-- ASN module extracted from ITU-T X.501 (10/2019)
InformationFramework
{joint-iso-itu-t ds(5) module(1) informationFramework(1) 9}
DEFINITIONS ::=
BEGIN
-- EXPORTS All
/*
The types and values defined in this module are exported for use in the other ASN.1
modules contained within these Directory Specifications, and for the use of other
applications which will use them to access Directory services. Other applications
may use them for their own purposes, but this will not constrain extensions and
modifications needed to maintain or improve the Directory service.
*/
IMPORTS
-- from Rec. ITU-T X.501 | ISO/IEC 9594-2
id-ar, id-at, id-mr, id-nf, id-oa, id-oc, id-sc
FROM UsefulDefinitions
{joint-iso-itu-t ds(5) module(1)usefulDefinitions(0) 9} WITH SUCCESSORS
SearchRule
FROM ServiceAdministration
{joint-iso-itu-t ds(5) module(1) serviceAdministration(33) 9} WITH SUCCESSORS
-- from Rec. ITU-T X.511 | ISO/IEC 9594-3
TypeAndContextAssertion
FROM DirectoryAbstractService
{joint-iso-itu-t ds(5) module(1) directoryAbstractService(2) 9} WITH SUCCESSORS
-- from Rec. ITU-T X.520 | ISO/IEC 9594-6
booleanMatch, commonName, dn, generalizedTime, generalizedTimeMatch,
generalizedTimeOrderingMatch, integerFirstComponentMatch, integerMatch,
integerOrderingMatch, objectIdentifierFirstComponentMatch, oid, subtreeSpec,
UnboundedDirectoryString
FROM SelectedAttributeTypes
{joint-iso-itu-t ds(5) module(1) selectedAttributeTypes(5) 9} WITH SUCCESSORS ;
-- attribute data types
Attribute {ATTRIBUTE:SupportedAttributes} ::= SEQUENCE {
type ATTRIBUTE.&id({SupportedAttributes}),
values SET SIZE (0..MAX) OF ATTRIBUTE.&Type({SupportedAttributes}{@type}),
valuesWithContext SET SIZE (1..MAX) OF SEQUENCE {
value ATTRIBUTE.&Type({SupportedAttributes}{@type}),
contextList SET SIZE (1..MAX) OF Context,
...} OPTIONAL,
... }
AttributeType ::= ATTRIBUTE.&id
AttributeValue ::= ATTRIBUTE.&Type
Context ::= SEQUENCE {
contextType CONTEXT.&id({SupportedContexts}),
contextValues
SET SIZE (1..MAX) OF CONTEXT.&Type({SupportedContexts}{@contextType}),
fallback BOOLEAN DEFAULT FALSE,
... }
AttributeValueAssertion ::= SEQUENCE {
type ATTRIBUTE.&id({SupportedAttributes}),
assertion ATTRIBUTE.&equality-match.&AssertionType
({SupportedAttributes}{@type}),
assertedContexts CHOICE {
allContexts [0] NULL,
selectedContexts [1] SET SIZE (1..MAX) OF ContextAssertion } OPTIONAL,
... }
ContextAssertion ::= SEQUENCE {
contextType CONTEXT.&id({SupportedContexts}),
contextValues SET SIZE (1..MAX) OF
CONTEXT.&Assertion({SupportedContexts}{@contextType}),
... }
AttributeTypeAssertion ::= SEQUENCE {
type ATTRIBUTE.&id({SupportedAttributes}),
assertedContexts SEQUENCE SIZE (1..MAX) OF ContextAssertion OPTIONAL,
... }
-- Definition of the following information object set is deferred, perhaps to
-- standardized profiles or to protocol implementation conformance statements. The set
-- is required to specify a table constraint on the values component of Attribute, the
-- value component of AttributeTypeAndValue, and the assertion component of
-- AttributeValueAssertion.
SupportedAttributes ATTRIBUTE ::= {objectClass | aliasedEntryName, ...}
-- Definition of the following information object set is deferred, perhaps to
-- standardized profiles or to protocol implementation conformance statements. The set
-- is required to specify a table constraint on the context specifications.
