1
-- LDAPv3 ASN.1 specification, taken from RFC 2251
3
-- Lightweight-Directory-Access-Protocol-V3 DEFINITIONS
9
LDAPMessage ::= SEQUENCE {
12
bindRequest BindRequest,
13
bindResponse BindResponse,
14
unbindRequest UnbindRequest,
15
searchRequest SearchRequest,
16
searchResEntry SearchResultEntry,
17
searchResDone SearchResultDone,
18
searchResRef SearchResultReference,
19
modifyRequest ModifyRequest,
20
modifyResponse ModifyResponse,
21
addRequest AddRequest,
22
addResponse AddResponse,
23
delRequest DelRequest,
24
delResponse DelResponse,
25
modDNRequest ModifyDNRequest,
26
modDNResponse ModifyDNResponse,
27
compareRequest CompareRequest,
28
compareResponse CompareResponse,
29
abandonRequest AbandonRequest,
30
extendedReq ExtendedRequest,
31
extendedResp ExtendedResponse },
32
controls [0] Controls OPTIONAL }
34
MessageID ::= INTEGER (0 .. maxInt)
36
maxInt INTEGER ::= 2147483647 -- (2^^31 - 1) --
38
LDAPString ::= OCTET STRING
40
LDAPOID ::= OCTET STRING
44
RelativeLDAPDN ::= LDAPString
46
AttributeType ::= LDAPString
48
AttributeDescription ::= LDAPString
53
-- Wahl, et. al. Standards Track [Page 44]
55
-- RFC 2251 LDAPv3 December 1997
58
AttributeDescriptionList ::= SEQUENCE OF
61
AttributeValue ::= OCTET STRING
63
AttributeValueAssertion ::= SEQUENCE {
64
attributeDesc AttributeDescription,
65
assertionValue AssertionValue }
67
AssertionValue ::= OCTET STRING
69
Attribute ::= SEQUENCE {
70
type AttributeDescription,
71
vals SET OF AttributeValue }
73
MatchingRuleId ::= LDAPString
75
LDAPResult ::= SEQUENCE {
76
resultCode ENUMERATED {
80
timeLimitExceeded (3),
81
sizeLimitExceeded (4),
84
authMethodNotSupported (7),
85
strongAuthRequired (8),
88
adminLimitExceeded (11), -- new
89
unavailableCriticalExtension (12), -- new
90
confidentialityRequired (13), -- new
91
saslBindInProgress (14), -- new
93
undefinedAttributeType (17),
94
inappropriateMatching (18),
95
constraintViolation (19),
96
attributeOrValueExists (20),
97
invalidAttributeSyntax (21),
101
invalidDNSyntax (34),
102
-- 35 reserved for undefined isLeaf --
103
aliasDereferencingProblem (36),
105
inappropriateAuthentication (48),
107
-- Wahl, et. al. Standards Track [Page 45]
109
-- RFC 2251 LDAPv3 December 1997
112
invalidCredentials (49),
113
insufficientAccessRights (50),
116
unwillingToPerform (53),
119
namingViolation (64),
120
objectClassViolation (65),
121
notAllowedOnNonLeaf (66),
122
notAllowedOnRDN (67),
123
entryAlreadyExists (68),
124
objectClassModsProhibited (69),
125
-- 70 reserved for CLDAP --
126
affectsMultipleDSAs (71), -- new
129
-- 81-90 reserved for APIs --
131
errorMessage LDAPString,
132
referral [3] Referral OPTIONAL }
134
Referral ::= SEQUENCE OF LDAPURL
136
LDAPURL ::= LDAPString -- limited to characters permitted in URLs
138
Controls ::= SEQUENCE OF Control
140
Control ::= SEQUENCE {
142
criticality BOOLEAN DEFAULT FALSE,
143
controlValue OCTET STRING OPTIONAL }
145
BindRequest ::= [APPLICATION 0] SEQUENCE {
146
version INTEGER (1 .. 127),
148
authentication AuthenticationChoice }
150
AuthenticationChoice ::= CHOICE {
151
simple [0] OCTET STRING,
153
sasl [3] SaslCredentials }
155
SaslCredentials ::= SEQUENCE {
156
