-- Module DirectoryAbstractService (X.511:10/2012)
-- See also ITU-T X.511 (10/2012)
-- See also the index of all ASN.1 assignments needed in this document
DirectoryAbstractService {joint-iso-itu-t ds(5) module(1)
directoryAbstractService(2) 7} DEFINITIONS ::=
BEGIN
-- EXPORTS All
-- The types and values defined in this module are exported for use in the other ASN.1
-- modules contained within these Directory Specifications, and for the use of other
-- applications which will use them to access Directory services. Other applications may
-- use them for their own purposes, but this will not constrain extensions and
-- modifications needed to maintain or improve the Directory service.
IMPORTS
-- from Rec. ITU-T X.501 | ISO/IEC 9594-2
attributeCertificateDefinitions, authenticationFramework, basicAccessControl,
commonProtocolSpecification, directoryShadowAbstractService,
distributedOperations, enhancedSecurity, id-at, informationFramework,
selectedAttributeTypes, serviceAdministration
FROM UsefulDefinitions {joint-iso-itu-t ds(5) module(1)
usefulDefinitions(0) 7}
Attribute{}, ATTRIBUTE, AttributeType, AttributeTypeAndValue,
AttributeTypeAssertion, AttributeValue, AttributeValueAssertion,
CONTEXT, ContextAssertion, DistinguishedName, MATCHING-RULE, Name,
OBJECT-CLASS, RelativeDistinguishedName, SupportedAttributes,
SupportedContexts
FROM InformationFramework informationFramework
RelaxationPolicy
FROM ServiceAdministration serviceAdministration
OPTIONALLY-PROTECTED{}, OPTIONALLY-PROTECTED-SEQ{}
FROM EnhancedSecurity enhancedSecurity
-- from Rec. ITU-T X.518 | ISO/IEC 9594-4
AccessPoint, ContinuationReference, Exclusions, OperationProgress,
ReferenceType
FROM DistributedOperations distributedOperations
-- from Rec. ITU-T X.519 | ISO/IEC 9594-5
Code, ERROR, id-errcode-abandoned, id-errcode-abandonFailed,
id-errcode-attributeError, id-errcode-nameError, id-errcode-referral,
id-errcode-securityError, id-errcode-serviceError, id-errcode-updateError,
id-opcode-abandon, id-opcode-addEntry, id-opcode-administerPassword,
id-opcode-compare, id-opcode-changePassword, id-opcode-ldapTransport,
id-opcode-linkedLDAP, id-opcode-list, id-opcode-modifyDN,
id-opcode-modifyEntry, id-opcode-read, id-opcode-removeEntry,
id-opcode-search, InvokeId, OPERATION
FROM CommonProtocolSpecification commonProtocolSpecification
-- from Rec. ITU-T X.520 | ISO/IEC 9594-6
DirectoryString{}, UnboundedDirectoryString
FROM SelectedAttributeTypes selectedAttributeTypes
-- from Rec. ITU-T X.509 | ISO/IEC 9594-8
AlgorithmIdentifier{}, CertificationPath, ENCRYPTED{}, HASH{}, SIGNED{},
SupportedAlgorithms, UserPwd
FROM AuthenticationFramework authenticationFramework
AttributeCertificationPath
FROM AttributeCertificateDefinitions attributeCertificateDefinitions
-- from Rec. ITU-T X.525 | ISO/IEC 9594-9
AgreementID
FROM DirectoryShadowAbstractService directoryShadowAbstractService
-- from IETF RFC 2025
SPKM-ERROR, SPKM-REP-TI, SPKM-REQ
FROM SpkmGssTokens {iso(1) identified-organization(3) dod(6) internet(1)
security(5) mechanisms(5) spkm(1) spkmGssTokens(10)}
-- from IETF RFC 4511
LDAPMessage
FROM Lightweight-Directory-Access-Protocol-V3 {iso(1)
identified-organization(3) dod(6) internet(1) directory(1) ldap(18)};
-- Common data types
CommonArguments ::= SET {
serviceControls [30] ServiceControls DEFAULT {},
securityParameters [29] SecurityParameters OPTIONAL,
requestor [28] DistinguishedName OPTIONAL,
operationProgress
[27] OperationProgress DEFAULT {nameResolutionPhase notStarted},
aliasedRDNs [26] INTEGER OPTIONAL,
criticalExtensions [25] BIT STRING OPTIONAL,
referenceType [24] ReferenceType OPTIONAL,
entryOnly [23] BOOLEAN DEFAULT TRUE,
exclusions [22] Exclusions OPTIONAL,
nameResolveOnMaster [21] BOOLEAN DEFAULT FALSE,
operationContexts [20] ContextSelection OPTIONAL,
familyGrouping [19] FamilyGrouping DEFAULT entryOnly,
...