SupportedContexts CONTEXT ::= {...}
-- naming data types
-- Start of X.501 (2019) Amd. 1 (10/2021) revision
Name ::= CHOICE {
rdnSequence RDNSequence,
dnsName DomainName,
oid OBJECT IDENTIFIER }
DomainName ::= UTF8String (CONSTRAINED BY {
-- Conforms to the format of an (internationalized) domain name. -- })
-- End of X.501 (2019) Amd. 1 (10/2021) revision
RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
DistinguishedName ::= RDNSequence
RelativeDistinguishedName ::= SET SIZE (1..MAX) OF AttributeTypeAndValue
AttributeTypeAndValue ::= SEQUENCE {
type ATTRIBUTE.&id({SupportedAttributes}),
value ATTRIBUTE.&Type({SupportedAttributes}{@type}),
... }
-- subtree data types
SubtreeSpecification ::= SEQUENCE {
base [0] LocalName DEFAULT {},
COMPONENTS OF ChopSpecification,
specificationFilter [4] Refinement OPTIONAL,
... }
-- empty sequence specifies whole administrative area
LocalName ::= RDNSequence
ChopSpecification ::= SEQUENCE {
specificExclusions [1] SET SIZE (1..MAX) OF CHOICE {
chopBefore [0] LocalName,
chopAfter [1] LocalName,
...} OPTIONAL,
minimum [2] BaseDistance DEFAULT 0,
maximum [3] BaseDistance OPTIONAL,
... }
BaseDistance ::= INTEGER(0..MAX)
Refinement ::= CHOICE {
item [0] OBJECT-CLASS.&id,
and [1] SET SIZE (1..MAX) OF Refinement,
or [2] SET SIZE (1..MAX) OF Refinement,
not [3] Refinement,
... }
-- OBJECT-CLASS information object class specification
OBJECT-CLASS ::= CLASS {
&Superclasses OBJECT-CLASS OPTIONAL,
&kind ObjectClassKind DEFAULT structural,
&MandatoryAttributes ATTRIBUTE OPTIONAL,
&OptionalAttributes ATTRIBUTE OPTIONAL,
&ldapName SEQUENCE SIZE(1..MAX) OF UTF8String OPTIONAL,
&ldapDesc UTF8String OPTIONAL,
&id OBJECT IDENTIFIER UNIQUE }
WITH SYNTAX {
[SUBCLASS OF &Superclasses]
[KIND &kind]
[MUST CONTAIN &MandatoryAttributes]
[MAY CONTAIN &OptionalAttributes]
[LDAP-NAME &ldapName]
[LDAP-DESC &ldapDesc]
ID &id }
ObjectClassKind ::= ENUMERATED {
abstract (0),
structural (1),
auxiliary (2)}
-- object classes
top OBJECT-CLASS ::= {
KIND abstract
MUST CONTAIN {objectClass}
LDAP-NAME {"top"}
ID id-oc-top }
alias OBJECT-CLASS ::= {
SUBCLASS OF {top}
MUST CONTAIN {aliasedEntryName}
LDAP-NAME {"alias"}
ID id-oc-alias }
parent OBJECT-CLASS ::= {
KIND abstract
ID id-oc-parent }
child OBJECT-CLASS ::= {
KIND auxiliary
ID id-oc-child }
-- ATTRIBUTE information object class specification
ATTRIBUTE ::= CLASS {
&derivation ATTRIBUTE OPTIONAL,
&Type OPTIONAL, -- either &Type or &derivation required
&equality-match MATCHING-RULE OPTIONAL,
&ordering-match MATCHING-RULE OPTIONAL,
&substrings-match MATCHING-RULE OPTIONAL,
&single-valued BOOLEAN DEFAULT FALSE,
&collective BOOLEAN DEFAULT FALSE,
&dummy BOOLEAN DEFAULT FALSE,
-- operational extensions
&no-user-modification BOOLEAN DEFAULT FALSE,
&usage AttributeUsage DEFAULT userApplications,
&ldapSyntax SYNTAX-NAME.&id OPTIONAL,
