1
--Lightweight-Directory-Access-Protocol-V3 {1 3 6 1 1 18}
2
-- Copyright (C) The Internet Society (2006). This version of
3
-- this ASN.1 module is part of RFC 4511; see the RFC itself
4
-- for full legal notices.
13
LDAPMessage ::= SEQUENCE {
16
bindRequest BindRequest,
17
bindResponse BindResponse,
18
unbindRequest UnbindRequest,
19
searchRequest SearchRequest,
20
searchResEntry SearchResultEntry,
21
searchResDone SearchResultDone,
22
searchResRef SearchResultReference,
23
modifyRequest ModifyRequest,
24
modifyResponse ModifyResponse,
25
addRequest AddRequest,
26
addResponse AddResponse,
27
delRequest DelRequest,
28
delResponse DelResponse,
29
modDNRequest ModifyDNRequest,
30
modDNResponse ModifyDNResponse,
31
compareRequest CompareRequest,
32
compareResponse CompareResponse,
33
abandonRequest AbandonRequest,
34
extendedReq ExtendedRequest,
35
extendedResp ExtendedResponse,
37
intermediateResponse IntermediateResponse },
38
controls [0] Controls OPTIONAL }
40
MessageID ::= INTEGER (0 .. maxInt)
42
maxInt INTEGER ::= 2147483647 -- (2^^31 - 1) --
44
LDAPString ::= OCTET STRING -- UTF-8 encoded,
45
-- [ISO10646] characters
47
LDAPOID ::= OCTET STRING -- Constrained to <numericoid>
51
LDAPDN ::= LDAPString -- Constrained to <distinguishedName>
54
RelativeLDAPDN ::= LDAPString -- Constrained to <name-component>
57
AttributeDescription ::= LDAPString
58
-- Constrained to <attributedescription>
61
AttributeValue ::= OCTET STRING
63
AttributeValueAssertion ::= SEQUENCE {
64
attributeDesc AttributeDescription,
65
assertionValue AssertionValue }
67
AssertionValue ::= OCTET STRING
69
PartialAttribute ::= SEQUENCE {
70
type AttributeDescription,
71
vals SET OF value AttributeValue }
73
Attribute ::= PartialAttribute(WITH COMPONENTS {
77
MatchingRuleId ::= LDAPString
79
LDAPResult ::= SEQUENCE {
80
resultCode ENUMERATED {
84
timeLimitExceeded (3),
85
sizeLimitExceeded (4),
88
authMethodNotSupported (7),
89
strongerAuthRequired (8),
92
adminLimitExceeded (11),
93
unavailableCriticalExtension (12),
94
confidentialityRequired (13),
95
saslBindInProgress (14),
98
undefinedAttributeType (17),
99
inappropriateMatching (18),
100
constraintViolation (19),
101
attributeOrValueExists (20),
102
invalidAttributeSyntax (21),
106
invalidDNSyntax (34),
107
-- 35 reserved for undefined isLeaf --
108
aliasDereferencingProblem (36),
110
inappropriateAuthentication (48),
111
invalidCredentials (49),
112
insufficientAccessRights (50),
115
unwillingToPerform (53),
118
namingViolation (64),
119
objectClassViolation (65),
120
notAllowedOnNonLeaf (66),
121
notAllowedOnRDN (67),
122
entryAlreadyExists (68),
123
objectClassModsProhibited (69),
124
-- 70 reserved for CLDAP --
125
affectsMultipleDSAs (71),
130
diagnosticMessage LDAPString,
131
referral [3] Referral OPTIONAL }
133
Referral ::= SEQUENCE SIZE (1..MAX) OF uri URI
135
URI ::= LDAPString -- limited to characters permitted in
138
Controls ::= SEQUENCE OF control Control
140
Control ::= SEQUENCE {
142
criticality BOOLEAN DEFAULT FALSE,
143
controlValue OCTET STRING OPTIONAL }
146
BindRequest ::= [APPLICATION 0] SEQUENCE {
147
version INTEGER (1 .. 127),
149
authentication AuthenticationChoice }
151
AuthenticationChoice ::= CHOICE {
152