}
CommonArgumentsSeq ::= SEQUENCE {
serviceControls [30] ServiceControls DEFAULT {},
securityParameters [29] SecurityParameters OPTIONAL,
requestor [28] DistinguishedName OPTIONAL,
operationProgress
[27] OperationProgress DEFAULT {nameResolutionPhase notStarted},
aliasedRDNs [26] INTEGER OPTIONAL,
criticalExtensions [25] BIT STRING OPTIONAL,
referenceType [24] ReferenceType OPTIONAL,
entryOnly [23] BOOLEAN DEFAULT TRUE,
exclusions [22] Exclusions OPTIONAL,
nameResolveOnMaster [21] BOOLEAN DEFAULT FALSE,
operationContexts [20] ContextSelection OPTIONAL,
familyGrouping [19] FamilyGrouping DEFAULT entryOnly,
...
}
FamilyGrouping ::= ENUMERATED {
entryOnly(1), compoundEntry(2), strands(3), multiStrand(4), ...
}
CommonResults ::= SET {
securityParameters [30] SecurityParameters OPTIONAL,
performer [29] DistinguishedName OPTIONAL,
aliasDereferenced [28] BOOLEAN DEFAULT FALSE,
notification
[27] SEQUENCE SIZE (1..MAX) OF Attribute{{SupportedAttributes}} OPTIONAL,
...
}
CommonResultsSeq ::= SEQUENCE {
securityParameters [30] SecurityParameters OPTIONAL,
performer [29] DistinguishedName OPTIONAL,
aliasDereferenced [28] BOOLEAN DEFAULT FALSE,
notification
[27] SEQUENCE SIZE (1..MAX) OF Attribute{{SupportedAttributes}} OPTIONAL,
...
}
ServiceControls ::= SET {
options [0] ServiceControlOptions DEFAULT {},
priority [1] INTEGER {low(0), medium(1), high(2)} DEFAULT medium,
timeLimit [2] INTEGER OPTIONAL,
sizeLimit [3] INTEGER OPTIONAL,
scopeOfReferral [4] INTEGER {dmd(0), country(1)} OPTIONAL,
attributeSizeLimit [5] INTEGER OPTIONAL,
manageDSAITPlaneRef
[6] SEQUENCE {dsaName Name,
agreementID AgreementID,
...} OPTIONAL,
serviceType [7] OBJECT IDENTIFIER OPTIONAL,
userClass [8] INTEGER OPTIONAL,
...
}
ServiceControlOptions ::= BIT STRING {
preferChaining(0), chainingProhibited(1), localScope(2), dontUseCopy(3),
dontDereferenceAliases(4), subentries(5), copyShallDo(6),
partialNameResolution(7), manageDSAIT(8), noSubtypeMatch(9),
noSubtypeSelection(10), countFamily(11), dontSelectFriends(12),
dontMatchFriends(13), allowWriteableCopy(14)}
EntryInformationSelection ::= SET {
attributes
CHOICE {allUserAttributes [0] NULL,
select [1] SET OF AttributeType
-- empty set implies no attributes are requested
} DEFAULT allUserAttributes:NULL,
infoTypes
[2] INTEGER {attributeTypesOnly(0), attributeTypesAndValues(1)}
DEFAULT attributeTypesAndValues,
extraAttributes
CHOICE {allOperationalAttributes [3] NULL,
select [4] SET SIZE (1..MAX) OF AttributeType
} OPTIONAL,
contextSelection ContextSelection OPTIONAL,
returnContexts BOOLEAN DEFAULT FALSE,
familyReturn FamilyReturn DEFAULT {memberSelect contributingEntriesOnly}
}
ContextSelection ::= CHOICE {
allContexts NULL,
selectedContexts SET SIZE (1..MAX) OF TypeAndContextAssertion,
...
}
TypeAndContextAssertion ::= SEQUENCE {
type AttributeType,
contextAssertions
CHOICE {preference SEQUENCE OF ContextAssertion,
all SET OF ContextAssertion,
...},
...
}
FamilyReturn ::= SEQUENCE {
memberSelect
ENUMERATED {contributingEntriesOnly(1), participatingEntriesOnly(2),
compoundEntry(3), ...
},
familySelect SEQUENCE SIZE (1..MAX) OF OBJECT-CLASS.&id OPTIONAL,
...