&ldapName SEQUENCE SIZE(1..MAX) OF UTF8String OPTIONAL,
&ldapDesc UTF8String OPTIONAL,
&obsolete BOOLEAN DEFAULT FALSE,
&id OBJECT IDENTIFIER UNIQUE }
WITH SYNTAX {
[SUBTYPE OF &derivation]
[WITH SYNTAX &Type]
[EQUALITY MATCHING RULE &equality-match]
[ORDERING MATCHING RULE &ordering-match]
[SUBSTRINGS MATCHING RULE &substrings-match]
[SINGLE VALUE &single-valued]
[COLLECTIVE &collective]
[DUMMY &dummy]
[NO USER MODIFICATION &no-user-modification]
[USAGE &usage]
[LDAP-SYNTAX &ldapSyntax]
[LDAP-NAME &ldapName]
[LDAP-DESC &ldapDesc]
[OBSOLETE &obsolete]
ID &id }
AttributeUsage ::= ENUMERATED {
userApplications (0),
directoryOperation (1),
distributedOperation (2),
dSAOperation (3),
... }
-- attributes
objectClass ATTRIBUTE ::= {
WITH SYNTAX OBJECT IDENTIFIER
EQUALITY MATCHING RULE objectIdentifierMatch
LDAP-SYNTAX oid.&id
LDAP-NAME {"objectClass"}
ID id-at-objectClass }
aliasedEntryName ATTRIBUTE ::= {
WITH SYNTAX DistinguishedName
EQUALITY MATCHING RULE distinguishedNameMatch
SINGLE VALUE TRUE
LDAP-SYNTAX dn.&id
LDAP-NAME {"aliasedObjectName"}
ID id-at-aliasedEntryName }
-- MATCHING-RULE information object class specification
MATCHING-RULE ::= CLASS {
&ParentMatchingRules MATCHING-RULE OPTIONAL,
&AssertionType OPTIONAL,
&uniqueMatchIndicator ATTRIBUTE OPTIONAL,
&ldapSyntax SYNTAX-NAME.&id OPTIONAL,
&ldapName SEQUENCE SIZE(1..MAX) OF UTF8String OPTIONAL,
&ldapDesc UTF8String OPTIONAL,
&id OBJECT IDENTIFIER UNIQUE }
WITH SYNTAX {
[PARENT &ParentMatchingRules]
[SYNTAX &AssertionType]
[UNIQUE-MATCH-INDICATOR &uniqueMatchIndicator]
[LDAP-SYNTAX &ldapSyntax]
[LDAP-NAME &ldapName]
[LDAP-DESC &ldapDesc]
ID &id }
-- matching rules
objectIdentifierMatch MATCHING-RULE ::= {
SYNTAX OBJECT IDENTIFIER
LDAP-SYNTAX oid.&id
LDAP-NAME {"objectIdentifierMatch"}
ID id-mr-objectIdentifierMatch }
distinguishedNameMatch MATCHING-RULE ::= {
SYNTAX DistinguishedName
LDAP-SYNTAX dn.&id
LDAP-NAME {"distinguishedNameMatch"}
ID id-mr-distinguishedNameMatch }
-- MATCHING-RULE information object class specification
MAPPING-BASED-MATCHING
{SelectedBy, BOOLEAN:combinable, MappingResult, OBJECT IDENTIFIER:matchingRule} ::=
CLASS {
&selectBy SelectedBy OPTIONAL,
&ApplicableTo ATTRIBUTE,
&subtypesIncluded BOOLEAN DEFAULT TRUE,
&combinable BOOLEAN(combinable),
&mappingResults MappingResult OPTIONAL,
&userControl BOOLEAN DEFAULT FALSE,
&exclusive BOOLEAN DEFAULT TRUE,
&matching-rule MATCHING-RULE.&id(matchingRule),
&id OBJECT IDENTIFIER UNIQUE }
WITH SYNTAX {
[SELECT BY &selectBy]
APPLICABLE TO &ApplicableTo
[SUBTYPES INCLUDED &subtypesIncluded]
COMBINABLE &combinable
[MAPPING RESULTS &mappingResults]
[USER CONTROL &userControl]
[EXCLUSIVE &exclusive]
MATCHING RULE &matching-rule
ID &id }
-- NAME-FORM information object class specification
NAME-FORM ::= CLASS {
&namedObjectClass OBJECT-CLASS,
&MandatoryAttributes ATTRIBUTE,