simple [0] OCTET STRING,
154
sasl [3] SaslCredentials,
157
SaslCredentials ::= SEQUENCE {
158
mechanism LDAPString,
159
credentials OCTET STRING OPTIONAL }
161
BindResponse ::= [APPLICATION 1] SEQUENCE {
162
COMPONENTS OF LDAPResult,
163
serverSaslCreds [7] OCTET STRING OPTIONAL }
165
UnbindRequest ::= [APPLICATION 2] NULL
167
SearchRequest ::= [APPLICATION 3] SEQUENCE {
174
derefAliases ENUMERATED {
175
neverDerefAliases (0),
176
derefInSearching (1),
177
derefFindingBaseObj (2),
179
sizeLimit INTEGER (0 .. maxInt),
180
timeLimit INTEGER (0 .. maxInt),
183
attributes AttributeSelection }
185
AttributeSelection ::= SEQUENCE OF selector LDAPString
186
-- The LDAPString is constrained to
187
-- <attributeSelector> in Section 4.5.1.8
190
and [0] SET SIZE (1..MAX) OF filter Filter,
191
or [1] SET SIZE (1..MAX) OF filter Filter,
193
equalityMatch [3] AttributeValueAssertion,
194
substrings [4] SubstringFilter,
195
greaterOrEqual [5] AttributeValueAssertion,
196
lessOrEqual [6] AttributeValueAssertion,
197
present [7] AttributeDescription,
198
approxMatch [8] AttributeValueAssertion,
199
extensibleMatch [9] MatchingRuleAssertion,
202
SubstringFilter ::= SEQUENCE {
203
type AttributeDescription,
204
substrings SEQUENCE SIZE (1..MAX) OF substring CHOICE {
205
initial [0] AssertionValue, -- can occur at most once
206
any [1] AssertionValue,
207
final [2] AssertionValue } -- can occur at most once
210
MatchingRuleAssertion ::= SEQUENCE {
211
matchingRule [1] MatchingRuleId OPTIONAL,
212
type [2] AttributeDescription OPTIONAL,
213
matchValue [3] AssertionValue,
214
dnAttributes [4] BOOLEAN DEFAULT FALSE }
216
SearchResultEntry ::= [APPLICATION 4] SEQUENCE {
218
attributes PartialAttributeList }
220
PartialAttributeList ::= SEQUENCE OF
221
partialAttribute PartialAttribute
223
SearchResultReference ::= [APPLICATION 19] SEQUENCE
224
SIZE (1..MAX) OF uri URI
226
SearchResultDone ::= [APPLICATION 5] LDAPResult
228
ModifyRequest ::= [APPLICATION 6] SEQUENCE {
230
changes SEQUENCE OF change SEQUENCE {
231
operation ENUMERATED {
236
modification PartialAttribute } }
238
ModifyResponse ::= [APPLICATION 7] LDAPResult
240
AddRequest ::= [APPLICATION 8] SEQUENCE {
242
attributes AttributeList }
244
AttributeList ::= SEQUENCE OF attribute Attribute
246
AddResponse ::= [APPLICATION 9] LDAPResult
248
DelRequest ::= [APPLICATION 10] LDAPDN
250
DelResponse ::= [APPLICATION 11] LDAPResult
252
ModifyDNRequest ::= [APPLICATION 12] SEQUENCE {
254
newrdn RelativeLDAPDN,
255
deleteoldrdn BOOLEAN,
256
newSuperior [0] LDAPDN OPTIONAL }
258
ModifyDNResponse ::= [APPLICATION 13] LDAPResult
260
CompareRequest ::= [APPLICATION 14] SEQUENCE {
262
ava AttributeValueAssertion }
264
CompareResponse ::= [APPLICATION 15] LDAPResult
266
AbandonRequest ::= [APPLICATION 16] MessageID
268
ExtendedRequest ::= [APPLICATION 23] SEQUENCE {
269
requestName [0] LDAPOID,
270
requestValue [1] OCTET STRING OPTIONAL }
272
ExtendedResponse ::= [APPLICATION 24] SEQUENCE {
273
COMPONENTS OF LDAPResult,
274
responseName [10] LDAPOID OPTIONAL,
275
responseValue [11] OCTET STRING OPTIONAL }
277
IntermediateResponse ::= [APPLICATION 25] SEQUENCE {
278
responseName [0] LDAPOID OPTIONAL,
279
responseValue [1] OCTET STRING OPTIONAL }