LDAPv3 asn

来源：互联网发布：怎么在淘宝上做客服编辑：程序博客网时间：2024/04/29 13:24

Lightweight-Directory-Access-Protocol-V3.asn

-- Module Lightweight-Directory-Access-Protocol-V3 (RFC 2251:12/1997)
Lightweight-Directory-Access-Protocol-V3
--
-- $Id$
-- This is based on the ASN.1 definitions in RFC 2251, with changes made
-- as necessary for Wireshark.
-- Copyright (C) The Internet Society (1997). This version of
-- this ASN.1 module is part of RFC 2251;
-- see the RFC itself for full legal notices.
--
DEFINITIONS IMPLICIT TAGS ::=
BEGIN

LDAPMessage ::= SEQUENCE {
messageID MessageID,
protocolOp ProtocolOp,
controls [0] Controls OPTIONAL
}

MessageID ::= INTEGER(0..maxInt)

ProtocolOp ::= CHOICE {
bindRequest BindRequest,
bindResponse BindResponse,
unbindRequest UnbindRequest,
searchRequest SearchRequest,
searchResEntry SearchResultEntry,
searchResDone SearchResultDone,
searchResRef SearchResultReference,
modifyRequest ModifyRequest,
modifyResponse ModifyResponse,
addRequest AddRequest,
addResponse AddResponse,
delRequest DelRequest,
delResponse DelResponse,
modDNRequest ModifyDNRequest,
modDNResponse ModifyDNResponse,
compareRequest CompareRequest,
compareResponse CompareResponse,
abandonRequest AbandonRequest,
extendedReq ExtendedRequest,
extendedResp ExtendedResponse,
intermediateResponse IntermediateResponse
}

maxInt INTEGER ::= 2147483647 -- (2^^31 - 1)

LDAPString ::= OCTET STRING

LDAPOID ::= OCTET STRING

LDAPDN ::= LDAPString

RelativeLDAPDN ::= LDAPString

AttributeType ::= LDAPString

AttributeDescription ::= LDAPString

AttributeDescriptionList ::= SEQUENCE OF AttributeDescription

AttributeValue ::= OCTET STRING

AttributeValueAssertion ::= SEQUENCE {
attributeDesc AttributeDescription,
assertionValue AssertionValue
}

AssertionValue ::= OCTET STRING

Attribute ::= SEQUENCE {type AttributeDescription,
vals SET OF AttributeValue
}

MatchingRuleId ::= LDAPString

LDAPResult ::= SEQUENCE {
resultCode
ENUMERATED {success(0), operationsError(1), protocolError(2),
timeLimitExceeded(3), sizeLimitExceeded(4), compareFalse(5),
compareTrue(6), authMethodNotSupported(7),
strongAuthRequired(8),
-- 9 reserved
referral(10),-- new-- adminLimitExceeded(11),-- new--
unavailableCriticalExtension(12),-- new--
confidentialityRequired(13),-- new--
saslBindInProgress(14),-- new-- noSuchAttribute(16),
undefinedAttributeType(17), inappropriateMatching(18),
constraintViolation(19), attributeOrValueExists(20),
invalidAttributeSyntax(21),
-- 22-31 unused
noSuchObject(32), aliasProblem(33),
invalidDNSyntax(34),
-- 35 reserved for undefined isLeaf
aliasDereferencingProblem(36),
-- 37-47 unused
inappropriateAuthentication(48), invalidCredentials(49),
insufficientAccessRights(50), busy(51), unavailable(52),
unwillingToPerform(53),
loopDetect(54),
-- 55-63 unused
namingViolation(64), objectClassViolation(65),
notAllowedOnNonLeaf(66), notAllowedOnRDN(67),
entryAlreadyExists(68),
objectClassModsProhibited(69),
-- 70 reserved for CLDAP
affectsMultipleDSAs(71),-- new--
-- 72-79 unused
other(80),
canceled(118), noSuchOperation(119), tooLate(120), cannotCancel(121) -- RFC 3909
},
-- 81-90 reserved for APIs
matchedDN LDAPDN,
errorMessage ErrorMessage,
referral [3] Referral OPTIONAL
}

Referral ::= SEQUENCE OF LDAPURL

LDAPURL ::= OCTET STRING -- LDAPString - - limited to characters permitted in URLs

Controls ::= SEQUENCE OF Control

Control ::= SEQUENCE {
controlType ControlType,
criticality BOOLEAN DEFAULT FALSE,
controlValue OCTET STRING OPTIONAL
}

ControlType ::= LDAPOID

BindRequest ::= [APPLICATION 0] SEQUENCE {
version INTEGER(1..127),
name LDAPDN,
authentication AuthenticationChoice
}

