Rec. ITU-T X.511 (10/2019) Information technology – Open Systems Interconnection – The Directory: bstract service definition
Summary
History
FOREWORD
CONTENTS
Introduction
1 Scope
2 Normative references
     2.1 Identical Recommendations | International Standards
     2.2 Paired Recommendations | International Standards equivalent in technical content
     2.3 Additional references
3 Definitions
     3.1 OSI Reference Model security architecture definitions
     3.2 Basic Directory definitions
     3.3 Directory model definitions
     3.4 Directory information base definitions
     3.5 Directory entry definitions
     3.6 Name definitions
     3.7 Distributed operations definitions
     3.8 Abstract service definitions
4 Abbreviations
5 Conventions
6 Overview of the Directory service
7 Information types and common procedures
     7.1 Introduction
     7.2 Information types defined elsewhere
     7.3 Common arguments
          7.3.1 Critical extensions
          7.3.2 Family grouping
     7.4 Common results
     7.5 Service controls
     7.6 Entry information selection
          7.6.1 Use of contextSelection or context selection defaults
          7.6.2 Evaluation of contextSelection
          7.6.3 Evaluation of a TypeAndContextAssertion
          7.6.4 Family Return
     7.7 Entry information
          7.7.1 Entry information data type
          7.7.2 Family information in entry information
     7.8 Filter
          7.8.1 Filter parameter
          7.8.2 Filter item
          7.8.3 Evaluating filters with family information
     7.9 Paged results
     7.10 Security parameters
     7.11 Common elements of procedure for access control
          7.11.1 Common elements of procedure for basic access control
               7.11.1.1 Alias dereferencing
               7.11.1.2 Return of Name Error
               7.11.1.3 Non-disclosure of the existence of an entry
               7.11.1.4 Return of Distinguished Name
          7.11.2 Common elements of procedure for rule-based-access-control
               7.11.2.1 Accessing an entry (entry level permission)
               7.11.2.2 Returning the name of an entry
               7.11.2.3 Alias dereferencing
               7.11.2.4 Return of Name Error (noSuchObject)
               7.11.2.5 Accessing an attribute
               7.11.2.6 Deleting information
               7.11.2.7 Invoking search-rules
          7.11.3 Family information
     7.12 Managing the DSA Information Tree
     7.13 Procedures for families of entries
8 Directory authentication
     8.1 Simple authentication procedure
          8.1.1 Generation of protected identifying information
          8.1.2 Procedure for protected simple authentication
     8.2 Password policy
          8.2.1 Introduction
          8.2.2 Operational attributes and procedures
          8.2.3 Password history
9 Bind, Unbind operations, Change Password and Administer Password operations
     9.1 Directory Bind
          9.1.1 Directory Bind syntax
          9.1.2 Directory Bind arguments
          9.1.3 Directory Bind results
          9.1.4 Directory Bind errors
     9.2 Directory Unbind
10 Directory Read operations
     10.1 Read
          10.1.1 Read syntax
          10.1.2 Read  components
          10.1.3 Read results
          10.1.4 Read errors
          10.1.5 Read operation decision points for basic access control
               10.1.5.1 Error returns
               10.1.5.2 Non-disclosure of incomplete results
          10.1.6 Read operation decision points for rule-based access control
     10.2 Compare
          10.2.1 Compare syntax
          10.2.2 Compare arguments
          10.2.3 Compare results
          10.2.4 Compare errors
          10.2.5 Compare operation decision points for basic access control
               10.2.5.1 Error returns
          10.2.6 Compare operation decision points for rule-based access control
          10.2.7 Remote checking of password
     10.3 Abandon
11 Directory Search operations
     11.1 List
          11.1.1 List syntax
          11.1.2 List arguments
          11.1.3 List results
          11.1.4 List errors
          11.1.5 List operation decision points for basic access control
          11.1.6 List operation decision points for rule-based access control
     11.2 Search
          11.2.1 Search syntax
          11.2.2 Search components
          11.2.3 Search results
          11.2.4 Service administration
          11.2.5 Search errors
          11.2.6 Search operation decision points for basic access control
               11.2.6.1 Search operation decision points for basic-access-control in the presence of additional searches
               11.2.6.2 Alias dereferencing during Search
               11.2.6.3 Non-disclosure of incomplete results
          11.2.7 Search operation decision points for rule-based access control
12 Directory Modify operations
     12.1 Add Entry
          12.1.1 Add Entry syntax
          12.1.2 Add Entry arguments
          12.1.3 Add Entry results
          12.1.4 Add Entry errors
          12.1.5 Add operation decision points for basic access control
               12.1.5.1 Error returns
          12.1.6 Add Entry operation decision points for rule-based-access-control
     12.2 Remove Entry
          12.2.1 Remove Entry syntax
          12.2.2 Remove Entry arguments
          12.2.3 Remove Entry results
          12.2.4 Remove Entry errors
          12.2.5 Remove Entry operation decision points for basic access control
          12.2.6 Remove Entry operation decision points for rule-based access control
     12.3 Modify Entry
          12.3.1 Modify Entry syntax
          12.3.2 Modify Entry arguments
          12.3.3 Modify Entry results
          12.3.4 Modify Entry errors
          12.3.5 Modify Entry operation decision points for basic access control
               12.3.5.1 Error returns
          12.3.6 Modify Entry operation decision points for rule-based access control
     12.4 Modify DN
          12.4.1 Modify DN syntax
          12.4.2 Modify DN arguments
          12.4.3 Modify DN results
          12.4.4 Modify DN errors
          12.4.5 ModifyDN decision points for basic access control
               12.4.5.1 Error returns
          12.4.6 Modify DN operation decision points for rule-based access control
     12.5 Change Password
          12.5.1 Change Password syntax
          12.5.2 Change Password arguments
          12.5.3 Change Password results
          12.5.4 Change Password errors
     12.6 Administer Password
          12.6.1 Administer Password syntax
          12.6.2  Administer Password arguments
          12.6.3 Administer Password results
          12.6.4 Administer Password errors
13 Operations for LDAP messages
     13.1 LDAP Transport operation
          13.1.1 LDAP Transport syntax
          13.1.2 LDAP Transport arguments
          13.1.3 LDAP Transport results
     13.2 Linked LDAP operation
          13.2.1 Linked LDAP syntax
          13.2.2 Linked LDAP arguments
          13.2.3 Linked LDAP results
14 Errors
     14.1 Error precedence
     14.2 Abandoned
     14.3 Abandon Failed
     14.4 Attribute Error
     14.5 Name Error
     14.6 Referral
     14.7 Security Error
     14.8 Service Error
     14.9 Update Error
15 Analysis of search arguments
     15.1 General check of search filter
     15.2 Check of request-attribute-profiles
     15.3 Check of controls and hierarchy selections
     15.4 Check of matching use
     C.1 Single family example
     C.2 Multiple families example
          C.2.1 Filter example 1
          C.2.2 Filter example 2
          C.2.3 Filter example 3
          C.2.4 Filter example 4