}
EntryInformation ::= SEQUENCE {
name Name,
fromEntry BOOLEAN DEFAULT TRUE,
information
SET SIZE (1..MAX) OF
CHOICE {attributeType AttributeType,
attribute Attribute{{SupportedAttributes}},
...} OPTIONAL,
incompleteEntry [3] BOOLEAN DEFAULT FALSE, -- not in first edition systems
partialName [4] BOOLEAN DEFAULT FALSE, -- not in first or second edition systems
derivedEntry [5] BOOLEAN DEFAULT FALSE, -- not in pre-fourth edition systems
...
}
family-information ATTRIBUTE ::= {
WITH SYNTAX FamilyEntries
USAGE directoryOperation
ID id-at-family-information
}
FamilyEntries ::= SEQUENCE {
family-class OBJECT-CLASS.&id, -- structural object class value
familyEntries SEQUENCE OF FamilyEntry,
...
}
FamilyEntry ::= SEQUENCE {
rdn RelativeDistinguishedName,
information
SEQUENCE OF
CHOICE {attributeType AttributeType,
attribute Attribute{{SupportedAttributes}},
...},
family-info SEQUENCE SIZE (1..MAX) OF FamilyEntries OPTIONAL,
...
}
Filter ::= CHOICE {
item [0] FilterItem,
and [1] SET OF Filter,
or [2] SET OF Filter,
not [3] Filter,
...
}
FilterItem ::= CHOICE {
equality [0] AttributeValueAssertion,
substrings
[1] SEQUENCE {type ATTRIBUTE.&id({SupportedAttributes}),
strings
SEQUENCE OF
CHOICE {initial
[0] ATTRIBUTE.&Type
({SupportedAttributes}
{@substrings.type}),
any
[1] ATTRIBUTE.&Type
({SupportedAttributes}
{@substrings.type}),
final
[2] ATTRIBUTE.&Type
({SupportedAttributes}
{@substrings.type}),
control Attribute{{SupportedAttributes}},
-- Used to specify interpretation of following items
...},
...},
greaterOrEqual [2] AttributeValueAssertion,
lessOrEqual [3] AttributeValueAssertion,
present [4] AttributeType,
approximateMatch [5] AttributeValueAssertion,
extensibleMatch [6] MatchingRuleAssertion,
contextPresent [7] AttributeTypeAssertion,
...
}
MatchingRuleAssertion ::= SEQUENCE {
matchingRule [1] SET SIZE (1..MAX) OF MATCHING-RULE.&id,
type [2] AttributeType OPTIONAL,
matchValue
[3] MATCHING-RULE.&AssertionType
(CONSTRAINED BY {
-- matchValue shall be a value of type specified by the &AssertionType field of
-- one of the MATCHING-RULE information objects identified by matchingRule -- }),
dnAttributes [4] BOOLEAN DEFAULT FALSE,
...
}
PagedResultsRequest ::= CHOICE {
newRequest
SEQUENCE {pageSize INTEGER,
sortKeys SEQUENCE SIZE (1..MAX) OF SortKey OPTIONAL,
reverse [1] BOOLEAN DEFAULT FALSE,
unmerged [2] BOOLEAN DEFAULT FALSE,
pageNumber [3] INTEGER OPTIONAL,
...},
queryReference OCTET STRING,
abandonQuery [0] OCTET STRING,
...
}
SortKey ::= SEQUENCE {
type AttributeType,
orderingRule MATCHING-RULE.&id OPTIONAL,
...
}
SecurityParameters ::= SET {
certification-path [0] CertificationPath OPTIONAL,
name [1] DistinguishedName OPTIONAL,
time [2] Time OPTIONAL,
random [3] BIT STRING OPTIONAL,
target [4] ProtectionRequest OPTIONAL,
-- [5] Not to be used
operationCode [6] Code OPTIONAL,
-- [7] Not to be used
errorProtection [8] ErrorProtectionRequest OPTIONAL,
errorCode [9] Code OPTIONAL,
...
}
ProtectionRequest ::= INTEGER {none(0), signed(1)}
Time ::= CHOICE {
utcTime UTCTime,
generalizedTime GeneralizedTime,
...
}
ErrorProtectionRequest ::= INTEGER {none(0), signed(1)}
-- Bind and unbind operations
directoryBind OPERATION ::= {
ARGUMENT DirectoryBindArgument
RESULT DirectoryBindResult
ERRORS {directoryBindError}
}
DirectoryBindArgument ::= SET {
credentials [0] Credentials OPTIONAL,
versions [1] Versions DEFAULT {v1},
...
}
Credentials ::= CHOICE {
simple [0] SimpleCredentials,
strong [1] StrongCredentials,
externalProcedure [2] EXTERNAL,
spkm [3] SpkmCredentials,
sasl [4] SaslCredentials,
...