AuthenticationChoice ::= CHOICE {
simple [0] Simple,
-- 1 and 2 reserved
sasl [3] SaslCredentials,
-- 10,11 from bug 1148
ntlmsspNegotiate [10] IMPLICIT OCTET STRING,
ntlmsspAuth [11] IMPLICIT OCTET STRING
}

Simple ::= OCTET STRING

SaslCredentials ::= SEQUENCE {
mechanism Mechanism,
credentials Credentials OPTIONAL
}

--4.1.2. String Types
--
-- The LDAPString is a notational convenience to indicate that, although
-- strings of LDAPString type encode as OCTET STRING types, the ISO
-- 10646 [13] character set (a superset of Unicode) is used, encoded
-- following the UTF-8 algorithm [14]. Note that in the UTF-8 algorithm
-- characters which are the same as ASCII (0x0000 through 0x007F) are
-- represented as that same ASCII character in a single byte. The other
-- byte values are used to form a variable-length encoding of an
-- arbitrary character.

-- Mechanism ::= LDAPString
Mechanism ::= OCTET STRING

Credentials ::= OCTET STRING

BindResponse ::= [APPLICATION 1] SEQUENCE {
-- COMPONENTS OF LDAPResult,
resultCode
ENUMERATED {success(0), operationsError(1), protocolError(2),
timeLimitExceeded(3), sizeLimitExceeded(4), compareFalse(5),
compareTrue(6), authMethodNotSupported(7),
strongAuthRequired(8),
-- 9 reserved
referral(10),-- new-- adminLimitExceeded(11),-- new--
unavailableCriticalExtension(12),-- new--
confidentialityRequired(13),-- new--
saslBindInProgress(14),-- new-- noSuchAttribute(16),
undefinedAttributeType(17), inappropriateMatching(18),
constraintViolation(19), attributeOrValueExists(20),
invalidAttributeSyntax(21),
-- 22-31 unused
noSuchObject(32), aliasProblem(33),
invalidDNSyntax(34),
-- 35 reserved for undefined isLeaf
aliasDereferencingProblem(36),
-- 37-47 unused
inappropriateAuthentication(48), invalidCredentials(49),
insufficientAccessRights(50), busy(51), unavailable(52),
unwillingToPerform(53),
loopDetect(54),
-- 55-63 unused
namingViolation(64), objectClassViolation(65),
notAllowedOnNonLeaf(66), notAllowedOnRDN(67),
entryAlreadyExists(68),
objectClassModsProhibited(69),
-- 70 reserved for CLDAP
affectsMultipleDSAs(71),-- new--
-- 72-79 unused
other(80),
canceled(118), noSuchOperation(119), tooLate(120), cannotCancel(121) -- RFC 3909
},
-- 81-90 reserved for APIs
matchedDN LDAPDN,
errorMessage ErrorMessage,
referral [3] Referral OPTIONAL,

-- end of components
serverSaslCreds [7] ServerSaslCreds OPTIONAL
}

ServerSaslCreds ::= OCTET STRING

ErrorMessage ::= LDAPString

UnbindRequest ::= [APPLICATION 2] NULL

SearchRequest ::= [APPLICATION 3] SEQUENCE {
baseObject LDAPDN,
scope ENUMERATED {baseObject(0), singleLevel(1), wholeSubtree(2)},
derefAliases
ENUMERATED {neverDerefAliases(0), derefInSearching(1),
derefFindingBaseObj(2), derefAlways(3)},
sizeLimit INTEGER(0..maxInt),
timeLimit INTEGER(0..maxInt),
typesOnly BOOLEAN,
filter Filter,
attributes AttributeDescriptionList
}

Filter ::= CHOICE {
and [0] SET OF Filter,
or [1] SET OF Filter,
not [2] Filter,
equalityMatch [3] AttributeValueAssertion,
substrings [4] SubstringFilter,
greaterOrEqual [5] AttributeValueAssertion,
lessOrEqual [6] AttributeValueAssertion,
present [7] AttributeDescription,
approxMatch [8] AttributeValueAssertion,
extensibleMatch [9] MatchingRuleAssertion
}

SubstringFilter ::= SEQUENCE {
type AttributeDescription,
-- at least one must be present
substrings
SEQUENCE OF
CHOICE {initial [0] LDAPString,
any [1] LDAPString,
final [2] LDAPString}
}

MatchingRuleAssertion ::= SEQUENCE {
matchingRule [1] MatchingRuleId OPTIONAL,
type [2] AttributeDescription OPTIONAL,
matchValue [3] AssertionValue,
dnAttributes [4] BOOLEAN DEFAULT FALSE
}

SearchResultEntry ::= [APPLICATION 4] SEQUENCE {
objectName LDAPDN,
attributes PartialAttributeList
}

