LDAP-MESSAGES DEFINITIONS AUTOMATIC TAGS ::= BEGIN LDAPMessage ::= SEQUENCE { messageID MessageID, -- unique id in request, -- to be echoed in response(s) protocolOp CHOICE { searchRequest SearchRequest, searchResponse SearchResponse, modifyRequest ModifyRequest, modifyResponse ModifyResponse, addRequest AddRequest, addResponse AddResponse, delRequest DelRequest, delResponse DelResponse, modifyRDNRequest ModifyRDNRequest, -- renamed to modifyRDNRequest, arlied -- modifyRDNResponse ModifyRDNResponse, -- renamed to modifyRDNResponse, arlied -- compareDNRequest CompareRequest, compareDNResponse CompareResponse, bindRequest BindRequest, bindResponse BindResponse, abandonRequest AbandonRequest, unbindRequest UnbindRequest } } BindRequest ::= [APPLICATION 0] SEQUENCE { version INTEGER (1 .. 127), name LDAPDN, authentication AuthenticationChoice } AuthenticationChoice ::= CHOICE { simple [0] OCTET STRING, -- 1 and 2 reserved sasl [3] SaslCredentials, sicilyNegotiate [9] OCTET STRING, sicilyInitial [10] OCTET STRING, sicilySubsequent [11] OCTET STRING } SaslCredentials ::= SEQUENCE { mechanism LDAPString, credentials OCTET STRING } BindResponse ::= [APPLICATION 1] LDAPResult UnbindRequest ::= [APPLICATION 2] NULL SearchRequest ::= [APPLICATION 3] SEQUENCE { baseObject LDAPDN, scope ENUMERATED { baseObject (0), singleLevel (1), wholeSubtree (2) }, derefAliases ENUMERATED { neverDerefAliases (0), derefInSearching (1), derefFindingBaseObj (2), alwaysDerefAliases (3) }, sizeLimit INTEGER (0 .. maxInt), -- value of 0 implies no sizelimit timeLimit INTEGER (0 .. maxInt), -- value of 0 implies no timelimit attrsOnly BOOLEAN, -- TRUE, if only attributes (without values) -- to be returned. filter Filter, attributes SEQUENCE OF AttributeType } SearchResponse ::= CHOICE { entry [APPLICATION 4] SEQUENCE { objectName LDAPDN, attributes SEQUENCE OF SEQUENCE { type AttributeType, -- added "type" arlied -- values SET OF -- added "values" arlied -- AttributeValue } }, resultCode [APPLICATION 5] LDAPResult } ModifyRequest ::= [APPLICATION 6] SEQUENCE { object LDAPDN, modifications SEQUENCE OF SEQUENCE { operation ENUMERATED { add (0), delete (1), replace (2) }, modification SEQUENCE { type AttributeType, values SET OF AttributeValue } } } ModifyResponse ::= [APPLICATION 7] LDAPResult AddRequest ::= [APPLICATION 8] SEQUENCE { entry LDAPDN, attrs SEQUENCE OF SEQUENCE { type AttributeType, values SET OF AttributeValue } } AddResponse ::= [APPLICATION 9] LDAPResult DelRequest ::= [APPLICATION 10] LDAPDN DelResponse ::= [APPLICATION 11] LDAPResult ModifyRDNRequest ::= [APPLICATION 12] SEQUENCE { entry LDAPDN, newrdn RelativeLDAPDN -- old RDN always deleted } ModifyRDNResponse ::= [APPLICATION 13] LDAPResult CompareRequest ::= [APPLICATION 14] SEQUENCE { entry LDAPDN, ava AttributeValueAssertion } CompareResponse ::= [APPLICATION 15] LDAPResult AbandonRequest ::= [APPLICATION 16] MessageID MessageID ::= INTEGER (0 .. maxInt) LDAPDN ::= LDAPString RelativeLDAPDN ::= LDAPString Filter ::= CHOICE { and [0] SET OF Filter, or [1] SET OF Filter, -- not [2] Filter, -- -- can't get pointer override to work, arlied -- equalityMatch [3] AttributeValueAssertion, substrings [4] SubstringFilter, greaterOrEqual [5] AttributeValueAssertion, lessOrEqual [6] AttributeValueAssertion, present [7] AttributeType, approxMatch [8] AttributeValueAssertion } LDAPResult ::= SEQUENCE { resultCode ENUMERATED { success (0), operationsError (1), protocolError (2), timeLimitExceeded (3), sizeLimitExceeded (4), compareFalse (5), compareTrue (6), authMethodNotSupported (7), strongAuthRequired (8), noSuchAttribute (16), undefinedAttributeType (17), inappropriateMatching (18), constraintViolation (19), attributeOrValueExists (20), invalidAttributeSyntax (21), noSuchObject (32), aliasProblem (33), invalidDNSyntax (34), isLeaf (35), aliasDereferencingProblem (36), inappropriateAuthentication (48), invalidCredentials (49), insufficientAccessRights (50), busy (51), unavailable (52), unwillingToPerform (53), loopDetect (54), namingViolation (64), objectClassViolation (65), notAllowedOnNonLeaf (66), notAllowedOnRDN (67), entryAlreadyExists (68), objectClassModsProhibited (69), other (80) }, matchedDN LDAPDN, errorMessage LDAPString } AttributeType ::= LDAPString -- text name of the attribute, or dotted -- OID representation AttributeValue ::= OCTET STRING AttributeValueAssertion ::= SEQUENCE { attributeType AttributeType, attributeValue AttributeValue } SubstringFilter ::= SEQUENCE { type AttributeType, attributes SEQUENCE OF CHOICE { -- named field "attributes", arlied -- initial [0] LDAPString, any [1] LDAPString, final [2] LDAPString } } LDAPString ::= OCTET STRING maxInt INTEGER ::= 2147483647 -- (2^^31 - 1) -- END