}
SimpleCredentials ::= SEQUENCE {
name [0] DistinguishedName,
validity
[1] SET {time1 [0] CHOICE {utc UTCTime,
gt GeneralizedTime} OPTIONAL,
time2 [1] CHOICE {utc UTCTime,
gt GeneralizedTime} OPTIONAL,
random1 [2] BIT STRING OPTIONAL,
random2 [3] BIT STRING OPTIONAL} OPTIONAL,
password
[2] CHOICE {unprotected OCTET STRING,
protected HASH{OCTET STRING},
...,
userPwd [0] UserPwd} OPTIONAL
}
StrongCredentials ::= SET {
certification-path [0] CertificationPath OPTIONAL,
bind-token [1] Token,
name [2] DistinguishedName OPTIONAL,
attributeCertificationPath [3] AttributeCertificationPath OPTIONAL,
...
}
SpkmCredentials ::= CHOICE {req [0] SPKM-REQ,
rep [1] SPKM-REP-TI,
...
}
SaslCredentials ::= SEQUENCE {
mechanism [0] DirectoryString{ub-saslMechanism},
credentials [1] OCTET STRING OPTIONAL,
saslAbort [2] BOOLEAN DEFAULT FALSE,
...
}
ub-saslMechanism INTEGER ::= 20 -- According to RFC 2222
Token ::= SIGNED{TokenContent}
TokenContent ::= SEQUENCE {
algorithm [0] AlgorithmIdentifier{{SupportedAlgorithms}},
name [1] DistinguishedName,
time [2] Time,
random [3] BIT STRING,
response [4] BIT STRING OPTIONAL,
...
}
Versions ::= BIT STRING {v1(0), v2(1)}
DirectoryBindResult ::= SET {
credentials [0] Credentials OPTIONAL,
versions [1] Versions DEFAULT {v1},
...,
pwdResponseValue [2] PwdResponseValue OPTIONAL
}
PwdResponseValue ::= SEQUENCE {
warning
CHOICE {timeLeft [0] INTEGER(0..MAX),
graceRemaining [1] INTEGER(0..MAX),
...} OPTIONAL,
error ENUMERATED {passwordExpired(0), changeAfterReset(1), ...
} OPTIONAL
}
directoryBindError ERROR ::= {
PARAMETER OPTIONALLY-PROTECTED
{SET {versions [0] Versions DEFAULT {v1},
error
CHOICE {serviceError [1] ServiceProblem,
securityError [2] SecurityProblem,
...},
securityParameters [30] SecurityParameters OPTIONAL}}
}
BindKeyInfo ::= ENCRYPTED{BIT STRING}
-- Operations, arguments, and results
read OPERATION ::= {
ARGUMENT ReadArgument
RESULT ReadResult
ERRORS
{attributeError | nameError | serviceError | referral | abandoned |
securityError}
CODE id-opcode-read
}
ReadArgument ::= OPTIONALLY-PROTECTED{ReadArgumentData}
ReadArgumentData ::= SET {
object [0] Name,
selection [1] EntryInformationSelection DEFAULT {},
modifyRightsRequest [2] BOOLEAN DEFAULT FALSE,
...,
...,
COMPONENTS OF CommonArguments
}
ReadResult ::= OPTIONALLY-PROTECTED{ReadResultData}
ReadResultData ::= SET {
entry [0] EntryInformation,
modifyRights [1] ModifyRights OPTIONAL,
...,
...,
COMPONENTS OF CommonResults
}
ModifyRights ::=
SET OF
SEQUENCE {item
CHOICE {entry [0] NULL,
attribute [1] AttributeType,
value [2] AttributeValueAssertion,
...},
permission
[3] BIT STRING {add(0), remove(1), rename(2), move(3)},
...}
compare OPERATION ::= {
ARGUMENT CompareArgument
RESULT CompareResult
ERRORS
{attributeError | nameError | serviceError | referral | abandoned |
securityError}
CODE id-opcode-compare
}
CompareArgument ::= OPTIONALLY-PROTECTED{CompareArgumentData}
CompareArgumentData ::= SET {
object [0] Name,
purported [1] AttributeValueAssertion,
...,
...,
COMPONENTS OF CommonArguments
}
CompareResult ::= OPTIONALLY-PROTECTED{CompareResultData}
CompareResultData ::= SET {
name Name OPTIONAL,
matched [0] BOOLEAN,
fromEntry [1] BOOLEAN DEFAULT TRUE,
matchedSubtype [2] AttributeType OPTIONAL,
...,
...,
COMPONENTS OF CommonResults
}
abandon OPERATION ::= {
ARGUMENT AbandonArgument
RESULT AbandonResult
ERRORS {abandonFailed}
CODE id-opcode-abandon
}
AbandonArgument ::= OPTIONALLY-PROTECTED-SEQ{AbandonArgumentData}
AbandonArgumentData ::= SEQUENCE {invokeID [0] InvokeId,
...