PartialAttributeList ::=
SEQUENCE OF SEQUENCE {type AttributeDescription,
vals SET OF AttributeValue}

SearchResultReference ::= [APPLICATION 19] SEQUENCE OF LDAPURL

SearchResultDone ::= [APPLICATION 5] LDAPResult

ModifyRequest ::= [APPLICATION 6] SEQUENCE {
object LDAPDN,
modification
SEQUENCE OF
SEQUENCE {operation ENUMERATED {add(0), delete(1), replace(2)},
modification AttributeTypeAndValues}
}

AttributeTypeAndValues ::= SEQUENCE {
type AttributeDescription,
vals SET OF AttributeValue
}

ModifyResponse ::= [APPLICATION 7] LDAPResult

AddRequest ::= [APPLICATION 8] SEQUENCE {
entry LDAPDN,
attributes AttributeList
}

AttributeList ::=
SEQUENCE OF SEQUENCE {type AttributeDescription,
vals SET OF AttributeValue}

AddResponse ::= [APPLICATION 9] LDAPResult

DelRequest ::= [APPLICATION 10] LDAPDN

DelResponse ::= [APPLICATION 11] LDAPResult

ModifyDNRequest ::= [APPLICATION 12] SEQUENCE {
entry LDAPDN,
newrdn RelativeLDAPDN,
deleteoldrdn BOOLEAN,
newSuperior [0] LDAPDN OPTIONAL
}

ModifyDNResponse ::= [APPLICATION 13] LDAPResult

CompareRequest ::= [APPLICATION 14] SEQUENCE {
entry LDAPDN,
ava AttributeValueAssertion
}

CompareResponse ::= [APPLICATION 15] LDAPResult

AbandonRequest ::= [APPLICATION 16] MessageID

ExtendedRequest ::= [APPLICATION 23] SEQUENCE {
requestName [0] LDAPOID,
requestValue [1] OCTET STRING OPTIONAL
}

ExtendedResponse ::= [APPLICATION 24] SEQUENCE {
-- COMPONENTS OF LDAPResult,
resultCode
ENUMERATED {success(0), operationsError(1), protocolError(2),
timeLimitExceeded(3), sizeLimitExceeded(4), compareFalse(5),
compareTrue(6), authMethodNotSupported(7),
strongAuthRequired(8),
-- 9 reserved
referral(10),-- new-- adminLimitExceeded(11),-- new--
unavailableCriticalExtension(12),-- new--
confidentialityRequired(13),-- new--
saslBindInProgress(14),-- new-- noSuchAttribute(16),
undefinedAttributeType(17), inappropriateMatching(18),
constraintViolation(19), attributeOrValueExists(20),
invalidAttributeSyntax(21),
-- 22-31 unused
noSuchObject(32), aliasProblem(33),
invalidDNSyntax(34),
-- 35 reserved for undefined isLeaf
aliasDereferencingProblem(36),
-- 37-47 unused
inappropriateAuthentication(48), invalidCredentials(49),
insufficientAccessRights(50), busy(51), unavailable(52),
unwillingToPerform(53),
loopDetect(54),
-- 55-63 unused
namingViolation(64), objectClassViolation(65),
notAllowedOnNonLeaf(66), notAllowedOnRDN(67),
entryAlreadyExists(68),
objectClassModsProhibited(69),
-- 70 reserved for CLDAP
affectsMultipleDSAs(71),-- new--
-- 72-79 unused
other(80),
canceled(118), noSuchOperation(119), tooLate(120), cannotCancel(121) -- RFC 3909
},
-- 81-90 reserved for APIs
matchedDN LDAPDN,
errorMessage ErrorMessage,
referral [3] Referral OPTIONAL,
-- end of COMPONENTS
responseName [10] ResponseName OPTIONAL,
response [11] OCTET STRING OPTIONAL
}

IntermediateResponse ::= [APPLICATION 25] SEQUENCE {
responseName [0] ResponseName OPTIONAL,
responseValue [1] OCTET STRING OPTIONAL
}

ResponseName ::= LDAPOID

-- RFC 2696 - Simple Paged Results Manipulation

SearchControlValue ::= SEQUENCE {
size INTEGER --(0..maxInt)--,
-- requested page size from client
-- result set size estimate from server
cookie OCTET STRING
}

-- RFC 2891 - Server Side Sorting of Search Results

SortKeyList ::= SEQUENCE OF SEQUENCE {
attributeType AttributeDescription,
orderingRule [0] MatchingRuleId OPTIONAL,
reverseOrder [1] BOOLEAN DEFAULT FALSE }

