1 --Lightweight-Directory-Access-Protocol-V3 {1 3 6 1 1 18} 2 -- Copyright (C) The Internet Society (2006). This version of 3 -- this ASN.1 module is part of RFC 4511; see the RFC itself 4 -- for full legal notices. 5 LDAP 6 DEFINITIONS 7 IMPLICIT TAGS 8 EXTENSIBILITY IMPLIED 9 ::= 10 11 BEGIN 12 13 LDAPMessage ::= SEQUENCE { 14 messageID MessageID, 15 protocolOp CHOICE { 16 bindRequest BindRequest, 17 bindResponse BindResponse, 18 unbindRequest UnbindRequest, 19 searchRequest SearchRequest, 20 searchResEntry SearchResultEntry, 21 searchResDone SearchResultDone, 22 searchResRef SearchResultReference, 23 modifyRequest ModifyRequest, 24 modifyResponse ModifyResponse, 25 addRequest AddRequest, 26 addResponse AddResponse, 27 delRequest DelRequest, 28 delResponse DelResponse, 29 modDNRequest ModifyDNRequest, 30 modDNResponse ModifyDNResponse, 31 compareRequest CompareRequest, 32 compareResponse CompareResponse, 33 abandonRequest AbandonRequest, 34 extendedReq ExtendedRequest, 35 extendedResp ExtendedResponse, 36 ..., 37 intermediateResponse IntermediateResponse }, 38 controls [0] Controls OPTIONAL } 39 40 MessageID ::= INTEGER (0 .. maxInt) 41 42 maxInt INTEGER ::= 2147483647 -- (2^^31 - 1) -- 43 44 LDAPString ::= OCTET STRING -- UTF-8 encoded, 45 -- [ISO10646] characters 46 47 LDAPOID ::= OCTET STRING -- Constrained to <numericoid> 48 -- [RFC4512] 49 50 51 LDAPDN ::= LDAPString -- Constrained to <distinguishedName> 52 -- [RFC4514] 53 54 RelativeLDAPDN ::= LDAPString -- Constrained to <name-component> 55 -- [RFC4514] 56 57 AttributeDescription ::= LDAPString 58 -- Constrained to <attributedescription> 59 -- [RFC4512] 60 61 AttributeValue ::= OCTET STRING 62 63 AttributeValueAssertion ::= SEQUENCE { 64 attributeDesc AttributeDescription, 65 assertionValue AssertionValue } 66 67 AssertionValue ::= OCTET STRING 68 69 PartialAttribute ::= SEQUENCE { 70 type AttributeDescription, 71 vals SET OF value AttributeValue } 72 73 Attribute ::= PartialAttribute(WITH COMPONENTS { 74 ..., 75 vals (SIZE(1..MAX))}) 76 77 MatchingRuleId ::= LDAPString 78 79 LDAPResult ::= SEQUENCE { 80 resultCode ENUMERATED { 81 success (0), 82 operationsError (1), 83 protocolError (2), 84 timeLimitExceeded (3), 85 sizeLimitExceeded (4), 86 compareFalse (5), 87 compareTrue (6), 88 authMethodNotSupported (7), 89 strongerAuthRequired (8), 90 -- 9 reserved -- 91 referral (10), 92 adminLimitExceeded (11), 93 unavailableCriticalExtension (12), 94 confidentialityRequired (13), 95 saslBindInProgress (14), 96 97 noSuchAttribute (16), 98 undefinedAttributeType (17), 99 inappropriateMatching (18), 100 constraintViolation (19), 101 attributeOrValueExists (20), 102 invalidAttributeSyntax (21), 103 -- 22-31 unused -- 104 noSuchObject (32), 105 aliasProblem (33), 106 invalidDNSyntax (34), 107 -- 35 reserved for undefined isLeaf -- 108 aliasDereferencingProblem (36), 109 -- 37-47 unused -- 110 inappropriateAuthentication (48), 111 invalidCredentials (49), 112 insufficientAccessRights (50), 113 busy (51), 114 unavailable (52), 115 unwillingToPerform (53), 116 loopDetect (54), 117 -- 55-63 unused -- 118 namingViolation (64), 119 objectClassViolation (65), 120 notAllowedOnNonLeaf (66), 121 notAllowedOnRDN (67), 122 entryAlreadyExists (68), 123 objectClassModsProhibited (69), 124 -- 70 reserved for CLDAP -- 125 affectsMultipleDSAs (71), 126 -- 72-79 unused -- 127 other (80), 128 ... }, 129 matchedDN LDAPDN, 130 diagnosticMessage LDAPString, 131 referral [3] Referral OPTIONAL } 132 133 Referral ::= SEQUENCE SIZE (1..MAX) OF uri URI 134 135 URI ::= LDAPString -- limited to characters permitted in 136 -- URIs 137 138 Controls ::= SEQUENCE OF control Control 139 140 Control ::= SEQUENCE { 141 controlType LDAPOID, 142 criticality BOOLEAN DEFAULT FALSE, 143 controlValue OCTET STRING OPTIONAL } 144 145 146 BindRequest ::= [APPLICATION 0] SEQUENCE { 147 version INTEGER (1 .. 