-- Module DirectoryAbstractService (X.511:08/2005) DirectoryAbstractService {joint-iso-itu-t ds(5) module(1) directoryAbstractService(2) 4} DEFINITIONS ::= BEGIN -- EXPORTS All -- The types and values defined in this module are exported for use in the other ASN.1 modules contained -- within the Directory Specifications, and for the use of other applications which will use them to access -- Directory services. Other applications may use them for their own purposes, but this will not constrain -- extensions and modifications needed to maintain or improve the Directory service. IMPORTS -- from ITU-T Rec. X.501 | ISO/IEC 9594-2 attributeCertificateDefinitions, authenticationFramework, basicAccessControl, dap, directoryShadowAbstractService, distributedOperations, enhancedSecurity, id-at, informationFramework, selectedAttributeTypes, serviceAdministration, upperBounds FROM UsefulDefinitions {joint-iso-itu-t ds(5) module(1) usefulDefinitions(0) 4} Attribute, ATTRIBUTE, AttributeType, AttributeTypeAssertion, AttributeValue, AttributeValueAssertion, CONTEXT, ContextAssertion, DistinguishedName, RDNSequence, MATCHING-RULE, -- Name,-- OBJECT-CLASS, RelativeDistinguishedName, SupportedAttributes, SupportedContexts FROM InformationFramework {joint-iso-itu-t ds(5) module(1) informationFramework(1) 4} RelaxationPolicy FROM ServiceAdministration {joint-iso-itu-t ds(5) module(1) serviceAdministration(33) 4} AttributeTypeAndValue FROM BasicAccessControl {joint-iso-itu-t ds(5) module(1) basicAccessControl(24) 4} OPTIONALLY-PROTECTED{}, OPTIONALLY-PROTECTED-SEQ{} FROM EnhancedSecurity {joint-iso-itu-t ds(5) module(1) enhancedSecurity(28) 4} -- from ITU-T Rec. X.518 | ISO/IEC 9594-4 AccessPoint, ContinuationReference, Exclusions, OperationProgress, ReferenceType FROM DistributedOperations {joint-iso-itu-t ds(5) module(1) distributedOperations(3) 4} -- from ITU-T Rec. X.519 | ISO/IEC 9594-5 id-errcode-abandoned, id-errcode-abandonFailed, id-errcode-attributeError, id-errcode-nameError, id-errcode-referral, id-errcode-securityError, id-errcode-serviceError, id-errcode-updateError, id-opcode-abandon, id-opcode-addEntry, id-opcode-compare, id-opcode-list, id-opcode-modifyDN, id-opcode-modifyEntry, id-opcode-read, id-opcode-removeEntry, id-opcode-search FROM DirectoryAccessProtocol {joint-iso-itu-t ds(5) module(1) dap(11) 4} -- from ITU-T Rec. X.520 | ISO/IEC 9594-6 DirectoryString FROM SelectedAttributeTypes {joint-iso-itu-t ds(5) module(1) selectedAttributeTypes(5) 4} ub-domainLocalID FROM UpperBounds {joint-iso-itu-t ds(5) module(1) upperBounds(10) 4} -- from ITU-T Rec. X.509 | ISO/IEC 9594-8 AlgorithmIdentifier, CertificationPath, ENCRYPTED{}, SIGNATURE{}, SIGNED{} FROM AuthenticationFramework {joint-iso-itu-t ds(5) module(1) authenticationFramework(7) 4} AttributeCertificationPath FROM AttributeCertificateDefinitions {joint-iso-itu-t ds(5) module(1) attributeCertificateDefinitions(32) 4} -- from ITU-T Rec. X.525 | ISO/IEC 9594-9 AgreementID FROM DirectoryShadowAbstractService {joint-iso-itu-t ds(5) module(1) directoryShadowAbstractService(15) 4} -- from ITU-T Rec. X.880 | ISO/IEC 13712-1 Code, ERROR, OPERATION FROM Remote-Operations-Information-Objects {joint-iso-itu-t remote-operations(4) informationObjects(5) version1(0)} emptyUnbind FROM Remote-Operations-Useful-Definitions {joint-iso-itu-t remote-operations(4) useful-definitions(7) version1(0)} InvokeId FROM Remote-Operations-Generic-ROS-PDUs {joint-iso-itu-t remote-operations(4) generic-ROS-PDUs(6) version1(0)} -- from RFC 2025 SPKM-ERROR, SPKM-REP-TI, SPKM-REQ FROM SpkmGssTokens {iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) spkm(1) spkmGssTokens(10)}; -- Common data types CommonArguments ::= SET { serviceControls [30] ServiceControls DEFAULT {}, securityParameters [29] SecurityParameters OPTIONAL, requestor [28] DistinguishedName OPTIONAL, operationProgress [27] OperationProgress DEFAULT {nameResolutionPhase notStarted}, aliasedRDNs [26] INTEGER OPTIONAL, criticalExtensions [25] BIT STRING OPTIONAL, referenceType [24] ReferenceType OPTIONAL, entryOnly [23] BOOLEAN DEFAULT TRUE, exclusions [22] Exclusions OPTIONAL, nameResolveOnMaster [21] BOOLEAN DEFAULT FALSE, operationContexts [20] ContextSelection OPTIONAL, familyGrouping [19] FamilyGrouping DEFAULT entryOnly } FamilyGrouping ::= ENUMERATED { entryOnly(1), compoundEntry(2), strands(3), multiStrand(4)} CommonResults ::= SET { securityParameters [30] SecurityParameters OPTIONAL, performer [29] DistinguishedName OPTIONAL, aliasDereferenced [28] BOOLEAN DEFAULT FALSE, notification [27] SEQUENCE SIZE (1..MAX) OF Attribute OPTIONAL } CommonResultsSeq ::= SEQUENCE { securityParameters [30] SecurityParameters OPTIONAL, performer [29] DistinguishedName OPTIONAL, aliasDereferenced [28] BOOLEAN DEFAULT FALSE, notification [27] SEQUENCE SIZE (1..MAX) OF Attribute OPTIONAL } ServiceControls ::= SET { options [0] ServiceControlOptions DEFAULT {}, priority [1] INTEGER {low(0), medium(1), high(2)} DEFAULT medium, timeLimit [2] INTEGER OPTIONAL, sizeLimit [3] INTEGER OPTIONAL, scopeOfReferral [4] INTEGER {dmd(0), country(1)} OPTIONAL, attributeSizeLimit [5] INTEGER OPTIONAL, manageDSAITPlaneRef [6] SEQUENCE {dsaName Name, agreementID AgreementID} OPTIONAL, serviceType [7] OBJECT IDENTIFIER OPTIONAL, userClass [8] INTEGER OPTIONAL } ServiceControlOptions ::= BIT STRING { preferChaining(0), chainingProhibited(1), localScope(2), dontUseCopy(3), dontDereferenceAliases(4), subentries(5), copyShallDo(6), partialNameResolution(7), manageDSAIT(8), noSubtypeMatch(9), noSubtypeSelection(10), countFamily(11), dontSelectFriends(12), dontMatchFriends(13)} EntryInformationSelection ::= SET { attributes CHOICE {allUserAttributes [0] NULL, select [1] SET OF AttributeType -- empty set implies no attributes are requested } DEFAULT allUserAttributes:NULL, infoTypes [2] INTEGER {attributeTypesOnly(0), attributeTypesAndValues(1)} DEFAULT attributeTypesAndValues, extraAttributes CHOICE {allOperationalAttributes [3] NULL, select [4] SET SIZE (1..MAX) OF AttributeType } OPTIONAL, contextSelection ContextSelection OPTIONAL, returnContexts BOOLEAN DEFAULT FALSE, familyReturn FamilyReturn DEFAULT {memberSelect contributingEntriesOnly} } ContextSelection ::= CHOICE { allContexts NULL, selectedContexts SET SIZE (1..MAX) OF TypeAndContextAssertion } TypeAndContextAssertion ::= SEQUENCE { type AttributeType, contextAssertions CHOICE {preference SEQUENCE OF ContextAssertion, all SET OF ContextAssertion} } FamilyReturn ::= SEQUENCE { memberSelect ENUMERATED {contributingEntriesOnly(1), participatingEntriesOnly(2), compoundEntry(3)}, familySelect SEQUENCE SIZE (1..MAX) OF OBJECT-CLASS.&id OPTIONAL } EntryInformation ::= SEQUENCE { name Name, fromEntry BOOLEAN DEFAULT TRUE, information SET SIZE (1..MAX) OF CHOICE { attributeType AttributeType, attribute Attribute} OPTIONAL, incompleteEntry [3] BOOLEAN DEFAULT FALSE, -- not in 1988-edition systems partialName [4] BOOLEAN DEFAULT FALSE, -- not in 1988 or 1993 edition systems derivedEntry [5] BOOLEAN DEFAULT FALSE -- not in pre-2001 edition systems -- } --family-information ATTRIBUTE ::= { -- WITH SYNTAX FamilyEntries -- USAGE directoryOperation -- ID id-at-family-information --} FamilyEntries ::= SEQUENCE { family-class --OBJECT-CLASS.&id-- OBJECT IDENTIFIER, -- structural object class value familyEntries SEQUENCE OF FamilyEntry } FamilyEntry ::= SEQUENCE { rdn RelativeDistinguishedName, information SEQUENCE OF CHOICE {attributeType AttributeType, attribute Attribute}, family-info SEQUENCE SIZE (1..MAX) OF FamilyEntries OPTIONAL } Filter ::= CHOICE { item [0] FilterItem, and [1] SetOfFilter, or [2] SetOfFilter, not [3] Filter } SetOfFilter ::= SET OF Filter FilterItem ::= CHOICE { equality [0] AttributeValueAssertion, substrings [1] SEQUENCE {type ATTRIBUTE.&id({SupportedAttributes}), strings SEQUENCE OF CHOICE {initial [0] ATTRIBUTE.&Type ({SupportedAttributes} {@substrings.type}), any [1] ATTRIBUTE.&Type ({SupportedAttributes} {@substrings.type}), final [2] ATTRIBUTE.&Type ({SupportedAttributes} {@substrings.type}), control Attribute}}, -- Used to specify interpretation of following items greaterOrEqual [2] AttributeValueAssertion, lessOrEqual [3] AttributeValueAssertion, present [4] AttributeType, approximateMatch [5] AttributeValueAssertion, extensibleMatch [6] MatchingRuleAssertion, contextPresent [7] AttributeTypeAssertion } MatchingRuleAssertion ::= SEQUENCE { matchingRule [1] SET SIZE (1..MAX) OF MATCHING-RULE.&id, type [2] AttributeType OPTIONAL, matchValue [3] MATCHING-RULE.&AssertionType -- (CONSTRAINED BY { -- matchValue shall be a value of type specified by the &AssertionType field of -- one of the MATCHING-RULE information objects identified by matchingRule }) --, dnAttributes [4] BOOLEAN DEFAULT FALSE } PagedResultsRequest ::= CHOICE { newRequest SEQUENCE {pageSize INTEGER, sortKeys SEQUENCE SIZE (1..MAX) OF SortKey OPTIONAL, reverse [1] BOOLEAN DEFAULT FALSE, unmerged [2] BOOLEAN DEFAULT FALSE}, queryReference OCTET STRING } SortKey ::= SEQUENCE { type AttributeType, orderingRule --MATCHING-RULE.