mechanism LDAPString,
157
credentials OCTET STRING OPTIONAL }
159
BindResponse ::= [APPLICATION 1] SEQUENCE {
161
-- Wahl, et. al. Standards Track [Page 46]
163
-- RFC 2251 LDAPv3 December 1997
166
COMPONENTS OF LDAPResult,
167
serverSaslCreds [7] OCTET STRING OPTIONAL }
169
UnbindRequest ::= [APPLICATION 2] NULL
171
SearchRequest ::= [APPLICATION 3] SEQUENCE {
177
derefAliases ENUMERATED {
178
neverDerefAliases (0),
179
derefInSearching (1),
180
derefFindingBaseObj (2),
182
sizeLimit INTEGER (0 .. maxInt),
183
timeLimit INTEGER (0 .. maxInt),
186
attributes AttributeDescriptionList }
189
and [0] SET OF Filter,
190
or [1] SET OF Filter,
192
equalityMatch [3] AttributeValueAssertion,
193
substrings [4] SubstringFilter,
194
greaterOrEqual [5] AttributeValueAssertion,
195
lessOrEqual [6] AttributeValueAssertion,
196
present [7] AttributeDescription,
197
approxMatch [8] AttributeValueAssertion,
198
extensibleMatch [9] MatchingRuleAssertion }
200
SubstringFilter ::= SEQUENCE {
201
type AttributeDescription,
202
-- at least one must be present
203
substrings SEQUENCE OF CHOICE {
204
initial [0] LDAPString,
206
final [2] LDAPString } }
208
MatchingRuleAssertion ::= SEQUENCE {
209
matchingRule [1] MatchingRuleId OPTIONAL,
210
type [2] AttributeDescription OPTIONAL,
211
matchValue [3] AssertionValue,
212
dnAttributes [4] BOOLEAN DEFAULT FALSE }
214
-- Wahl, et. al. Standards Track [Page 47]
216
-- RFC 2251 LDAPv3 December 1997
218
SearchResultEntry ::= [APPLICATION 4] SEQUENCE {
220
attributes PartialAttributeList }
222
PartialAttributeList ::= SEQUENCE OF SEQUENCE {
223
type AttributeDescription,
224
vals SET OF AttributeValue }
226
SearchResultReference ::= [APPLICATION 19] SEQUENCE OF LDAPURL
228
SearchResultDone ::= [APPLICATION 5] LDAPResult
230
ModifyRequest ::= [APPLICATION 6] SEQUENCE {
232
modification SEQUENCE OF SEQUENCE {
233
operation ENUMERATED {
237
modification AttributeTypeAndValues } }
239
AttributeTypeAndValues ::= SEQUENCE {
240
type AttributeDescription,
241
vals SET OF AttributeValue }
243
ModifyResponse ::= [APPLICATION 7] LDAPResult
245
AddRequest ::= [APPLICATION 8] SEQUENCE {
247
attributes AttributeList }
249
AttributeList ::= SEQUENCE OF SEQUENCE {
250
type AttributeDescription,
251
vals SET OF AttributeValue }
253
AddResponse ::= [APPLICATION 9] LDAPResult
255
DelRequest ::= [APPLICATION 10] LDAPDN
257
DelResponse ::= [APPLICATION 11] LDAPResult
259
ModifyDNRequest ::= [APPLICATION 12] SEQUENCE {
261
newrdn RelativeLDAPDN,
262
deleteoldrdn BOOLEAN,
263
newSuperior [0] LDAPDN OPTIONAL }
265
ModifyDNResponse ::= [APPLICATION 13] LDAPResult
267
-- Wahl, et. al. Standards Track [Page 48]
269
-- RFC 2251 LDAPv3 December 1997
272
CompareRequest ::= [APPLICATION 14] SEQUENCE {
274
ava AttributeValueAssertion }
276
CompareResponse ::= [APPLICATION 15] LDAPResult
278
AbandonRequest ::= [APPLICATION 16] MessageID
280
ExtendedRequest ::= [APPLICATION 23] SEQUENCE {
281
requestName [0] LDAPOID,
282
requestValue [1] OCTET STRING OPTIONAL }
284
ExtendedResponse ::= [APPLICATION 24] SEQUENCE {
285
COMPONENTS OF LDAPResult,
286
responseName [10] LDAPOID OPTIONAL,
287
response [11] OCTET STRING OPTIONAL }