&OptionalAttributes ATTRIBUTE OPTIONAL,
&ldapName SEQUENCE SIZE(1..MAX) OF UTF8String OPTIONAL,
&ldapDesc UTF8String OPTIONAL,
&id OBJECT IDENTIFIER UNIQUE }
WITH SYNTAX {
NAMES &namedObjectClass
WITH ATTRIBUTES &MandatoryAttributes
[AND OPTIONALLY &OptionalAttributes]
[LDAP-NAME &ldapName]
[LDAP-DESC &ldapDesc]
ID &id }
-- STRUCTURE-RULE class and DIT structure rule data types
DITStructureRule ::= SEQUENCE {
ruleIdentifier RuleIdentifier,
-- shall be unique within the scope of the subschema
nameForm NAME-FORM.&id,
superiorStructureRules SET SIZE (1..MAX) OF RuleIdentifier OPTIONAL,
... }
RuleIdentifier ::= INTEGER
STRUCTURE-RULE ::= CLASS {
&nameForm NAME-FORM,
&SuperiorStructureRules STRUCTURE-RULE.&id OPTIONAL,
&id RuleIdentifier }
WITH SYNTAX {
NAME FORM &nameForm
[SUPERIOR RULES &SuperiorStructureRules]
ID &id }
-- DIT content rule data type and CONTENT-RULE class
DITContentRule ::= SEQUENCE {
structuralObjectClass OBJECT-CLASS.&id,
auxiliaries SET SIZE (1..MAX) OF OBJECT-CLASS.&id OPTIONAL,
mandatory [1] SET SIZE (1..MAX) OF ATTRIBUTE.&id OPTIONAL,
optional [2] SET SIZE (1..MAX) OF ATTRIBUTE.&id OPTIONAL,
precluded [3] SET SIZE (1..MAX) OF ATTRIBUTE.&id OPTIONAL,
... }
CONTENT-RULE ::= CLASS {
&structuralClass OBJECT-CLASS.&id UNIQUE,
&Auxiliaries OBJECT-CLASS OPTIONAL,
&Mandatory ATTRIBUTE OPTIONAL,
&Optional ATTRIBUTE OPTIONAL,
&Precluded ATTRIBUTE OPTIONAL }
WITH SYNTAX {
STRUCTURAL OBJECT-CLASS &structuralClass
[AUXILIARY OBJECT-CLASSES &Auxiliaries]
[MUST CONTAIN &Mandatory]
[MAY CONTAIN &Optional]
[MUST-NOT CONTAIN &Precluded] }
CONTEXT ::= CLASS {
&Type,
&defaultValue &Type OPTIONAL,
&Assertion OPTIONAL,
&absentMatch BOOLEAN DEFAULT TRUE,
&id OBJECT IDENTIFIER UNIQUE }
WITH SYNTAX {
WITH SYNTAX &Type
[DEFAULT-VALUE &defaultValue]
[ASSERTED AS &Assertion]
[ABSENT-MATCH &absentMatch]
ID &id }
DITContextUse ::= SEQUENCE {
attributeType ATTRIBUTE.&id,
mandatoryContexts [1] SET SIZE (1..MAX) OF CONTEXT.&id OPTIONAL,
optionalContexts [2] SET SIZE (1..MAX) OF CONTEXT.&id OPTIONAL,
... }
DIT-CONTEXT-USE-RULE ::= CLASS {
&attributeType ATTRIBUTE.&id UNIQUE,
&Mandatory CONTEXT OPTIONAL,
&Optional CONTEXT OPTIONAL}
WITH SYNTAX {
ATTRIBUTE TYPE &attributeType
[MANDATORY CONTEXTS &Mandatory]
[OPTIONAL CONTEXTS &Optional] }
FRIENDS ::= CLASS {
&anchor ATTRIBUTE.&id UNIQUE,
&Friends ATTRIBUTE }
WITH SYNTAX {
ANCHOR &anchor
FRIENDS &Friends }
SYNTAX-NAME ::= CLASS {
&ldapDesc UTF8String,
&Type OPTIONAL,
&id OBJECT IDENTIFIER UNIQUE }
WITH SYNTAX {
LDAP-DESC &ldapDesc
[DIRECTORY SYNTAX &Type]
ID &id }
-- system schema information objects
-- object classes
subentry OBJECT-CLASS ::= {
SUBCLASS OF {top}
KIND structural
MUST CONTAIN {commonName |
subtreeSpecification}
LDAP-NAME {"subentry"}
ID id-sc-subentry }
subentryNameForm NAME-FORM ::= {
NAMES subentry
WITH ATTRIBUTES {commonName}