&id-- OBJECT IDENTIFIER OPTIONAL } SecurityParameters ::= SET { certification-path [0] CertificationPath OPTIONAL, name [1] DistinguishedName OPTIONAL, time [2] Time OPTIONAL, random [3] BIT STRING OPTIONAL, target [4] ProtectionRequest OPTIONAL, response [5] BIT STRING OPTIONAL, operationCode [6] Code OPTIONAL, attributeCertificationPath [7] AttributeCertificationPath OPTIONAL, errorProtection [8] ErrorProtectionRequest OPTIONAL, errorCode [9] Code OPTIONAL } ProtectionRequest ::= INTEGER { none(0), signed(1), encrypted(2), signed-encrypted(3)} Time ::= CHOICE {utcTime UTCTime, generalizedTime GeneralizedTime } ErrorProtectionRequest ::= INTEGER { none(0), signed(1), encrypted(2), signed-encrypted(3)} -- Bind and unbind operations directoryBind OPERATION ::= { ARGUMENT DirectoryBindArgument RESULT DirectoryBindResult ERRORS {directoryBindError} CODE op-ros-bind -- WS: internal operation code } DirectoryBindArgument ::= SET { credentials [0] Credentials OPTIONAL, versions [1] Versions DEFAULT {v1} } Credentials ::= CHOICE { simple [0] SimpleCredentials, strong [1] StrongCredentials, externalProcedure [2] EXTERNAL, spkm [3] SpkmCredentials, sasl [4] SaslCredentials } SimpleCredentials ::= SEQUENCE { name [0] DistinguishedName, validity [1] SET {time1 [0] CHOICE {utc UTCTime, gt GeneralizedTime} OPTIONAL, time2 [1] CHOICE {utc UTCTime, gt GeneralizedTime} OPTIONAL, random1 [2] BIT STRING OPTIONAL, random2 [3] BIT STRING OPTIONAL} OPTIONAL, password [2] CHOICE {unprotected OCTET STRING, -- protected SIGNATURE{OCTET STRING}} OPTIONAL protected SEQUENCE { protectedPassword OCTET STRING, algorithmIdentifier AlgorithmIdentifier, encrypted BIT STRING }} OPTIONAL } StrongCredentials ::= SET { certification-path [0] CertificationPath OPTIONAL, bind-token [1] Token, name [2] DistinguishedName OPTIONAL, attributeCertificationPath [3] AttributeCertificationPath OPTIONAL } SpkmCredentials ::= CHOICE {req [0] -- SPKM-REQ -- ANY, rep [1] -- SPKM-REP-TI-- ANY } SaslCredentials ::= SEQUENCE { mechanism [0] DirectoryString {--ub-sasIMechanism--}, credentials [1] OCTET STRING OPTIONAL, saslAbort [2] BOOLEAN DEFAULT FALSE } TokenData ::= -- SIGNED -- { --SEQUENCE {algorithm [0] AlgorithmIdentifier, name [1] DistinguishedName, time [2] UTCTime, random [3] BIT STRING, response [4] BIT STRING OPTIONAL, bindIntAlgorithm [5] SEQUENCE SIZE (1..MAX) OF AlgorithmIdentifier OPTIONAL, bindIntKeyInfo [6] BindKeyInfo OPTIONAL, bindConfAlgorithm [7] SEQUENCE SIZE (1..MAX) OF AlgorithmIdentifier OPTIONAL, bindConfKeyInfo [8] BindKeyInfo--,-- OPTIONAL -- dirqop [9] OBJECT IDENTIFIER OPTIONAL-- } --} -- expand SIGNED macro Token ::= SEQUENCE { token-data TokenData, algorithm-identifier AlgorithmIdentifier, encrypted BIT STRING } Versions ::= BIT STRING {v1(0), v2(1)} DirectoryBindResult ::= DirectoryBindArgument directoryBindError ERROR ::= { PARAMETER -- OPTIONALLY-PROTECTED -- DirectoryBindError -- {SET {versions [0] Versions DEFAULT {v1}, -- error -- CHOICE {serviceError [1] ServiceProblem, -- securityError [2] SecurityProblem}} } CODE err-ros-bind -- WS: internal error code } -- expand OPTIONALLY-PROTECTED macro DirectoryBindError ::= CHOICE { unsignedDirectoryBindError DirectoryBindErrorData, signedDirectoryBindError SEQUENCE { directoryBindError DirectoryBindErrorData, algorithmIdentifier AlgorithmIdentifier, encrypted BIT STRING } } DirectoryBindErrorData ::= SET {versions [0] Versions DEFAULT {v1}, error CHOICE {serviceError [1] ServiceProblem, securityError [2] SecurityProblem}, securityParameters [30] SecurityParameters OPTIONAL } BindKeyInfo ::= -- ENCRYPTED{-- BIT STRING --directoryUnbind OPERATION ::= emptyUnbind -- Operations, arguments, and results read OPERATION ::= { ARGUMENT ReadArgument RESULT ReadResult ERRORS {attributeError | nameError | serviceError | referral | abandoned | securityError} CODE id-opcode-read } ReadArgumentData ::= -- OPTIONALLY-PROTECTED -- {-- SET {object [0] Name, selection [1] EntryInformationSelection DEFAULT {}, modifyRightsRequest [2] BOOLEAN DEFAULT FALSE, -- COMPONENTS OF CommonArguments serviceControls [30] ServiceControls DEFAULT {}, securityParameters [29] SecurityParameters OPTIONAL, requestor [28] DistinguishedName OPTIONAL, operationProgress [27] OperationProgress DEFAULT {nameResolutionPhase notStarted}, aliasedRDNs [26] INTEGER OPTIONAL, criticalExtensions [25] BIT STRING OPTIONAL, referenceType [24] ReferenceType OPTIONAL, entryOnly [23] BOOLEAN DEFAULT TRUE, exclusions [22] Exclusions OPTIONAL, nameResolveOnMaster [21] BOOLEAN DEFAULT FALSE, operationContexts [20] ContextSelection OPTIONAL, familyGrouping [19] FamilyGrouping DEFAULT entryOnly }--} Name ::= CHOICE { rdnSequence RDNSequence } -- OPTIONALLY-PROTECTED macro expansion ReadArgument ::= CHOICE { unsignedReadArgument ReadArgumentData, signedReadArgument SEQUENCE { readArgument ReadArgumentData, algorithmIdentifier AlgorithmIdentifier, encrypted BIT STRING } } ReadResultData ::= -- OPTIONALLY-PROTECTED -- {--SET {entry [0] EntryInformation, modifyRights [1] ModifyRights OPTIONAL, -- COMPONENTS OF CommonResults securityParameters [30] SecurityParameters OPTIONAL, performer [29] DistinguishedName OPTIONAL, aliasDereferenced [28] BOOLEAN DEFAULT FALSE, notification [27] SEQUENCE SIZE (1..MAX) OF Attribute OPTIONAL }--} -- OPTIONALLY-PROTECTED macro expansion ReadResult ::= CHOICE { unsignedReadResult ReadResultData, signedReadResult SEQUENCE { readResult ReadResultData, algorithmIdentifier AlgorithmIdentifier, encrypted BIT STRING } } ModifyRights ::= SET OF SEQUENCE {item CHOICE {entry [0] NULL, attribute [1] AttributeType, value [2] AttributeValueAssertion}, permission [3] BIT STRING {add(0), remove(1), rename(2), move(3)} } compare OPERATION ::= { ARGUMENT CompareArgument RESULT CompareResult ERRORS {attributeError | nameError | serviceError | referral | abandoned | securityError} CODE id-opcode-compare } CompareArgumentData ::= -- OPTIONALLY-PROTECTED -- {--SET {object [0] Name, purported [1] AttributeValueAssertion, -- COMPONENTS OF CommonArguments}} serviceControls [30] ServiceControls DEFAULT {}, securityParameters [29] SecurityParameters OPTIONAL, requestor [28] DistinguishedName OPTIONAL, operationProgress [27] OperationProgress DEFAULT {nameResolutionPhase notStarted}, aliasedRDNs [26] INTEGER OPTIONAL, criticalExtensions [25] BIT STRING OPTIONAL, referenceType [24] ReferenceType OPTIONAL, entryOnly [23] BOOLEAN DEFAULT TRUE, exclusions [22] Exclusions OPTIONAL, nameResolveOnMaster [21] BOOLEAN DEFAULT FALSE, operationContexts [20] ContextSelection OPTIONAL, familyGrouping [19] FamilyGrouping DEFAULT entryOnly } -- OPTIONALLY-PROTECTED macro expansion CompareArgument ::= CHOICE { unsignedCompareArgument CompareArgumentData, signedCompareArgument SEQUENCE { compareArgument CompareArgumentData, algorithmIdentifier AlgorithmIdentifier, encrypted BIT STRING } } CompareResultData ::= -- OPTIONALLY-PROTECTED -- {--SET {name Name OPTIONAL, matched [0] BOOLEAN, fromEntry [1] BOOLEAN DEFAULT TRUE, matchedSubtype [2] AttributeType OPTIONAL, -- COMPONENTS OF CommonResults}} securityParameters [30] SecurityParameters OPTIONAL, performer [29] DistinguishedName OPTIONAL, aliasDereferenced [28] BOOLEAN DEFAULT FALSE, notification [27] SEQUENCE SIZE (1..MAX) OF Attribute OPTIONAL } -- OPTIONALLY-PROTECTED macro expansion CompareResult ::= CHOICE { unsignedCompareResult CompareResultData, signedCompareResult SEQUENCE { compareResult CompareResultData, algorithmIdentifier AlgorithmIdentifier, encrypted BIT STRING } } abandon OPERATION ::= { ARGUMENT AbandonArgument RESULT AbandonResult ERRORS {abandonFailed} CODE id-opcode-abandon } AbandonArgumentData ::= -- OPTIONALLY-PROTECTED-SEQ{--SEQUENCE {invokeID [0] InvokeId}--} -- OPTIONALLY-PROTECTED-SEQ macro expansion AbandonArgument ::= CHOICE { unsignedAbandonArgument AbandonArgumentData, signedAbandonArgument [0] SEQUENCE { abandonArgument AbandonArgumentData, algorithmIdentifier AlgorithmIdentifier, encrypted BIT STRING } } AbandonResultData ::= SEQUENCE { invokeID InvokeId, securityParameters [30] SecurityParameters OPTIONAL, performer [29] DistinguishedName OPTIONAL, aliasDereferenced [28] BOOLEAN DEFAULT FALSE, notification [27] SEQUENCE SIZE (1..MAX) OF Attribute OPTIONAL } AbandonResult ::= CHOICE { null NULL, information -- OPTIONALLY-PROTECTED-SEQ{SEQUENCE {invokeID InvokeId, -- COMPONENTS OF CommonResultsSeq -- }} CHOICE { unsignedAbandonResult AbandonResultData, signedAbandonResult [0] SEQUENCE { abandonResult AbandonResultData, algorithmIdentifier AlgorithmIdentifier, encrypted BIT STRING } } } list OPERATION ::= { ARGUMENT ListArgument RESULT ListResult ERRORS {nameError | serviceError | referral | abandoned | securityError} CODE id-opcode-list } ListArgumentData ::= -- OPTIONALLY-PROTECTED -- {--SET {object [0] Name, pagedResults [1] PagedResultsRequest OPTIONAL, listFamily [2] BOOLEAN DEFAULT FALSE, -- COMPONENTS OF CommonArguments}} serviceControls [30] ServiceControls DEFAULT {}, securityParameters [29] SecurityParameters OPTIONAL, requestor [28] DistinguishedName OPTIONAL, operationProgress [27] OperationProgress DEFAULT {nameResolutionPhase notStarted}, aliasedRDNs [26] INTEGER OPTIONAL, criticalExtensions [25] BIT STRING OPTIONAL, referenceType [24] ReferenceType OPTIONAL, entryOnly [23] BOOLEAN DEFAULT TRUE, exclusions [22] Exclusions OPTIONAL, nameResolveOnMaster [21] BOOLEAN DEFAULT FALSE, operationContexts [20] ContextSelection OPTIONAL, familyGrouping [19] FamilyGrouping DEFAULT entryOnly } -- expand OPTIONALLY-PROTECTED macro ListArgument ::= CHOICE { unsignedListArgument ListArgumentData, signedListArgument SEQUENCE { listArgument ListArgumentData, algorithmIdentifier AlgorithmIdentifier, encrypted BIT STRING } } ListResultData ::= -- OPTIONALLY-PROTECTED -- {--CHOICE {listInfo SET {name Name OPTIONAL, subordinates [1] SET OF SEQUENCE {rdn RelativeDistinguishedName, aliasEntry [0] BOOLEAN DEFAULT FALSE, fromEntry [1] BOOLEAN DEFAULT TRUE }, partialOutcomeQualifier [2] PartialOutcomeQualifier OPTIONAL, -- COMPONENTS OF CommonResults}, securityParameters [30] SecurityParameters OPTIONAL, performer [29] DistinguishedName OPTIONAL, aliasDereferenced [28] BOOLEAN DEFAULT FALSE, notification [27] SEQUENCE SIZE (1..MAX) OF Attribute OPTIONAL }, uncorrelatedListInfo [0] SET OF ListResult}--} -- expand OPTIONALLY-PROTECTED macro ListResult ::= CHOICE { unsignedListResult ListResultData, signedListResult SEQUENCE { listResult ListResultData, algorithmIdentifier AlgorithmIdentifier, encrypted BIT STRING } } PartialOutcomeQualifier ::= SET { limitProblem [0] LimitProblem OPTIONAL, unexplored [1] SET SIZE (1..MAX) OF ContinuationReference OPTIONAL, unavailableCriticalExtensions [2] BOOLEAN DEFAULT FALSE, unknownErrors [3] SET SIZE (1..MAX) OF --ABSTRACT-SYNTAX.