}
AbandonResult ::= CHOICE {
null NULL,
information OPTIONALLY-PROTECTED-SEQ{AbandonResultData},
...
}
AbandonResultData ::= SEQUENCE {
invokeID InvokeId,
...,
...,
COMPONENTS OF CommonResultsSeq
}
list OPERATION ::= {
ARGUMENT ListArgument
RESULT ListResult
ERRORS {nameError | serviceError | referral | abandoned | securityError}
CODE id-opcode-list
}
ListArgument ::= OPTIONALLY-PROTECTED{ListArgumentData}
ListArgumentData ::= SET {
object [0] Name,
pagedResults [1] PagedResultsRequest OPTIONAL,
listFamily [2] BOOLEAN DEFAULT FALSE,
...,
...,
COMPONENTS OF CommonArguments
}
ListResult ::= OPTIONALLY-PROTECTED{ListResultData}
ListResultData ::= CHOICE {
listInfo
SET {name Name OPTIONAL,
subordinates
[1] SET OF
SEQUENCE {rdn RelativeDistinguishedName,
aliasEntry [0] BOOLEAN DEFAULT FALSE,
fromEntry [1] BOOLEAN DEFAULT TRUE,
...},
partialOutcomeQualifier [2] PartialOutcomeQualifier OPTIONAL,
...,
...,
COMPONENTS OF CommonResults},
uncorrelatedListInfo [0] SET OF ListResult,
...
}
PartialOutcomeQualifier ::= SET {
limitProblem [0] LimitProblem OPTIONAL,
unexplored
[1] SET SIZE (1..MAX) OF ContinuationReference OPTIONAL,
unavailableCriticalExtensions [2] BOOLEAN DEFAULT FALSE,
unknownErrors
[3] SET SIZE (1..MAX) OF ABSTRACT-SYNTAX.&Type OPTIONAL,
queryReference [4] OCTET STRING OPTIONAL,
overspecFilter [5] Filter OPTIONAL,
notification
[6] SEQUENCE SIZE (1..MAX) OF Attribute{{SupportedAttributes}} OPTIONAL,
entryCount
CHOICE {bestEstimate [7] INTEGER,
lowEstimate [8] INTEGER,
exact [9] INTEGER,
...} OPTIONAL
-- [10] Not to be used
}
LimitProblem ::= INTEGER {
timeLimitExceeded(0), sizeLimitExceeded(1), administrativeLimitExceeded(2)
}
search OPERATION ::= {
ARGUMENT SearchArgument
RESULT SearchResult
ERRORS
{attributeError | nameError | serviceError | referral | abandoned |
securityError}
CODE id-opcode-search
}
SearchArgument ::= OPTIONALLY-PROTECTED{SearchArgumentData}
SearchArgumentData ::= SET {
baseObject [0] Name,
subset
[1] INTEGER {baseObject(0), oneLevel(1), wholeSubtree(2)}
DEFAULT baseObject,
filter [2] Filter DEFAULT and:{},
searchAliases [3] BOOLEAN DEFAULT TRUE,
selection [4] EntryInformationSelection DEFAULT {},
pagedResults [5] PagedResultsRequest OPTIONAL,
matchedValuesOnly [6] BOOLEAN DEFAULT FALSE,
extendedFilter [7] Filter OPTIONAL,
checkOverspecified [8] BOOLEAN DEFAULT FALSE,
relaxation [9] RelaxationPolicy OPTIONAL,
extendedArea [10] INTEGER OPTIONAL,
hierarchySelections [11] HierarchySelections DEFAULT {self},
searchControlOptions [12] SearchControlOptions DEFAULT {searchAliases},
joinArguments [13] SEQUENCE SIZE (1..MAX) OF JoinArgument OPTIONAL,
joinType
[14] ENUMERATED {innerJoin(0), leftOuterJoin(1), fullOuterJoin(2)}
DEFAULT leftOuterJoin,
...,
...,
COMPONENTS OF CommonArguments
}
HierarchySelections ::= BIT STRING {
self(0), children(1), parent(2), hierarchy(3), top(4), subtree(5),
siblings(6), siblingChildren(7), siblingSubtree(8), all(9)}
SearchControlOptions ::= BIT STRING {
searchAliases(0), matchedValuesOnly(1), checkOverspecified(2),
performExactly(3), includeAllAreas(4), noSystemRelaxation(5), dnAttribute(6),
matchOnResidualName(7), entryCount(8), useSubset(9),
separateFamilyMembers(10), searchFamily(11)}
JoinArgument ::= SEQUENCE {
joinBaseObject [0] Name,
domainLocalID [1] DomainLocalID OPTIONAL,
joinSubset
[2] ENUMERATED {baseObject(0), oneLevel(1), wholeSubtree(2), ...