ID id-nf-subentryNameForm }
subtreeSpecification ATTRIBUTE ::= {
WITH SYNTAX SubtreeSpecification
USAGE directoryOperation
LDAP-SYNTAX subtreeSpec.&id
LDAP-NAME {"subtreeSpecification"}
ID id-oa-subtreeSpecification }
administrativeRole ATTRIBUTE ::= {
WITH SYNTAX OBJECT-CLASS.&id
EQUALITY MATCHING RULE objectIdentifierMatch
USAGE directoryOperation
LDAP-SYNTAX oid.&id
LDAP-NAME {"administrativeRole"}
ID id-oa-administrativeRole }
createTimestamp ATTRIBUTE ::= {
WITH SYNTAX GeneralizedTime
-- as per 46.3 b) or c) of Rec. ITU-T X.680 | ISO/IEC 8824-1
EQUALITY MATCHING RULE generalizedTimeMatch
ORDERING MATCHING RULE generalizedTimeOrderingMatch
SINGLE VALUE TRUE
NO USER MODIFICATION TRUE
USAGE directoryOperation
LDAP-SYNTAX generalizedTime.&id
LDAP-NAME {"createTimestamp"}
ID id-oa-createTimestamp }
modifyTimestamp ATTRIBUTE ::= {
WITH SYNTAX GeneralizedTime
-- as per 46.3 b) or c) of Rec. ITU-T X.680 | ISO/IEC 8824-1
EQUALITY MATCHING RULE generalizedTimeMatch
ORDERING MATCHING RULE generalizedTimeOrderingMatch
SINGLE VALUE TRUE
NO USER MODIFICATION TRUE
USAGE directoryOperation
LDAP-SYNTAX generalizedTime.&id
LDAP-NAME {"modifyTimestamp"}
ID id-oa-modifyTimestamp }
subschemaTimestamp ATTRIBUTE ::= {
WITH SYNTAX GeneralizedTime
-- as per 46.3 b) or c) of Rec. ITU-T X.680 | ISO/IEC 8824-1
EQUALITY MATCHING RULE generalizedTimeMatch
ORDERING MATCHING RULE generalizedTimeOrderingMatch
SINGLE VALUE TRUE
NO USER MODIFICATION TRUE
USAGE directoryOperation
ID id-oa-subschemaTimestamp }
creatorsName ATTRIBUTE ::= {
WITH SYNTAX DistinguishedName
EQUALITY MATCHING RULE distinguishedNameMatch
SINGLE VALUE TRUE
NO USER MODIFICATION TRUE
USAGE directoryOperation
LDAP-SYNTAX dn.&id
LDAP-NAME {"creatorsName"}
ID id-oa-creatorsName }
modifiersName ATTRIBUTE ::= {
WITH SYNTAX DistinguishedName
EQUALITY MATCHING RULE distinguishedNameMatch
SINGLE VALUE TRUE
NO USER MODIFICATION TRUE
USAGE directoryOperation
LDAP-SYNTAX dn.&id
LDAP-NAME {"modifiersName"}
ID id-oa-modifiersName }
subschemaSubentryList ATTRIBUTE ::= {
WITH SYNTAX DistinguishedName
EQUALITY MATCHING RULE distinguishedNameMatch
SINGLE VALUE TRUE
NO USER MODIFICATION TRUE
USAGE directoryOperation
LDAP-SYNTAX dn.&id
LDAP-NAME {"subschemaSubentry"}
ID id-oa-subschemaSubentryList }
accessControlSubentryList ATTRIBUTE ::= {
WITH SYNTAX DistinguishedName
EQUALITY MATCHING RULE distinguishedNameMatch
NO USER MODIFICATION TRUE
USAGE directoryOperation
ID id-oa-accessControlSubentryList }
collectiveAttributeSubentryList ATTRIBUTE ::= {
WITH SYNTAX DistinguishedName
EQUALITY MATCHING RULE distinguishedNameMatch
NO USER MODIFICATION TRUE
USAGE directoryOperation
ID id-oa-collectiveAttributeSubentryList }
contextDefaultSubentryList ATTRIBUTE ::= {
WITH SYNTAX DistinguishedName
EQUALITY MATCHING RULE distinguishedNameMatch