&Type-- OBJECT IDENTIFIER OPTIONAL, queryReference [4] OCTET STRING OPTIONAL, overspecFilter [5] Filter OPTIONAL, notification [6] SEQUENCE SIZE (1..MAX) OF Attribute OPTIONAL, entryCount CHOICE {bestEstimate [7] INTEGER, lowEstimate [8] INTEGER, exact [9] INTEGER} OPTIONAL, streamedResult [10] BOOLEAN DEFAULT FALSE } LimitProblem ::= INTEGER { timeLimitExceeded(0), sizeLimitExceeded(1), administrativeLimitExceeded(2) } search OPERATION ::= { ARGUMENT SearchArgument RESULT SearchResult ERRORS {attributeError | nameError | serviceError | referral | abandoned | securityError} CODE id-opcode-search } SearchArgumentData ::= -- OPTIONALLY-PROTECTED -- {--SET {baseObject [0] Name, subset [1] INTEGER {baseObject(0), oneLevel(1), wholeSubtree(2)} DEFAULT baseObject, filter [2] Filter DEFAULT and:{}, searchAliases [3] BOOLEAN DEFAULT TRUE, selection [4] EntryInformationSelection DEFAULT {}, pagedResults [5] PagedResultsRequest OPTIONAL, matchedValuesOnly [6] BOOLEAN DEFAULT FALSE, extendedFilter [7] Filter OPTIONAL, checkOverspecified [8] BOOLEAN DEFAULT FALSE, relaxation [9] RelaxationPolicy OPTIONAL, extendedArea [10] INTEGER OPTIONAL, hierarchySelections [11] HierarchySelections DEFAULT {self}, searchControlOptions [12] SearchControlOptions DEFAULT {searchAliases}, joinArguments [13] SEQUENCE SIZE (1..MAX) OF JoinArgument OPTIONAL, joinType [14] ENUMERATED {innerJoin(0), leftOuterJoin(1), fullOuterJoin(2)} DEFAULT leftOuterJoin, -- COMPONENTS OF CommonArguments}} serviceControls [30] ServiceControls DEFAULT {}, securityParameters [29] SecurityParameters OPTIONAL, requestor [28] DistinguishedName OPTIONAL, operationProgress [27] OperationProgress DEFAULT {nameResolutionPhase notStarted}, aliasedRDNs [26] INTEGER OPTIONAL, criticalExtensions [25] BIT STRING OPTIONAL, referenceType [24] ReferenceType OPTIONAL, entryOnly [23] BOOLEAN DEFAULT TRUE, exclusions [22] Exclusions OPTIONAL, nameResolveOnMaster [21] BOOLEAN DEFAULT FALSE, operationContexts [20] ContextSelection OPTIONAL, familyGrouping [19] FamilyGrouping DEFAULT entryOnly } -- expand OPTIONALLY-PROTECTED macro SearchArgument ::= CHOICE { unsignedSearchArgument SearchArgumentData, signedSearchArgument SEQUENCE { searchArgument SearchArgumentData, algorithmIdentifier AlgorithmIdentifier, encrypted BIT STRING } } HierarchySelections ::= BIT STRING { self(0), children(1), parent(2), hierarchy(3), top(4), subtree(5), siblings(6), siblingChildren(7), siblingSubtree(8), all(9)} SearchControlOptions ::= BIT STRING { searchAliases(0), matchedValuesOnly(1), checkOverspecified(2), performExactly(3), includeAllAreas(4), noSystemRelaxation(5), dnAttribute(6), matchOnResidualName(7), entryCount(8), useSubset(9), separateFamilyMembers(10), searchFamily(11)} JoinArgument ::= SEQUENCE { joinBaseObject [0] Name, domainLocalID [1] DomainLocalID OPTIONAL, joinSubset [2] ENUMERATED {baseObject(0), oneLevel(1), wholeSubtree(2)} DEFAULT baseObject, joinFilter [3] Filter OPTIONAL, joinAttributes [4] SEQUENCE SIZE (1..MAX) OF JoinAttPair OPTIONAL, joinSelection [5] EntryInformationSelection } DomainLocalID ::= DirectoryString --{ub-domainLocalID}-- JoinAttPair ::= SEQUENCE { baseAtt AttributeType, joinAtt AttributeType, joinContext SEQUENCE SIZE (1..MAX) OF JoinContextType OPTIONAL } JoinContextType ::= --CONTEXT.&id({SupportedContexts})-- OBJECT IDENTIFIER SearchResultData ::= -- OPTIONALLY-PROTECTED -- {--CHOICE {searchInfo SET {name Name OPTIONAL, entries [0] SET OF EntryInformation, partialOutcomeQualifier [2] PartialOutcomeQualifier OPTIONAL, altMatching [3] BOOLEAN DEFAULT FALSE, -- COMPONENTS OF CommonResults}, securityParameters [30] SecurityParameters OPTIONAL, performer [29] DistinguishedName OPTIONAL, aliasDereferenced [28] BOOLEAN DEFAULT FALSE, notification [27] SEQUENCE SIZE (1..MAX)OF Attribute OPTIONAL}, uncorrelatedSearchInfo [0] SET OF SearchResult}--} -- expand OPTIONALLY-PROTECTED macro SearchResult ::= CHOICE { unsignedSearchResult SearchResultData, signedSearchResult SEQUENCE { searchResult SearchResultData, algorithmIdentifier AlgorithmIdentifier, encrypted BIT