAPString 43 44RelativeLDAPDN ::= LDAPString 45 46AttributeType ::= LDAPString 47 48AttributeDescription ::= LDAPString 49 50 51 52 53-- Wahl, et. al. Standards Track [Page 44] 54-- 55-- RFC 2251 LDAPv3 December 1997 56 57 58AttributeDescriptionList ::= SEQUENCE OF 59 AttributeDescription 60 61AttributeValue ::= OCTET STRING 62 63AttributeValueAssertion ::= SEQUENCE { 64 attributeDesc AttributeDescription, 65 assertionValue AssertionValue } 66 67AssertionValue ::= OCTET STRING 68 69Attribute ::= SEQUENCE { 70 type AttributeDescription, 71 vals SET OF AttributeValue } 72 73MatchingRuleId ::= LDAPString 74 75LDAPResult ::= SEQUENCE { 76 resultCode ENUMERATED { 77 success (0), 78 operationsError (1), 79 protocolError (2), 80 timeLimitExceeded (3), 81 sizeLimitExceeded (4), 82 compareFalse (5), 83 compareTrue (6), 84 authMethodNotSupported (7), 85 strongAuthRequired (8), 86 -- 9 reserved -- 87 referral (10), -- new 88 adminLimitExceeded (11), -- new 89 unavailableCriticalExtension (12), -- new 90 confidentialityRequired (13), -- new 91 saslBindInProgress (14), -- new 92 noSuchAttribute (16), 93 undefinedAttributeType (17), 94 inappropriateMatching (18), 95 constraintViolation (19), 96 attributeOrValueExists (20), 97 invalidAttributeSyntax (21), 98 -- 22-31 unused -- 99 noSuchObject (32), 100 aliasProblem (33), 101 invalidDNSyntax (34), 102 -- 35 reserved for undefined isLeaf -- 103 aliasDereferencingProblem (36), 104 -- 37-47 unused -- 105 inappropriateAuthentication (48), 106 107-- Wahl, et. al. Standards Track [Page 45] 108-- 109-- RFC 2251 LDAPv3 December 1997 110 111 112 invalidCredentials (49), 113 insufficientAccessRights (50), 114 busy (51), 115 unavailable (52), 116 unwillingToPerform (53), 117 loopDetect (54), 118 -- 55-63 unused -- 119 namingViolation (64), 120 objectClassViolation (65), 121 notAllowedOnNonLeaf (66), 122 notAllowedOnRDN (67), 123 entryAlreadyExists (68), 124 objectClassModsProhibited (69), 125 -- 70 reserved for CLDAP -- 126 affectsMultipleDSAs (71), -- new 127 -- 72-79 unused -- 128 other (80) }, 129 -- 81-90 reserved for APIs -- 130 matchedDN LDAPDN, 131 errorMessage LDAPString, 132 referral [3] Referral OPTIONAL } 133 134Referral ::= SEQUENCE OF LDAPURL 135 136LDAPURL ::= LDAPString -- limited to characters permitted in URLs 137 138Controls ::= SEQUENCE OF Control 139 140Control ::= SEQUENCE { 141 controlType LDAPOID, 142 criticality BOOLEAN DEFAULT FALSE, 143 controlValue OCTET STRING OPTIONAL } 144 145BindRequest ::= [APPLICATION 0] SEQUENCE { 146 version INTEGER (1 .. 127), 147 name LDAPDN, 148 authentication AuthenticationChoice } 149 150AuthenticationChoice ::= CHOICE { 151 simple [0] OCTET STRING, 152 -- 1 and 2 reserved 153 sasl [3] SaslCredentials } 154 155SaslCredentials ::= SEQUENCE { 156 mechanism LDAPString, 157 credentials OCTET STRING OPTIONAL } 158 159BindResponse ::= [APPLICATION 1] SEQUENCE { 160 161-- Wahl, et. al. Standards Track [Page 46] 162-- 163-- RFC 2251 LDAPv3 December 1997 164 165 166 COMPONENTS OF LDAPResult, 167 serverSaslCreds [7] OCTET STRING OPTIONAL } 168 169UnbindRequest ::= [APPLICATION 2] NULL 170 171SearchRequest ::= [APPLICATION 3] SEQUENCE { 172 baseObject LDAPDN, 173 scope ENUMERATED { 174 baseObject (0), 