NO USER MODIFICATION TRUE
USAGE directoryOperation
ID id-oa-contextDefaultSubentryList }
serviceAdminSubentryList ATTRIBUTE ::= {
WITH SYNTAX DistinguishedName
EQUALITY MATCHING RULE distinguishedNameMatch
NO USER MODIFICATION TRUE
USAGE directoryOperation
ID id-oa-serviceAdminSubentryList }
pwdAdminSubentryList ATTRIBUTE ::= {
WITH SYNTAX DistinguishedName
EQUALITY MATCHING RULE distinguishedNameMatch
SINGLE VALUE TRUE
NO USER MODIFICATION TRUE
USAGE directoryOperation
LDAP-SYNTAX dn.&id
LDAP-NAME {"pwdAdminSubentryList"}
ID id-oa-pwdAdminSubentryList }
hasSubordinates ATTRIBUTE ::= {
WITH SYNTAX BOOLEAN
EQUALITY MATCHING RULE booleanMatch
SINGLE VALUE TRUE
NO USER MODIFICATION TRUE
USAGE directoryOperation
ID id-oa-hasSubordinates }
accessControlSubentry OBJECT-CLASS ::= {
KIND auxiliary
ID id-sc-accessControlSubentry }
collectiveAttributeSubentry OBJECT-CLASS ::= {
KIND auxiliary
ID id-sc-collectiveAttributeSubentry }
collectiveExclusions ATTRIBUTE ::= {
WITH SYNTAX OBJECT IDENTIFIER
EQUALITY MATCHING RULE objectIdentifierMatch
USAGE directoryOperation
ID id-oa-collectiveExclusions }
contextAssertionSubentry OBJECT-CLASS ::= {
KIND auxiliary
MUST CONTAIN {contextAssertionDefaults}
ID id-sc-contextAssertionSubentry }
contextAssertionDefaults ATTRIBUTE ::= {
WITH SYNTAX TypeAndContextAssertion
EQUALITY MATCHING RULE objectIdentifierFirstComponentMatch
USAGE directoryOperation
ID id-oa-contextAssertionDefault }
serviceAdminSubentry OBJECT-CLASS ::= {
KIND auxiliary
MUST CONTAIN {searchRules}
ID id-sc-serviceAdminSubentry }
searchRules ATTRIBUTE ::= {
WITH SYNTAX SearchRuleDescription
EQUALITY MATCHING RULE integerFirstComponentMatch
USAGE directoryOperation
ID id-oa-searchRules }
SearchRuleDescription ::= SEQUENCE {
COMPONENTS OF SearchRule,
name [28] SET SIZE (1..MAX) OF UnboundedDirectoryString OPTIONAL,
description [29] UnboundedDirectoryString OPTIONAL,
... }
pwdAdminSubentry OBJECT-CLASS ::= {
KIND auxiliary
MUST CONTAIN { pwdAttribute }
LDAP-NAME {"pwdAdminSubentry"}
ID id-sc-pwdAdminSubentry }
pwdAttribute ATTRIBUTE ::= {
WITH SYNTAX ATTRIBUTE.&id
EQUALITY MATCHING RULE objectIdentifierMatch
SINGLE VALUE TRUE
LDAP-SYNTAX oid.&id
LDAP-NAME {"pwdAttribute"}
ID id-at-pwdAttribute }
pwdHistory{ATTRIBUTE:passwordAttribute,MATCHING-RULE:historyMatch,OBJECT IDENTIFIER:id}
ATTRIBUTE ::= {
WITH SYNTAX PwdHistory{passwordAttribute}
EQUALITY MATCHING RULE historyMatch
USAGE directoryOperation
ID id}
PwdHistory{ATTRIBUTE:passwordAttribute} ::= SEQUENCE {
time GeneralizedTime,
password passwordAttribute.&Type,
...}
pwdRecentlyExpired{ATTRIBUTE:passwordAttribute,OBJECT IDENTIFIER:id} ATTRIBUTE ::= {
WITH SYNTAX passwordAttribute.&Type
EQUALITY MATCHING RULE passwordAttribute.&equality-match
SINGLE VALUE TRUE
USAGE directoryOperation
ID id}
pwdHistoryMatch{ATTRIBUTE:passwordAttribute,OBJECT IDENTIFIER:id}