} DEFAULT baseObject,
joinFilter [3] Filter OPTIONAL,
joinAttributes [4] SEQUENCE SIZE (1..MAX) OF JoinAttPair OPTIONAL,
joinSelection [5] EntryInformationSelection,
...
}
DomainLocalID ::= UnboundedDirectoryString
JoinAttPair ::= SEQUENCE {
baseAtt AttributeType,
joinAtt AttributeType,
joinContext SEQUENCE SIZE (1..MAX) OF JoinContextType OPTIONAL,
...
}
JoinContextType ::= CONTEXT.&id({SupportedContexts})
SearchResult ::= OPTIONALLY-PROTECTED{SearchResultData}
SearchResultData ::= CHOICE {
searchInfo
SET {name Name OPTIONAL,
entries [0] SET OF EntryInformation,
partialOutcomeQualifier [2] PartialOutcomeQualifier OPTIONAL,
altMatching [3] BOOLEAN DEFAULT FALSE,
...,
...,
COMPONENTS OF CommonResults},
uncorrelatedSearchInfo [0] SET OF SearchResult,
...
}
addEntry OPERATION ::= {
ARGUMENT AddEntryArgument
RESULT AddEntryResult
ERRORS
{attributeError | nameError | serviceError | referral | securityError |
updateError}
CODE id-opcode-addEntry
}
AddEntryArgument ::= OPTIONALLY-PROTECTED{AddEntryArgumentData}
AddEntryArgumentData ::= SET {
object [0] Name,
entry [1] SET OF Attribute{{SupportedAttributes}},
targetSystem [2] AccessPoint OPTIONAL,
...,
...,
COMPONENTS OF CommonArguments
}
AddEntryResult ::= CHOICE {
null NULL,
information OPTIONALLY-PROTECTED-SEQ{AddEntryResultData},
...
}
AddEntryResultData ::= SEQUENCE {...,
...,
COMPONENTS OF CommonResultsSeq
}
removeEntry OPERATION ::= {
ARGUMENT RemoveEntryArgument
RESULT RemoveEntryResult
ERRORS {nameError | serviceError | referral | securityError | updateError}
CODE id-opcode-removeEntry
}
RemoveEntryArgument ::= OPTIONALLY-PROTECTED{RemoveEntryArgumentData}
RemoveEntryArgumentData ::= SET {
object [0] Name,
...,
...,
COMPONENTS OF CommonArguments
}
RemoveEntryResult ::= CHOICE {
null NULL,
information OPTIONALLY-PROTECTED-SEQ{RemoveEntryResultData},
...
}
RemoveEntryResultData ::= SEQUENCE {...,
...,
COMPONENTS OF CommonResultsSeq
}
modifyEntry OPERATION ::= {
ARGUMENT ModifyEntryArgument
RESULT ModifyEntryResult
ERRORS
{attributeError | nameError | serviceError | referral | securityError |
updateError}
CODE id-opcode-modifyEntry
}
ModifyEntryArgument ::= OPTIONALLY-PROTECTED{ModifyEntryArgumentData}
ModifyEntryArgumentData ::= SET {
object [0] Name,
changes [1] SEQUENCE OF EntryModification,
selection [2] EntryInformationSelection OPTIONAL,
...,
...,
COMPONENTS OF CommonArguments
}
ModifyEntryResult ::= CHOICE {
null NULL,
information OPTIONALLY-PROTECTED-SEQ{ModifyEntryResultData},
...
}
ModifyEntryResultData ::= SEQUENCE {
entry [0] EntryInformation OPTIONAL,
...,
...,
COMPONENTS OF CommonResultsSeq
}
EntryModification ::= CHOICE {
addAttribute [0] Attribute{{SupportedAttributes}},
removeAttribute [1] AttributeType,
addValues [2] Attribute{{SupportedAttributes}},
removeValues [3] Attribute{{SupportedAttributes}},
alterValues [4] AttributeTypeAndValue,
resetValue [5] AttributeType,
replaceValues [6] Attribute{{SupportedAttributes}},
...