127), 148 name LDAPDN, 149 authentication AuthenticationChoice } 150 151 AuthenticationChoice ::= CHOICE { 152 simple [0] OCTET STRING, 153 -- 1 and 2 reserved 154 sasl [3] SaslCredentials, 155 ... } 156 157 SaslCredentials ::= SEQUENCE { 158 mechanism LDAPString, 159 credentials OCTET STRING OPTIONAL } 160 161 BindResponse ::= [APPLICATION 1] SEQUENCE { 162 COMPONENTS OF LDAPResult, 163 serverSaslCreds [7] OCTET STRING OPTIONAL } 164 165 UnbindRequest ::= [APPLICATION 2] NULL 166 167 SearchRequest ::= [APPLICATION 3] SEQUENCE { 168 baseObject LDAPDN, 169 scope ENUMERATED { 170 baseObject (0), 171 singleLevel (1), 172 wholeSubtree (2), 173 ... }, 174 derefAliases ENUMERATED { 175 neverDerefAliases (0), 176 derefInSearching (1), 177 derefFindingBaseObj (2), 178 derefAlways (3) }, 179 sizeLimit INTEGER (0 .. maxInt), 180 timeLimit INTEGER (0 .. maxInt), 181 typesOnly BOOLEAN, 182 filter Filter, 183 attributes AttributeSelection } 184 185 AttributeSelection ::= SEQUENCE OF selector LDAPString 186 -- The LDAPString is constrained to 187 -- <attributeSelector> in Section 4.5.1.8 188 189 Filter ::= CHOICE { 190 and [0] SET SIZE (1..MAX) OF filter Filter, 191 or [1] SET SIZE (1..MAX) OF filter Filter, 192 not [2] Filter, 193 equalityMatch [3] AttributeValueAssertion, 194 substrings [4] SubstringFilter, 195 greaterOrEqual [5] AttributeValueAssertion, 196 lessOrEqual [6] AttributeValueAssertion, 197 present [7] AttributeDescription, 198 approxMatch [8] AttributeValueAssertion, 199 extensibleMatch [9] MatchingRuleAssertion, 200 ... } 201 202 SubstringFilter ::= SEQUENCE { 203 type AttributeDescription, 204 substrings SEQUENCE SIZE (1..MAX) OF substring CHOICE { 205 initial [0] AssertionValue, -- can occur at most once 206 any [1] AssertionValue, 207 final [2] AssertionValue } -- can occur at most once 208 } 209 210 MatchingRuleAssertion ::= SEQUENCE { 211 matchingRule [1] MatchingRuleId OPTIONAL, 212 type [2] AttributeDescription OPTIONAL, 213 matchValue [3] AssertionValue, 214 dnAttributes [4] BOOLEAN DEFAULT FALSE } 215 216 SearchResultEntry ::= [APPLICATION 4] SEQUENCE { 217 objectName LDAPDN, 218 attributes PartialAttributeList } 219 220 PartialAttributeList ::= SEQUENCE OF 221 partialAttribute PartialAttribute 222 223 SearchResultReference ::= [APPLICATION 19] SEQUENCE 224 SIZE (1..MAX) OF uri URI 225 226 SearchResultDone ::= [APPLICATION 5] LDAPResult 227 228 ModifyRequest ::= [APPLICATION 6] SEQUENCE { 229 object LDAPDN, 230 changes SEQUENCE OF change SEQUENCE { 231 operation ENUMERATED { 232 add (0), 233 delete (1), 234 replace (2), 235 ... }, 236 modification PartialAttribute } } 237 238 ModifyResponse ::= [APPLICATION 7] LDAPResult 239 240 AddRequest ::= [APPLICATION 8] SEQUENCE { 241 entry LDAPDN, 242 attributes AttributeList } 243 244 AttributeList ::= SEQUENCE OF attribute Attribute 245 246 AddResponse ::= [APPLICATION 9] LDAPResult 247 248 DelRequest ::= [APPLICATION 10] LDAPDN 249 250 DelResponse ::= [APPLICATION 11] LDAPResult 251 252 ModifyDNRequest ::= [APPLICATION 12] SEQUENCE { 253 entry LDAPDN, 254 newrdn RelativeLDAPDN, 255 deleteoldrdn BOOLEAN, 256 newSuperior [0] LDAPDN OPTIONAL } 257 258 ModifyDNResponse ::= [APPLICATION 13] LDAPResult 259 260 CompareRequest ::= [APPLICATION 14] SEQUENCE { 261 entry LDAPDN, 262 ava AttributeValueAssertion } 263 264 CompareResponse ::= [APPLICATION 15] LDAPResult 265 266 AbandonRequest ::= [APPLICATION 16] MessageID 267 268 ExtendedRequest ::= [APPLICATION 23] SEQUENCE { 269 requestName [0] LDAPOID, 270 requestValue [1] OCTET STRING OPTIONAL } 271 272 ExtendedResponse ::= [APPLICATION 24] SEQUENCE { 273 COMPONENTS OF LDAPResult, 274 responseName [10] LDAPOID OPTIONAL, 275 responseValue [11] OCTET STRING OPTIONAL } 276 277 IntermediateResponse ::= [APPLICATION 25] SEQUENCE { 278 responseName [0] LDAPOID OPTIONAL, 279 responseValue [1] OCTET STRING OPTIONAL } 280 281 END 282 283 284