MATCHING-RULE ::= {
SYNTAX passwordAttribute.&Type
ID id}
hierarchyLevel ATTRIBUTE ::= {
WITH SYNTAX HierarchyLevel
EQUALITY MATCHING RULE integerMatch
ORDERING MATCHING RULE integerOrderingMatch
SINGLE VALUE TRUE
NO USER MODIFICATION TRUE
USAGE directoryOperation
ID id-oa-hierarchyLevel }
HierarchyLevel ::= INTEGER
hierarchyBelow ATTRIBUTE ::= {
WITH SYNTAX HierarchyBelow
EQUALITY MATCHING RULE booleanMatch
SINGLE VALUE TRUE
NO USER MODIFICATION TRUE
USAGE directoryOperation
ID id-oa-hierarchyBelow }
HierarchyBelow ::= BOOLEAN
hierarchyParent ATTRIBUTE ::= {
WITH SYNTAX DistinguishedName
EQUALITY MATCHING RULE distinguishedNameMatch
SINGLE VALUE TRUE
USAGE directoryOperation
ID id-oa-hierarchyParent }
hierarchyTop ATTRIBUTE ::= {
WITH SYNTAX DistinguishedName
EQUALITY MATCHING RULE distinguishedNameMatch
SINGLE VALUE TRUE
USAGE directoryOperation
ID id-oa-hierarchyTop }
-- object identifier assignments
-- object classes
id-oc-top OBJECT IDENTIFIER ::= {id-oc 0}
id-oc-alias OBJECT IDENTIFIER ::= {id-oc 1}
id-oc-parent OBJECT IDENTIFIER ::= {id-oc 28}
id-oc-child OBJECT IDENTIFIER ::= {id-oc 29}
-- attributes
id-at-objectClass OBJECT IDENTIFIER ::= {id-at 0}
id-at-aliasedEntryName OBJECT IDENTIFIER ::= {id-at 1}
id-at-pwdAttribute OBJECT IDENTIFIER ::= {id-at 84}
-- matching rules
id-mr-objectIdentifierMatch OBJECT IDENTIFIER ::= {id-mr 0}
id-mr-distinguishedNameMatch OBJECT IDENTIFIER ::= {id-mr 1}
-- operational attributes
id-oa-excludeAllCollectiveAttributes OBJECT IDENTIFIER ::= {id-oa 0}
id-oa-createTimestamp OBJECT IDENTIFIER ::= {id-oa 1}
id-oa-modifyTimestamp OBJECT IDENTIFIER ::= {id-oa 2}
id-oa-creatorsName OBJECT IDENTIFIER ::= {id-oa 3}
id-oa-modifiersName OBJECT IDENTIFIER ::= {id-oa 4}
id-oa-administrativeRole OBJECT IDENTIFIER ::= {id-oa 5}
id-oa-subtreeSpecification OBJECT IDENTIFIER ::= {id-oa 6}
id-oa-collectiveExclusions OBJECT IDENTIFIER ::= {id-oa 7}
id-oa-subschemaTimestamp OBJECT IDENTIFIER ::= {id-oa 8}
id-oa-hasSubordinates OBJECT IDENTIFIER ::= {id-oa 9}
id-oa-subschemaSubentryList OBJECT IDENTIFIER ::= {id-oa 10}
id-oa-accessControlSubentryList OBJECT IDENTIFIER ::= {id-oa 11}
id-oa-collectiveAttributeSubentryList OBJECT IDENTIFIER ::= {id-oa 12}
id-oa-contextDefaultSubentryList OBJECT IDENTIFIER ::= {id-oa 13}
id-oa-contextAssertionDefault OBJECT IDENTIFIER ::= {id-oa 14}
id-oa-serviceAdminSubentryList OBJECT IDENTIFIER ::= {id-oa 15}
id-oa-searchRules OBJECT IDENTIFIER ::= {id-oa 16}
id-oa-hierarchyLevel OBJECT IDENTIFIER ::= {id-oa 17}
id-oa-hierarchyBelow OBJECT IDENTIFIER ::= {id-oa 18}
id-oa-hierarchyParent OBJECT IDENTIFIER ::= {id-oa 19}
id-oa-hierarchyTop OBJECT IDENTIFIER ::= {id-oa 20}
id-oa-pwdAdminSubentryList OBJECT IDENTIFIER ::= {id-oa 21}
-- id-oa-pwdStartTime OBJECT IDENTIFIER ::= {id-oa 22} X.520|Part6