}
modifyDN OPERATION ::= {
ARGUMENT ModifyDNArgument
RESULT ModifyDNResult
ERRORS {nameError | serviceError | referral | securityError | updateError}
CODE id-opcode-modifyDN
}
ModifyDNArgument ::= OPTIONALLY-PROTECTED{ModifyDNArgumentData}
ModifyDNArgumentData ::= SET {
object [0] DistinguishedName,
newRDN [1] RelativeDistinguishedName,
deleteOldRDN [2] BOOLEAN DEFAULT FALSE,
newSuperior [3] DistinguishedName OPTIONAL,
...,
...,
COMPONENTS OF CommonArguments
}
ModifyDNResult ::= CHOICE {
null NULL,
information OPTIONALLY-PROTECTED-SEQ{ModifyDNResultData},
...
}
ModifyDNResultData ::= SEQUENCE {
newRDN RelativeDistinguishedName,
...,
...,
COMPONENTS OF CommonResultsSeq
}
changePassword OPERATION ::= {
ARGUMENT ChangePasswordArgument
RESULT ChangePasswordResult
ERRORS {securityError | updateError}
CODE id-opcode-changePassword
}
ChangePasswordArgument ::= OPTIONALLY-PROTECTED-SEQ{ChangePasswordArgumentData}
ChangePasswordArgumentData ::= SEQUENCE {
object [0] DistinguishedName,
oldPwd [1] UserPwd,
newPwd [2] UserPwd,
...
}
ChangePasswordResult ::= CHOICE {
null NULL,
information OPTIONALLY-PROTECTED-SEQ{ChangePasswordResultData},
...
}
ChangePasswordResultData ::= SEQUENCE {...,
...,
COMPONENTS OF CommonResultsSeq
}
administerPassword OPERATION ::= {
ARGUMENT AdministerPasswordArgument
RESULT AdministerPasswordResult
ERRORS {securityError | updateError}
CODE id-opcode-administerPassword
}
AdministerPasswordArgument ::=
OPTIONALLY-PROTECTED-SEQ{AdministerPasswordArgumentData}
AdministerPasswordArgumentData ::= SEQUENCE {
object [0] DistinguishedName,
newPwd [1] UserPwd,
...
}
AdministerPasswordResult ::= CHOICE {
null NULL,
information OPTIONALLY-PROTECTED-SEQ{AdministerPasswordResultData},
...
}
AdministerPasswordResultData ::= SEQUENCE {
...,
...,
COMPONENTS OF CommonResultsSeq
}
ldapTransport OPERATION ::= {
ARGUMENT LdapArgument
RESULT SEQUENCE OF LDAPMessage
ERRORS {abandonFailed | abandoned}
CODE id-opcode-ldapTransport
}
LdapArgument ::= OPTIONALLY-PROTECTED-SEQ{LdapArgumentData}
LdapArgumentData ::= SEQUENCE {
object DistinguishedName,
ldapMessage LDAPMessage,
linkId LinkId OPTIONAL,
...,
...,
COMPONENTS OF CommonArgumentsSeq
}
LinkId ::= INTEGER
LdapResult ::= OPTIONALLY-PROTECTED-SEQ{LdapResultData}
LdapResultData ::= SEQUENCE {
ldapMessages SEQUENCE SIZE (1..MAX) OF LDAPMessage OPTIONAL,
returnToClient BOOLEAN DEFAULT FALSE,
...,
...,
COMPONENTS OF CommonResultsSeq
}
linkedLDAP OPERATION ::= {
ARGUMENT LinkedArgument
RESULT LinkedResult
CODE id-opcode-linkedLDAP
}
LinkedArgument ::= OPTIONALLY-PROTECTED-SEQ{LinkedArgumentData}
LinkedArgumentData ::= SEQUENCE {
object DistinguishedName,
ldapMessage LDAPMessage,
linkId LinkId,
returnToClient BOOLEAN DEFAULT FALSE,
...,
...,
COMPONENTS OF CommonArgumentsSeq
}
LinkedResult ::= NULL
-- Errors and parameters
abandoned ERROR ::= { -- not literally an "error"
PARAMETER OPTIONALLY-PROTECTED {AbandonedData}
CODE id-errcode-abandoned
}
AbandonedData ::= SET {
problem AbandonedProblem OPTIONAL,
...,
...,
COMPONENTS OF CommonResults
}
AbandonedProblem ::= ENUMERATED {pagingAbandoned(0)}
abandonFailed ERROR ::= {
PARAMETER OPTIONALLY-PROTECTED {AbandonFailedData}
CODE id-errcode-abandonFailed
}
AbandonFailedData ::= SET {
problem [0] AbandonProblem,
operation [1] InvokeId,
...,
...,
COMPONENTS OF CommonResults
}
AbandonProblem ::= INTEGER {noSuchOperation(1), tooLate(2), cannotAbandon(3)}
attributeError ERROR ::= {
