...
The LDAP ASN.1 Grammar is described in RFC 2251. Here is the grammar :
No Format |
---|
LDAPLightweight-Directory-Access-Protocol-V3 {1 DEFINITIONS 3 6 1 1 18} IMPLICIT TAGS ::= --pragma {packagePrefix: "ldapd.common.ber"} BEGIN Copyright (C) The Internet Society (2006). This version of LDAPMessage ::= SEQUENCE { -- this ASN.1 module is part of RFC 4511; see the RFC itself messageID -- MessageID, protocolOp CHOICE { bindRequest BindRequest, bindResponse BindResponse, unbindRequest UnbindRequest, searchRequest SearchRequest, searchResEntry SearchResultEntry, for full legal notices. searchResDone SearchResultDone,DEFINITIONS IMPLICIT TAGS EXTENSIBILITY IMPLIED ::= searchResRef SearchResultReference,BEGIN LDAPMessage ::= SEQUENCE { modifyRequestmessageID ModifyRequest, MessageID, protocolOp CHOICE modifyResponse ModifyResponse,{ bindRequest addRequest AddRequestBindRequest, bindResponse addResponse AddResponseBindResponse, unbindRequest delRequest DelRequestUnbindRequest, searchRequest delResponse DelResponseSearchRequest, searchResEntry modDNRequest ModifyDNRequestSearchResultEntry, searchResDone modDNResponse ModifyDNResponseSearchResultDone, searchResRef compareRequest CompareRequestSearchResultReference, modifyRequest compareResponse CompareResponseModifyRequest, modifyResponse abandonRequest AbandonRequestModifyResponse, addRequest extendedReq ExtendedRequestAddRequest, addResponse extendedResp ExtendedResponse }AddResponse, delRequest controls [0] Controls OPTIONAL }DelRequest, MessageID ::= INTEGER (0 .. maxInt) delResponse maxInt INTEGER ::= 2147483647 -- (2^^31 - 1) -- DelResponse, LDAPString ::= OCTET STRING modDNRequest LDAPOID ::= OCTET STRING ModifyDNRequest, LDAPDN ::= LDAPString RelativeLDAPDN ::= LDAPString modDNResponse AttributeType ::= LDAPStringModifyDNResponse, AttributeDescription ::= LDAPString AttributeDescriptionListcompareRequest ::= SEQUENCE OF CompareRequest, AttributeDescription AttributeValuecompareResponse ::= OCTET STRING CompareResponse, AttributeValueAssertion ::= SEQUENCE { abandonRequest attributeDesc AttributeDescriptionAbandonRequest, assertionValue AssertionValueextendedReq } AssertionValue ::= OCTET STRING ExtendedRequest, Attribute ::= SEQUENCE { extendedResp type AttributeDescriptionExtendedResponse, vals SET OF AttributeValue } ..., MatchingRuleId ::= LDAPString LDAPResultintermediateResponse ::= SEQUENCEIntermediateResponse {}, controls resultCode [0] Controls ENUMERATEDOPTIONAL {} MessageID ::= INTEGER (0 .. maxInt) maxInt INTEGER ::= 2147483647 -- (2^^31 - success 1) -- LDAPString ::= OCTET STRING -- UTF-8 encoded, (0), operationsError -- [ISO10646] characters (1), LDAPOID ::= OCTET STRING -- Constrained to <numericoid> protocolError -- [RFC4512] (2), LDAPDN ::= LDAPString -- Constrained to <distinguishedName> timeLimitExceeded (3),-- [RFC4514] RelativeLDAPDN ::= LDAPString -- Constrained to <name-component> sizeLimitExceeded (4), -- [RFC4514] AttributeDescription ::= LDAPString compareFalse (5), -- Constrained to <attributedescription> compareTrue -- [RFC4512] (6), AttributeValue ::= OCTET STRING AttributeValueAssertion ::= SEQUENCE { authMethodNotSupported attributeDesc (7)AttributeDescription, assertionValue AssertionValue } AssertionValue ::= strongAuthRequiredOCTET STRING PartialAttribute ::= SEQUENCE (8),{ type AttributeDescription, vals SET --OF 9value reservedAttributeValue --} Attribute ::= PartialAttribute(WITH COMPONENTS { ..., referral vals (SIZE(1..MAX))}) MatchingRuleId (10),::= LDAPString -- new LDAPResult ::= SEQUENCE { resultCode adminLimitExceeded ENUMERATED { (11), -- new success unavailableCriticalExtension (120), -- new operationsError confidentialityRequired(1), (13), -- new protocolError (2), saslBindInProgress (14), -- new timeLimitExceeded (3), noSuchAttribute sizeLimitExceeded (164), compareFalse undefinedAttributeType (175), compareTrue inappropriateMatching (186), authMethodNotSupported (7), constraintViolationstrongerAuthRequired (198), -- 9 reserved -- attributeOrValueExists (20), referral invalidAttributeSyntax(10), (21), adminLimitExceeded (11), -- 22-31 unused -- unavailableCriticalExtension (12), confidentialityRequired (13), noSuchObject saslBindInProgress (32), (14), noSuchAttribute aliasProblem (16), (33), undefinedAttributeType (17), invalidDNSyntax inappropriateMatching (3418), constraintViolation -- 35 reserved for undefined isLeaf --(19), attributeOrValueExists (20), aliasDereferencingProblem (36), invalidAttributeSyntax (21), -- 3722-4731 unused -- noSuchObject inappropriateAuthentication (4832), aliasProblem invalidCredentials (4933), invalidDNSyntax insufficientAccessRights (5034), -- 35 reserved for undefined isLeaf busy-- aliasDereferencingProblem (5136), -- 37-47 unused -- unavailable inappropriateAuthentication (5248), invalidCredentials (49), unwillingToPerform (53), insufficientAccessRights (50), busy loopDetect (5451), unavailable (52), -- 55-63 unused -- unwillingToPerform (53), namingViolation loopDetect (64), (54), objectClassViolation (65), -- 55-63 unused -- namingViolation notAllowedOnNonLeaf (6664), objectClassViolation (65), notAllowedOnRDN notAllowedOnNonLeaf (67), (66), notAllowedOnRDN entryAlreadyExists (6867), entryAlreadyExists (68), objectClassModsProhibited (69), objectClassModsProhibited (69), -- 70 reserved for CLDAP -- affectsMultipleDSAs (71), -- new -- 72-79 unused -- other other (80), ... (80) }, matchedDN LDAPDN, -- 81-90 reserved for APIs -- diagnosticMessage LDAPString, referral matchedDN LDAPDN, [3] Referral OPTIONAL } Referral ::= SEQUENCE errorMessage LDAPString, SIZE (1..MAX) OF uri URI URI ::= LDAPString -- limited referralto characters permitted in [3] Referral OPTIONAL } Referral ::= SEQUENCE OF LDAPURL LDAPURL ::= LDAPString -- limited to characters permitted in URLsURIs Controls ::= SEQUENCE OF control Control Control ::= SEQUENCE { controlType LDAPOID, criticality BOOLEAN DEFAULT FALSE, controlValue OCTET STRING OPTIONAL } BindRequest ::= [DIRxSBOX:APPLICATION 0] SEQUENCE { version INTEGER (1 .. 127), name LDAPDN, authentication AuthenticationChoice } AuthenticationChoice ::= CHOICE { simple [0] OCTET STRING, -- 1 and 2 reserved sasl sasl [3] SaslCredentials, [3] SaslCredentials ... } SaslCredentials ::= SEQUENCE { mechanism LDAPString, credentials OCTET STRING OPTIONAL } BindResponse ::= [DIRxSBOX:APPLICATION 1] SEQUENCE { COMPONENTS OF LDAPResult, serverSaslCreds [7] OCTET STRING OPTIONAL } UnbindRequest ::= [DIRxSBOX:APPLICATION 2] NULL SearchRequest ::= [DIRxSBOX:APPLICATION 3] SEQUENCE { baseObject LDAPDN, scope ENUMERATED { baseObject (0), singleLevel (1), wholeSubtree wholeSubtree (2), (2) }, ... }, derefAliases ENUMERATED { derefAliases ENUMERATED { neverDerefAliases (0), derefInSearching (1), derefFindingBaseObj (2), derefAlways (3) }, sizeLimit INTEGER (0 .. maxInt), timeLimit INTEGER (0 .. maxInt), typesOnly BOOLEAN, filter Filter, attributes AttributeDescriptionListAttributeSelection } FilterAttributeSelection ::= CHOICESEQUENCE { OF and [0] SET OF Filter, orselector LDAPString [1] SET OF Filter, -- The LDAPString is constrained to not [2] Filter, -- <attributeSelector> in Section 4.5.1.8 equalityMatch Filter [3] AttributeValueAssertion,::= CHOICE { and substrings [4] SubstringFilter, [0] SET SIZE (1..MAX) OF filter Filter, greaterOrEqual [5] AttributeValueAssertion, or lessOrEqual[1] SET SIZE (1..MAX) OF [6]filter AttributeValueAssertionFilter, not present [72] AttributeDescriptionFilter, equalityMatch approxMatch [83] AttributeValueAssertion, substrings extensibleMatch [94] MatchingRuleAssertion } SubstringFilter, SubstringFilter ::= SEQUENCE { greaterOrEqual [5] AttributeValueAssertion, type lessOrEqual