-- id-oa-pwdExpiryTime OBJECT IDENTIFIER ::= {id-oa 23} X.520|Part6
-- id-oa-pwdEndTime OBJECT IDENTIFIER ::= {id-oa 24} X.520|Part6
-- id-oa-pwdFails OBJECT IDENTIFIER ::= {id-oa 25} X.520|Part6
-- id-oa-pwdFailureTime OBJECT IDENTIFIER ::= {id-oa 26} X.520|Part6
-- id-oa-pwdGracesUsed OBJECT IDENTIFIER ::= {id-oa 27} X.520|Part6
-- id-oa-userPwdHistory OBJECT IDENTIFIER ::= {id-oa 28} X.520|Part6
-- id-oa-userPwdRecentlyExpired OBJECT IDENTIFIER ::= {id-oa 29} X.520|Part6
-- id-oa-pwdModifyEntryAllowed OBJECT IDENTIFIER ::= {id-oa 30} X.520|Part6
-- id-oa-pwdChangeAllowed OBJECT IDENTIFIER ::= {id-oa 31} X.520|Part6
-- id-oa-pwdMaxAge OBJECT IDENTIFIER ::= {id-oa 32} X.520|Part6
-- id-oa-pwdExpiryAge OBJECT IDENTIFIER ::= {id-oa 33} X.520|Part6
-- id-oa-pwdMinLength OBJECT IDENTIFIER ::= {id-oa 34} X.520|Part6
-- id-oa-pwdVocabulary OBJECT IDENTIFIER ::= {id-oa 35} X.520|Part6
-- id-oa-pwdAlphabet OBJECT IDENTIFIER ::= {id-oa 36} X.520|Part6
-- id-oa-pwdDictionaries OBJECT IDENTIFIER ::= {id-oa 37} X.520|Part6
-- id-oa-pwdExpiryWarning OBJECT IDENTIFIER ::= {id-oa 38} X.520|Part6
-- id-oa-pwdGraces OBJECT IDENTIFIER ::= {id-oa 39} X.520|Part6
-- id-oa-pwdFailureDuration OBJECT IDENTIFIER ::= {id-oa 40} X.520|Part6
-- id-oa-pwdLockoutDuration OBJECT IDENTIFIER ::= {id-oa 41} X.520|Part6
-- id-oa-pwdMaxFailures OBJECT IDENTIFIER ::= {id-oa 42} X.520|Part6
-- id-oa-pwdMaxTimeInHistory OBJECT IDENTIFIER ::= {id-oa 43} X.520|Part6
-- id-oa-pwdMinTimeInHistory OBJECT IDENTIFIER ::= {id-oa 44} X.520|Part6
-- id-oa-pwdHistorySlots OBJECT IDENTIFIER ::= {id-oa 45} X.520|Part6
-- id-oa-pwdRecentlyExpiredDuration OBJECT IDENTIFIER ::= {id-oa 46} X.520|Part6
-- id-oa-pwdEncAlg OBJECT IDENTIFIER ::= {id-oa 47} X.520|Part6
id-oa-allAttributeTypes OBJECT IDENTIFIER ::= {id-oa 48}
-- subentry classes
id-sc-subentry OBJECT IDENTIFIER ::= {id-sc 0}
id-sc-accessControlSubentry OBJECT IDENTIFIER ::= {id-sc 1}
id-sc-collectiveAttributeSubentry OBJECT IDENTIFIER ::= {id-sc 2}
id-sc-contextAssertionSubentry OBJECT IDENTIFIER ::= {id-sc 3}
id-sc-serviceAdminSubentry OBJECT IDENTIFIER ::= {id-sc 4}
id-sc-pwdAdminSubentry OBJECT IDENTIFIER ::= {id-sc 5}
-- Name forms
id-nf-subentryNameForm OBJECT IDENTIFIER ::= {id-nf 16}
-- administrative roles
id-ar-autonomousArea OBJECT IDENTIFIER ::= {id-ar 1}
id-ar-accessControlSpecificArea OBJECT IDENTIFIER ::= {id-ar 2}
id-ar-accessControlInnerArea OBJECT IDENTIFIER ::= {id-ar 3}
id-ar-subschemaAdminSpecificArea OBJECT IDENTIFIER ::= {id-ar 4}
id-ar-collectiveAttributeSpecificArea OBJECT IDENTIFIER ::= {id-ar 5}
id-ar-collectiveAttributeInnerArea OBJECT IDENTIFIER ::= {id-ar 6}
id-ar-contextDefaultSpecificArea OBJECT IDENTIFIER ::= {id-ar 7}
id-ar-serviceSpecificArea OBJECT IDENTIFIER ::= {id-ar 8}
id-ar-pwdAdminSpecificArea OBJECT IDENTIFIER ::= {id-ar 9}
END -- InformationFramework