PARAMETER OPTIONALLY-PROTECTED {AttributeErrorData}
CODE id-errcode-attributeError
}
AttributeErrorData ::= SET {
object [0] Name,
problems
[1] SET OF
SEQUENCE {problem [0] AttributeProblem,
type [1] AttributeType,
value [2] AttributeValue OPTIONAL,
...},
...,
...,
COMPONENTS OF CommonResults
}
AttributeProblem ::= INTEGER {
noSuchAttributeOrValue(1), invalidAttributeSyntax(2),
undefinedAttributeType(3), inappropriateMatching(4), constraintViolation(5),
attributeOrValueAlreadyExists(6), contextViolation(7)}
nameError ERROR ::= {
PARAMETER OPTIONALLY-PROTECTED {NameErrorData}
CODE id-errcode-nameError
}
NameErrorData ::= SET {
problem [0] NameProblem,
matched [1] Name,
...,
...,
COMPONENTS OF CommonResults
}
NameProblem ::= INTEGER {
noSuchObject(1), aliasProblem(2), invalidAttributeSyntax(3),
aliasDereferencingProblem(4)
-- not to be used (5)--}
referral ERROR ::= { -- not literally an "error"
PARAMETER OPTIONALLY-PROTECTED {ReferralData}
CODE id-errcode-referral
}
ReferralData ::= SET {
candidate [0] ContinuationReference,
...,
...,
COMPONENTS OF CommonResults
}
securityError ERROR ::= {
PARAMETER OPTIONALLY-PROTECTED {SecurityErrorData}
CODE id-errcode-securityError
}
SecurityErrorData ::= SET {
problem [0] SecurityProblem,
spkmInfo [1] SPKM-ERROR OPTIONAL,
encPwdInfo [2] EncPwdInfo OPTIONAL,
...,
...,
COMPONENTS OF CommonResults
}
SecurityProblem ::= INTEGER {
inappropriateAuthentication(1), invalidCredentials(2),
insufficientAccessRights(3), invalidSignature(4), protectionRequired(5),
noInformation(6),
blockedCredentials(7),
-- invalidQOPMatch (8), obsolete
spkmError(9), unsupportedAuthenticationMethod(10), passwordExpired(11),
inappropriateAlgorithms(12)}
EncPwdInfo ::= SEQUENCE {
algorithms
[0] SEQUENCE OF AlgorithmIdentifier{{SupportedAlgorithms}} OPTIONAL,
pwdQualityRule [1] SEQUENCE OF AttributeTypeAndValue OPTIONAL,
...
}
serviceError ERROR ::= {
PARAMETER OPTIONALLY-PROTECTED {ServiceErrorData}
CODE id-errcode-serviceError
}
ServiceErrorData ::= SET {
problem [0] ServiceProblem,
...,
...,
COMPONENTS OF CommonResults
}
ServiceProblem ::= INTEGER {
busy(1), unavailable(2), unwillingToPerform(3), chainingRequired(4),
unableToProceed(5), invalidReference(6), timeLimitExceeded(7),
administrativeLimitExceeded(8), loopDetected(9),
unavailableCriticalExtension(10), outOfScope(11), ditError(12),
invalidQueryReference(13), requestedServiceNotAvailable(14),
unsupportedMatchingUse(15), ambiguousKeyAttributes(16),
saslBindInProgress(17), notSupportedByLDAP(18)}
updateError ERROR ::= {
PARAMETER OPTIONALLY-PROTECTED {UpdateErrorData}
CODE id-errcode-updateError
}
UpdateErrorData ::= SET {
problem [0] UpdateProblem,
attributeInfo
[1] SET SIZE (1..MAX) OF
CHOICE {attributeType AttributeType,
attribute Attribute{{SupportedAttributes}},
...} OPTIONAL,
...,
...,
COMPONENTS OF CommonResults
}
UpdateProblem ::= INTEGER {
namingViolation(1), objectClassViolation(2), notAllowedOnNonLeaf(3),
notAllowedOnRDN(4), entryAlreadyExists(5), affectsMultipleDSAs(6),
objectClassModificationProhibited(7), noSuchSuperior(8), notAncestor(9),
parentNotAncestor(10), hierarchyRuleViolation(11), familyRuleViolation(12),
insufficientPasswordQuality(13), passwordInHistory(14), noPasswordSlot(15)
}
-- attribute types
id-at-family-information OBJECT IDENTIFIER ::= {id-at 64}
END -- DirectoryAbstractService
-- Generated by Asnp, the ASN.1 pretty-printer of France Telecom R&D