AttributeDescription, [6] AttributeValueAssertion, -- at least one must be present substrings[7] AttributeDescription, SEQUENCE OF CHOICE { approxMatch [8] AttributeValueAssertion, initialextensibleMatch [09] LDAPStringMatchingRuleAssertion, ... } SubstringFilter ::= SEQUENCE { any [1] LDAPString, type AttributeDescription, final [2] LDAPString } } substrings SEQUENCE SIZE MatchingRuleAssertion ::= SEQUENCE(1..MAX) OF substring CHOICE { matchingRule initial [10] AssertionValue, MatchingRuleId OPTIONAL, -- can occur at most once type any [21] AttributeDescription OPTIONALAssertionValue, matchValue final [32] AssertionValue, } -- can occur at most once dnAttributes [4] BOOLEAN DEFAULT FALSE } SearchResultEntryMatchingRuleAssertion ::= [DIRxSBOX:APPLICATION 4] SEQUENCE { matchingRule objectName [1] MatchingRuleId LDAPDNOPTIONAL, attributestype PartialAttributeList } [2] PartialAttributeList ::= SEQUENCE OF SEQUENCE {AttributeDescription OPTIONAL, matchValue type [3] AttributeDescriptionAssertionValue, dnAttributes vals [4] BOOLEAN SETDEFAULT OF AttributeValueFALSE } SearchResultReferenceSearchResultEntry ::= [DIRxSBOX:APPLICATION 194] SEQUENCE OF LDAPURL { objectName SearchResultDone ::= [DIRxSBOX:APPLICATION 5] LDAPResult LDAPDN, attributes ModifyRequest ::= [DIRxSBOX:APPLICATION 6] SEQUENCEPartialAttributeList {} PartialAttributeList ::= SEQUENCE OF object LDAPDN, partialAttribute PartialAttribute modification SearchResultReference ::= SEQUENCE[APPLICATION OF19] SEQUENCE { operation ENUMERATED { SIZE (1..MAX) OF uri URI SearchResultDone ::= [APPLICATION 5] LDAPResult ModifyRequest ::= [APPLICATION 6] SEQUENCE { object add (0)LDAPDN, changes SEQUENCE OF change SEQUENCE { delete (1), operation ENUMERATED { add (0), replace (2) }, delete (1), modification AttributeTypeAndValues } } replace (2), AttributeTypeAndValues ::= SEQUENCE { type ... AttributeDescription}, vals modification SET OFPartialAttribute AttributeValue} } ModifyResponse ::= [DIRxSBOX:APPLICATION 7] LDAPResult AddRequest ::= [DIRxSBOX:APPLICATION 8] SEQUENCE { entry LDAPDN, attributes AttributeList attributes} AttributeList } ::= SEQUENCE OF attribute Attribute AttributeListAddResponse ::= SEQUENCE[APPLICATION OF SEQUENCE {9] LDAPResult DelRequest ::= [APPLICATION 10] LDAPDN type AttributeDescription, DelResponse ::= [APPLICATION 11] LDAPResult ModifyDNRequest ::= [APPLICATION 12] SEQUENCE vals{ SET OF AttributeValue } entry AddResponse ::= [DIRxSBOX:APPLICATION 9] LDAPResult LDAPDN, DelRequest ::= [DIRxSBOX:APPLICATION 10] LDAPDN newrdn DelResponse ::= [DIRxSBOX:APPLICATION 11] LDAPResult RelativeLDAPDN, ModifyDNRequest ::= [DIRxSBOX:APPLICATION 12] SEQUENCE { deleteoldrdn BOOLEAN, entry newSuperior [0] LDAPDN, OPTIONAL } ModifyDNResponse ::= [APPLICATION 13] LDAPResult newrdn CompareRequest ::= [APPLICATION 14] SEQUENCE { RelativeLDAPDN, entry deleteoldrdn BOOLEANLDAPDN, ava newSuperior [0] LDAPDN OPTIONALAttributeValueAssertion } ModifyDNResponseCompareResponse ::= [DIRxSBOX:APPLICATION 1315] LDAPResult CompareRequestAbandonRequest ::= [DIRxSBOX:APPLICATION 1416] SEQUENCE {MessageID ExtendedRequest ::= [APPLICATION 23] SEQUENCE { entry requestName LDAPDN, [0] LDAPOID, ava requestValue [1] OCTET STRING OPTIONAL AttributeValueAssertion } CompareResponseExtendedResponse ::= [DIRxSBOX:APPLICATION 1524] LDAPResult AbandonRequest ::= [DIRxSBOX:APPLICATION 16] MessageID SEQUENCE { ExtendedRequest ::= [DIRxSBOX:APPLICATION 23] SEQUENCE { COMPONENTS OF LDAPResult, requestName responseName [010] LDAPOID OPTIONAL, responseValue requestValue [111] OCTET STRING OPTIONAL } ExtendedResponseIntermediateResponse ::= [DIRxSBOX:APPLICATION 2425] SEQUENCE { COMPONENTS OF LDAPResult, responseName [DIRxSBOX:100] LDAPOID OPTIONAL, response responseValue [DIRxSBOX:111] OCTET STRING OPTIONAL } END |
...
ExtendedRequest
ExtendedResponse
IntermediateResponse
TODO Add diagram