STRING } } addEntry OPERATION ::= { ARGUMENT AddEntryArgument RESULT AddEntryResult ERRORS {attributeError | nameError | serviceError | referral | securityError | updateError} CODE id-opcode-addEntry } AddEntryArgumentData ::= -- OPTIONALLY-PROTECTED -- {--SET {object [0] Name, entry [1] SET OF Attribute, targetSystem [2] AccessPoint OPTIONAL, -- COMPONENTS OF CommonArguments}} serviceControls [30] ServiceControls DEFAULT {}, securityParameters [29] SecurityParameters OPTIONAL, requestor [28] DistinguishedName OPTIONAL, operationProgress [27] OperationProgress DEFAULT {nameResolutionPhase notStarted}, aliasedRDNs [26] INTEGER OPTIONAL, criticalExtensions [25] BIT STRING OPTIONAL, referenceType [24] ReferenceType OPTIONAL, entryOnly [23] BOOLEAN DEFAULT TRUE, exclusions [22] Exclusions OPTIONAL, nameResolveOnMaster [21] BOOLEAN DEFAULT FALSE, operationContexts [20] ContextSelection OPTIONAL, familyGrouping [19] FamilyGrouping DEFAULT entryOnly } -- expand OPTIONALLY-PROTECTED macro AddEntryArgument ::= CHOICE { unsignedAddEntryArgument AddEntryArgumentData, signedAddEntryArgument SEQUENCE { addEntryArgument AddEntryArgumentData, algorithmIdentifier AlgorithmIdentifier, encrypted BIT STRING } } AddEntryResultData ::= SEQUENCE { securityParameters [30] SecurityParameters OPTIONAL, performer [29] DistinguishedName OPTIONAL, aliasDereferenced [28] BOOLEAN DEFAULT FALSE, notification [27] SEQUENCE SIZE (1..MAX) OF Attribute OPTIONAL } AddEntryResult ::= CHOICE { null NULL, information -- OPTIONALLY-PROTECTED-SEQ{SEQUENCE {COMPONENTS OF CommonResultsSeq}} CHOICE { unsignedAddEntryResult AddEntryResultData, signedAddEntryResult [0] SEQUENCE { addEntryResult AddEntryResultData, algorithmIdentifier AlgorithmIdentifier, encrypted BIT STRING } } } removeEntry OPERATION ::= { ARGUMENT RemoveEntryArgument RESULT RemoveEntryResult ERRORS {nameError | serviceError | referral | securityError | updateError} CODE id-opcode-removeEntry } RemoveEntryArgumentData ::= -- OPTIONALLY-PROTECTED{--SET {object [0] Name, -- COMPONENTS OF CommonArguments}} serviceControls [30] ServiceControls DEFAULT {}, securityParameters [29] SecurityParameters OPTIONAL, requestor [28] DistinguishedName OPTIONAL, operationProgress [27] OperationProgress DEFAULT {nameResolutionPhase notStarted}, aliasedRDNs [26] INTEGER OPTIONAL, criticalExtensions [25] BIT STRING OPTIONAL, referenceType [24] ReferenceType OPTIONAL, entryOnly [23] BOOLEAN DEFAULT TRUE, exclusions [22] Exclusions OPTIONAL, nameResolveOnMaster [21] BOOLEAN DEFAULT FALSE, operationContexts [20] ContextSelection OPTIONAL, familyGrouping [19] FamilyGrouping DEFAULT entryOnly } -- OPTIONALLY-PROTECTED macro expansion RemoveEntryArgument ::= CHOICE { unsignedRemoveEntryArgument RemoveEntryArgumentData, signedRemoveEntryArgument SEQUENCE { removeEntryArgument RemoveEntryArgumentData, algorithmIdentifier AlgorithmIdentifier, encrypted BIT STRING } } RemoveEntryResultData ::= SEQUENCE { securityParameters [30] SecurityParameters OPTIONAL, performer [29] DistinguishedName OPTIONAL, aliasDereferenced [28] BOOLEAN DEFAULT FALSE, notification [27] SEQUENCE SIZE (1..MAX) OF Attribute OPTIONAL } RemoveEntryResult ::= CHOICE { null NULL, information -- OPTIONALLY-PROTECTED-SEQ{SEQUENCE {COMPONENTS OF CommonResultsSeq}} CHOICE { unsignedRemoveEntryResult RemoveEntryResultData, signedRemoveEntryResult [0] SEQUENCE { removeEntryResult RemoveEntryResultData, algorithmIdentifier AlgorithmIdentifier, encrypted BIT STRING } } } modifyEntry OPERATION ::= { ARGUMENT ModifyEntryArgument RESULT ModifyEntryResult ERRORS {attributeError | nameError | serviceError | referral | securityError | updateError} CODE id-opcode-modifyEntry } ModifyEntryArgumentData ::= -- OPTIONALLY-PROTECTED -- {--SET {object [0] Name, changes [1] SEQUENCE OF EntryModification, selection [2] EntryInformationSelection OPTIONAL, -- COMPONENTS OF CommonArguments}} serviceControls [30] ServiceControls DEFAULT {}, securityParameters [29] SecurityParameters OPTIONAL, requestor [28] DistinguishedName OPTIONAL, operationProgress [27] OperationProgress DEFAULT {nameResolutionPhase notStarted}, aliasedRDNs [26] INTEGER OPTIONAL, criticalExtensions [25] BIT STRING OPTIONAL, referenceType [24] ReferenceType OPTIONAL, entryOnly [23] BOOLEAN DEFAULT TRUE, exclusions [22] Exclusions OPTIONAL, nameResolveOnMaster [21] BOOLEAN DEFAULT FALSE, operationContexts [20] ContextSelection OPTIONAL, familyGrouping [19] FamilyGrouping DEFAULT entryOnly } -- OPTIONALLY-PROTECTED macro expansion ModifyEntryArgument ::= CHOICE { unsignedModifyEntryArgument ModifyEntryArgumentData, signedModifyEntryArgument SEQUENCE { modifyEntryArgument ModifyEntryArgumentData, algorithmIdentifier AlgorithmIdentifier, encrypted BIT STRING } } ModifyEntryResultData ::= SEQUENCE { entry [0] EntryInformation OPTIONAL, securityParameters [30] SecurityParameters OPTIONAL, performer [29] DistinguishedName OPTIONAL, aliasDereferenced [28] BOOLEAN DEFAULT FALSE, notification [27] SEQUENCE SIZE (1..MAX) OF Attribute OPTIONAL } ModifyEntryResult ::= CHOICE { null NULL, information -- OPTIONALLY-PROTECTED-SEQ{SEQUENCE {COMPONENTS OF CommonResultsSeq}} CHOICE { unsignedModifyEntryResult ModifyEntryResultData, signedModifyEntryResult [0] SEQUENCE { modifyEntryResult ModifyEntryResultData, algorithmIdentifier AlgorithmIdentifier, encrypted BIT STRING } } } EntryModification ::= CHOICE { addAttribute [0] Attribute, removeAttribute [1] AttributeType, addValues [2] Attribute, removeValues [3] Attribute, alterValues [4] AttributeTypeAndValue, resetValue [5] AttributeType } modifyDN OPERATION ::= { ARGUMENT ModifyDNArgument RESULT ModifyDNResult ERRORS {nameError | serviceError | referral | securityError | updateError} CODE id-opcode-modifyDN } ModifyDNArgument ::= -- OPTIONALLY-PROTECTED -- {--SET {object [0] DistinguishedName, newRDN [1] RelativeDistinguishedName, deleteOldRDN [2] BOOLEAN DEFAULT FALSE, newSuperior [3] DistinguishedName OPTIONAL, -- COMPONENTS OF CommonArguments}} serviceControls [30] ServiceControls DEFAULT {}, securityParameters [29] SecurityParameters OPTIONAL, requestor [28] DistinguishedName OPTIONAL, operationProgress [27] OperationProgress DEFAULT {nameResolutionPhase notStarted}, aliasedRDNs [26] INTEGER OPTIONAL, criticalExtensions [25] BIT STRING OPTIONAL, referenceType [24] ReferenceType OPTIONAL, entryOnly [23] BOOLEAN DEFAULT TRUE, exclusions [22] Exclusions OPTIONAL, nameResolveOnMaster [21] BOOLEAN DEFAULT FALSE, operationContexts [20] ContextSelection OPTIONAL, familyGrouping [19] FamilyGrouping DEFAULT entryOnly } ModifyDNResultData ::= SEQUENCE { newRDN RelativeDistinguishedName, securityParameters [30] SecurityParameters OPTIONAL, performer [29] DistinguishedName OPTIONAL, aliasDereferenced [28] BOOLEAN DEFAULT FALSE, notification [27] SEQUENCE SIZE (1..MAX) OF Attribute OPTIONAL } ModifyDNResult ::= CHOICE { null NULL, information -- OPTIONALLY-PROTECTED-SEQ{SEQUENCE {COMPONENTS OF CommonResultsSeq}} CHOICE { unsignedModifyDNResult ModifyDNResultData, signedModifyDNResult [0] SEQUENCE { modifyDNResult ModifyDNResultData, algorithmIdentifier AlgorithmIdentifier, encrypted BIT STRING } } } -- Errors and parameters abandoned ERROR ::= { -- not literally an "error" PARAMETER --OPTIONALLY-PROTECTED {SET {COMPONENTS OF CommonResults}}-- Abandoned CODE id-errcode-abandoned } AbandonedData ::= SET { securityParameters [30] SecurityParameters OPTIONAL, performer [29] DistinguishedName OPTIONAL, aliasDereferenced [28] BOOLEAN DEFAULT FALSE, notification [27] SEQUENCE SIZE (1..MAX) OF Attribute OPTIONAL } Abandoned ::= CHOICE { unsignedAbandoned AbandonedData, signedAbandoned SEQUENCE { abandoned AbandonedData, algorithmIdentifier AlgorithmIdentifier, encrypted BIT STRING } } abandonFailed ERROR ::= { PARAMETER --OPTIONALLY-PROTECTED-- AbandonFailedError -- {SET {problem [0] AbandonProblem, -- operation [1] InvokeId, -- COMPONENTS OF CommonResults}} CODE id-errcode-abandonFailed } AbandonFailedErrorData ::= SET { problem [0] AbandonProblem, operation [1] InvokeId, securityParameters [30] SecurityParameters OPTIONAL, performer [29] DistinguishedName OPTIONAL, aliasDereferenced [28] BOOLEAN DEFAULT FALSE, notification [27] SEQUENCE SIZE (1..MAX) OF Attribute OPTIONAL } AbandonFailedError ::= CHOICE { unsignedAbandonFailedError AbandonFailedErrorData, signedAbandonFailedError SEQUENCE { abandonFailedError AbandonFailedErrorData, algorithmIdentifier AlgorithmIdentifier, encrypted BIT STRING } } AbandonProblem ::= INTEGER {noSuchOperation(1), tooLate(2), cannotAbandon(3)} attributeError ERROR ::= { PARAMETER --OPTIONALLY-PROTECTED-- AttributeError -- {SET {object [0] Name, -- problems -- [1] SET OF -- SEQUENCE {problem [0] AttributeProblem, -- type [1] AttributeType, -- value [2] AttributeValue OPTIONAL}, -- COMPONENTS OF CommonResults}} CODE id-errcode-attributeError } AttributeErrorData ::= SET { object [0] Name, problems [1] SET OF SEQUENCE {problem [0] AttributeProblem, type [1] AttributeType, value [2] AttributeValue OPTIONAL}, securityParameters [30] SecurityParameters OPTIONAL, performer [29] DistinguishedName OPTIONAL, aliasDereferenced [28] BOOLEAN DEFAULT FALSE, notification [27] SEQUENCE SIZE (1..MAX) OF Attribute OPTIONAL } AttributeError ::= CHOICE { unsignedAttributeError AttributeErrorData, signedAttributeError SEQUENCE { attributeError AttributeErrorData, algorithmIdentifier AlgorithmIdentifier, encrypted BIT STRING } } AttributeProblem ::= INTEGER { noSuchAttributeOrValue(1), invalidAttributeSyntax(2), undefinedAttributeType(3), inappropriateMatching(4), constraintViolation(5), attributeOrValueAlreadyExists(6), contextViolation(7)} nameError