175 singleLevel (1), 176 wholeSubtree (2) }, 177 derefAliases ENUMERATED { 178 neverDerefAliases (0), 179 derefInSearching (1), 180 derefFindingBaseObj (2), 181 derefAlways (3) }, 182 sizeLimit INTEGER (0 .. maxInt), 183 timeLimit INTEGER (0 .. maxInt), 184 typesOnly BOOLEAN, 185 filter Filter, 186 attributes AttributeDescriptionList } 187 188Filter ::= CHOICE { 189 and [0] SET OF Filter, 190 or [1] SET OF Filter, 191 not [2] Filter, 192 equalityMatch [3] AttributeValueAssertion, 193 substrings [4] SubstringFilter, 194 greaterOrEqual [5] AttributeValueAssertion, 195 lessOrEqual [6] AttributeValueAssertion, 196 present [7] AttributeDescription, 197 approxMatch [8] AttributeValueAssertion, 198 extensibleMatch [9] MatchingRuleAssertion } 199 200SubstringFilter ::= SEQUENCE { 201 type AttributeDescription, 202 -- at least one must be present 203 substrings SEQUENCE OF CHOICE { 204 initial [0] LDAPString, 205 any [1] LDAPString, 206 final [2] LDAPString } } 207 208MatchingRuleAssertion ::= SEQUENCE { 209 matchingRule [1] MatchingRuleId OPTIONAL, 210 type [2] AttributeDescription OPTIONAL, 211 matchValue [3] AssertionValue, 212 dnAttributes [4] BOOLEAN DEFAULT FALSE } 213 214-- Wahl, et. al. Standards Track [Page 47] 215-- 216-- RFC 2251 LDAPv3 December 1997 217 218SearchResultEntry ::= [APPLICATION 4] SEQUENCE { 219 objectName LDAPDN, 220 attributes PartialAttributeList } 221 222PartialAttributeList ::= SEQUENCE OF SEQUENCE { 223 type AttributeDescription, 224 vals SET OF AttributeValue } 225 226SearchResultReference ::= [APPLICATION 19] SEQUENCE OF LDAPURL 227 228SearchResultDone ::= [APPLICATION 5] LDAPResult 229 230ModifyRequest ::= [APPLICATION 6] SEQUENCE { 231 object LDAPDN, 232 modification SEQUENCE OF SEQUENCE { 233 operation ENUMERATED { 234 add (0), 235 delete (1), 236 replace (2) }, 237 modification AttributeTypeAndValues } } 238 239AttributeTypeAndValues ::= SEQUENCE { 240 type AttributeDescription, 241 vals SET OF AttributeValue } 242 243ModifyResponse ::= [APPLICATION 7] LDAPResult 244 245AddRequest ::= [APPLICATION 8] SEQUENCE { 246 entry LDAPDN, 247 attributes AttributeList } 248 249AttributeList ::= SEQUENCE OF SEQUENCE { 250 type AttributeDescription, 251 vals SET OF AttributeValue } 252 253AddResponse ::= [APPLICATION 9] LDAPResult 254 255DelRequest ::= [APPLICATION 10] LDAPDN 256 257DelResponse ::= [APPLICATION 11] LDAPResult 258 259ModifyDNRequest ::= [APPLICATION 12] SEQUENCE { 260 entry LDAPDN, 261 newrdn RelativeLDAPDN, 262 deleteoldrdn BOOLEAN, 263 newSuperior [0] LDAPDN OPTIONAL } 264 265ModifyDNResponse ::= [APPLICATION 13] LDAPResult 266 267-- Wahl, et. al. Standards Track [Page 48] 268-- 269-- RFC 2251 LDAPv3 December 1997 270 271 272CompareRequest ::= [APPLICATION 14] SEQUENCE { 273 entry LDAPDN, 274 ava AttributeValueAssertion } 275 276CompareResponse ::= [APPLICATION 15] LDAPResult 277 278AbandonRequest ::= [APPLICATION 16] MessageID 279 280ExtendedRequest ::= [APPLICATION 23] SEQUENCE { 281 requestName [0] LDAPOID, 282 requestValue [1] OCTET STRING OPTIONAL } 283 284ExtendedResponse ::= [APPLICATION 24] SEQUENCE { 285 COMPONENTS OF LDAPResult, 286 responseName [10] LDAPOID OPTIONAL, 287 response [11] OCTET STRING OPTIONAL } 288 289END 290 291 292