SortResult ::= SEQUENCE {
sortResult ENUMERATED {
success (0), -- results are sorted
operationsError (1), -- server internal failure
timeLimitExceeded (3), -- timelimit reached before
-- sorting was completed
strongAuthRequired (8), -- refused to return sorted
-- results via insecure
-- protocol
adminLimitExceeded (11), -- too many matching entries
-- for the server to sort
noSuchAttribute (16), -- unrecognized attribute
-- type in sort key
inappropriateMatching (18), -- unrecognized or
-- inappropriate matching
-- rule in sort key
insufficientAccessRights (50), -- refused to return sorted
-- results to this client
busy (51), -- too busy to process
unwillingToPerform (53), -- unable to sort
other (80)
},
attributeType [0] AttributeDescription OPTIONAL }

-- Draft RFC - but used in some implementations
-- Normaly it's an integer but we want to generate a subitem
DirSyncFlagsSubEntry ::= SEQUENCE {
value [0] INTEGER
}

DirSyncFlags ::= INTEGER

DirSyncControlValue ::= SEQUENCE {
flags DirSyncFlags,
maxBytes INTEGER,
cookie OCTET STRING
}

-- RFC 3062

--passwdModifyOID OBJECT IDENTIFIER ::= 1.3.6.1.4.1.4203.1.11.1

PasswdModifyRequestValue ::= SEQUENCE {
userIdentity [0] OCTET STRING OPTIONAL,
oldPasswd [1] OCTET STRING OPTIONAL,
newPasswd [2] OCTET STRING OPTIONAL
}

PasswdModifyResponseValue ::= SEQUENCE {
genPasswd [0] OCTET STRING OPTIONAL
}

-- RFC 3909

--cancelRequestOID OBJECT IDENTIFIER ::= 1.3.6.1.1.8

CancelRequestValue ::= SEQUENCE {
cancelID MessageID
}

-- RFC 4533

--syncRequestOID OBJECT IDENTIFIER ::= 1.3.6.1.4.1.4203.1.9.1.1

SyncRequestValue ::= SEQUENCE {
mode ENUMERATED {
-- 0 unused
refreshOnly (1),
-- 2 reserved
refreshAndPersist (3)
},
cookie OCTET STRING OPTIONAL, -- SyncCookie OPTIONAL
reloadHint BOOLEAN DEFAULT FALSE
}

--syncStateOID OBJECT IDENTIFIER ::= 1.3.6.1.4.1.4203.1.9.1.2

SyncStateValue ::= SEQUENCE {
state ENUMERATED {
present (0),
add (1),
modify (2),
delete (3)
},
entryUUID SyncUUID,
cookie OCTET STRING OPTIONAL -- SyncCookie OPTIONAL
}

--syncDoneOID OBJECT IDENTIFIER ::= 1.3.6.1.4.1.4203.1.9.1.3

SyncDoneValue ::= SEQUENCE {
cookie OCTET STRING OPTIONAL, -- SyncCookie OPTIONAL
refreshDeletes BOOLEAN DEFAULT FALSE
}

--syncInfoOID OBJECT IDENTIFIER ::= 1.3.6.1.4.1.4203.1.9.1.4

SyncInfoValue ::= CHOICE {
newcookie [0] OCTET STRING, -- SyncCookie
refreshDelete [1] SEQUENCE {
cookie OCTET STRING OPTIONAL, -- SyncCookie OPTIONAL
refreshDone BOOLEAN DEFAULT TRUE
},
refreshPresent [2] SEQUENCE {
cookie OCTET STRING OPTIONAL, -- SyncCookie OPTIONAL
refreshDone BOOLEAN DEFAULT TRUE
},
syncIdSet [3] SEQUENCE {
cookie OCTET STRING OPTIONAL, -- SyncCookie OPTIONAL
refreshDeletes BOOLEAN DEFAULT FALSE,
syncUUIDs SET OF SyncUUID
}
}

SyncUUID ::= OCTET STRING(SIZE(16))

-- SyncCookie ::= OCTET STRING

--

-- Draft RFC - Password Policy for LDAP Directories
-- https://opends.dev.java.net/public/standards/draft-behera-ldap-password-policy.txt

PasswordPolicyResponseValue ::= SEQUENCE {
warning [0] CHOICE {
timeBeforeExpiration [0] INTEGER (0 .. maxInt),
graceAuthNsRemaining [1] INTEGER (0 .. maxInt) } OPTIONAL,
error [1] ENUMERATED {
passwordExpired (0),
accountLocked (1),
changeAfterReset (2),
passwordModNotAllowed (3),
mustSupplyOldPassword (4),
insufficientPasswordQuality (5),
passwordTooShort (6),
passwordTooYoung (7),
passwordInHistory (8) } OPTIONAL }

END

-- Generated by Asnp, the ASN.1 pretty-printer of France Telecom R&D

0 0