ERROR ::= { PARAMETER --OPTIONALLY-PROTECTED-- NameError -- {SET {problem [0] NameProblem, -- matched [1] Name, -- COMPONENTS OF CommonResults}} CODE id-errcode-nameError } NameErrorData ::= SET { problem [0] NameProblem, matched [1] Name, securityParameters [30] SecurityParameters OPTIONAL, performer [29] DistinguishedName OPTIONAL, aliasDereferenced [28] BOOLEAN DEFAULT FALSE, notification [27] SEQUENCE SIZE (1..MAX) OF Attribute OPTIONAL } NameError ::= CHOICE { unsignedNameError NameErrorData, signedNameError SEQUENCE { nameError NameErrorData, algorithmIdentifier AlgorithmIdentifier, encrypted BIT STRING } } NameProblem ::= INTEGER { noSuchObject(1), aliasProblem(2), invalidAttributeSyntax(3), aliasDereferencingProblem(4), contextProblem(5)} referral ERROR ::= { -- not literally an "error" PARAMETER --OPTIONALLY-PROTECTED-- Referral -- {SET {candidate [0] ContinuationReference, -- COMPONENTS OF CommonResults}} CODE id-errcode-referral } ReferralData ::= SET { candidate [0] ContinuationReference, securityParameters [30] SecurityParameters OPTIONAL, performer [29] DistinguishedName OPTIONAL, aliasDereferenced [28] BOOLEAN DEFAULT FALSE, notification [27] SEQUENCE SIZE (1..MAX) OF Attribute OPTIONAL } Referral ::= CHOICE { unsignedReferral ReferralData, signedReferral SEQUENCE { referral ReferralData, algorithmIdentifier AlgorithmIdentifier, encrypted BIT STRING } } securityError ERROR ::= { PARAMETER --OPTIONALLY-PROTECTED-- SecurityError -- {SET {problem [0] SecurityProblem, -- spkmInfo [1] SPKM-ERROR, -- COMPONENTS OF CommonResults}} CODE id-errcode-securityError } SecurityErrorData ::= SET { problem [0] SecurityProblem, spkmInfo [1] -- SPKM-ERROR -- ANY, securityParameters [30] SecurityParameters OPTIONAL, performer [29] DistinguishedName OPTIONAL, aliasDereferenced [28] BOOLEAN DEFAULT FALSE, notification [27] SEQUENCE SIZE (1..MAX) OF Attribute OPTIONAL } SecurityError ::= CHOICE { unsignedSecurityError SecurityErrorData, signedSecurityError SEQUENCE { securityError SecurityErrorData, algorithmIdentifier AlgorithmIdentifier, encrypted BIT STRING } } SecurityProblem ::= INTEGER { inappropriateAuthentication(1), invalidCredentials(2), insufficientAccessRights(3), invalidSignature(4), protectionRequired(5), noInformation(6), blockedCredentials(7), invalidQOPMatch(8), spkmError(9) } serviceError ERROR ::= { PARAMETER --OPTIONALLY-PROTECTED-- ServiceError -- {SET {problem [0] ServiceProblem, -- COMPONENTS OF CommonResults}} CODE id-errcode-serviceError } ServiceErrorData ::= SET { problem [0] ServiceProblem, securityParameters [30] SecurityParameters OPTIONAL, performer [29] DistinguishedName OPTIONAL, aliasDereferenced [28] BOOLEAN DEFAULT FALSE, notification [27] SEQUENCE SIZE (1..MAX) OF Attribute OPTIONAL } ServiceError ::= CHOICE { unsignedServiceError ServiceErrorData, signedServiceError SEQUENCE { serviceError ServiceErrorData, algorithmIdentifier AlgorithmIdentifier, encrypted BIT STRING } } ServiceProblem ::= INTEGER { busy(1), unavailable(2), unwillingToPerform(3), chainingRequired(4), unableToProceed(5), invalidReference(6), timeLimitExceeded(7), administrativeLimitExceeded(8), loopDetected(9), unavailableCriticalExtension(10), outOfScope(11), ditError(12), invalidQueryReference(13), requestedServiceNotAvailable(14), unsupportedMatchingUse(15), ambiguousKeyAttributes(16), saslBindInProgress(17) } updateError ERROR ::= { PARAMETER --OPTIONALLY-PROTECTED-- UpdateError -- {SET {problem [0] UpdateProblem, -- attributeInfo -- [1] SET SIZE (1..MAX) OF -- CHOICE {attributeType AttributeType, -- attribute Attribute} OPTIONAL, -- COMPONENTS OF CommonResults}} CODE id-errcode-updateError } UpdateErrorData ::= SET { problem [0] UpdateProblem, attributeInfo [1] SET SIZE (1..MAX) OF CHOICE {attributeType AttributeType, attribute Attribute} OPTIONAL, securityParameters [30] SecurityParameters OPTIONAL, performer [29] DistinguishedName OPTIONAL, aliasDereferenced [28] BOOLEAN DEFAULT FALSE, notification [27] SEQUENCE SIZE (1..MAX) OF Attribute OPTIONAL } UpdateError ::= CHOICE { unsignedUpdateError UpdateErrorData, signedUpdateError SEQUENCE { updateError UpdateErrorData, algorithmIdentifier AlgorithmIdentifier, encrypted BIT STRING } } UpdateProblem ::= INTEGER { namingViolation(1), objectClassViolation(2), notAllowedOnNonLeaf(3), notAllowedOnRDN(4), entryAlreadyExists(5), affectsMultipleDSAs(6), objectClassModificationProhibited(7), noSuchSuperior(8), notAncestor(9), parentNotAncestor(10), hierarchyRuleViolation(11), familyRuleViolation(12) } -- attribute types --id-at-family-information OBJECT IDENTIFIER ::= {id-at 64} END -- DirectoryAbstractService -- Generated by Asnp, the ASN.1 pretty-printer of France Telecom R&D