From b77911990326934d1724c98c790c1c479a0309c9 Mon Sep 17 00:00:00 2001 From: Dimitri Sokolyuk Date: Wed, 24 Jun 2015 20:35:47 +0200 Subject: Add descriptions --- ACSE/2.2.0.0.1.asn1 | 255 +++++++++ ACSE/2.5.1.0.3.asn1 | 240 +++++++++ ACSE/2.5.1.1.3.asn1 | 876 ++++++++++++++++++++++++++++++ ACSE/2.5.1.10.3.asn1 | 90 ++++ ACSE/2.5.1.2.3.asn1 | 718 ++++++++++++++++++++++++ ACSE/2.5.1.5.3.asn1 | 1467 ++++++++++++++++++++++++++++++++++++++++++++++++++ 6 files changed, 3646 insertions(+) create mode 100644 ACSE/2.2.0.0.1.asn1 create mode 100644 ACSE/2.5.1.0.3.asn1 create mode 100644 ACSE/2.5.1.1.3.asn1 create mode 100644 ACSE/2.5.1.10.3.asn1 create mode 100644 ACSE/2.5.1.2.3.asn1 create mode 100644 ACSE/2.5.1.5.3.asn1 (limited to 'ACSE') diff --git a/ACSE/2.2.0.0.1.asn1 b/ACSE/2.2.0.0.1.asn1 new file mode 100644 index 0000000..6768034 --- /dev/null +++ b/ACSE/2.2.0.0.1.asn1 @@ -0,0 +1,255 @@ +-- Module ACSE-1 (X.227:04/1995) +-- See also ITU-T X.227 (04/1995) +-- See also the index of all ASN.1 assignments needed in this document + +ACSE-1 {joint-iso-itu-t association-control(2) modules(0) apdus(0) version1(1)} +-- ACSE-1 refers to ACSE version 1 +DEFINITIONS ::= +BEGIN + +EXPORTS + acse-as-id, ACSE-apdu, aCSE-id, Application-context-name, AP-title, + AE-qualifier, AE-title, AP-invocation-identifier, AE-invocation-identifier, + Mechanism-name, Authentication-value, ACSE-requirements, ObjectSet; + +IMPORTS + Name, RelativeDistinguishedName + FROM InformationFramework {joint-iso-itu-t ds(5) module(1) + informationFramework(1) 3}; + +-- The data types Name and RelativeDistinguishedName are imported from ISO/IEC 9594-2. +-- object identifier assignments +acse-as-id OBJECT IDENTIFIER ::= + {joint-iso-itu-t association-control(2) abstract-syntax(1) apdus(0) + version1(1)} + +-- may be used to reference the abstract syntax of the ACSE APDUs +aCSE-id OBJECT IDENTIFIER ::= + {joint-iso-itu-t association-control(2) ase-id(3) acse-ase(1) version(1)} + +-- may be used to identify the Association Control ASE. +-- top level CHOICE +ACSE-apdu ::= CHOICE { + aarq AARQ-apdu, + aare AARE-apdu, + rlrq RLRQ-apdu, + rlre RLRE-apdu, + abrt ABRT-apdu, + ... +} + +AARQ-apdu ::= [APPLICATION 0] IMPLICIT SEQUENCE { + protocol-version + [0] IMPLICIT BIT STRING {version1(0)} DEFAULT {version1}, + application-context-name [1] Application-context-name, + called-AP-title [2] AP-title OPTIONAL, + called-AE-qualifier [3] AE-qualifier OPTIONAL, + called-AP-invocation-identifier [4] AP-invocation-identifier OPTIONAL, + called-AE-invocation-identifier [5] AE-invocation-identifier OPTIONAL, + calling-AP-title [6] AP-title OPTIONAL, + calling-AE-qualifier [7] AE-qualifier OPTIONAL, + calling-AP-invocation-identifier [8] AP-invocation-identifier OPTIONAL, + calling-AE-invocation-identifier [9] AE-invocation-identifier OPTIONAL, + -- The following field shall not be present if only the Kernel is used. + sender-acse-requirements [10] IMPLICIT ACSE-requirements OPTIONAL, + -- The following field shall only be present if the Authentication functional unit is selected. + mechanism-name [11] IMPLICIT Mechanism-name OPTIONAL, + -- The following field shall only be present if the Authentication functional unit is selected. + calling-authentication-value [12] EXPLICIT Authentication-value OPTIONAL, + application-context-name-list + [13] IMPLICIT Application-context-name-list OPTIONAL, + -- The above field shall only be present if the Application Context Negotiation functional unit is selected + implementation-information [29] IMPLICIT Implementation-data OPTIONAL, + ..., + ..., + user-information + [30] IMPLICIT Association-information OPTIONAL +} + +AARE-apdu ::= [APPLICATION 1] IMPLICIT SEQUENCE { + protocol-version + [0] IMPLICIT BIT STRING {version1(0)} DEFAULT {version1}, + application-context-name [1] Application-context-name, + result [2] Associate-result, + result-source-diagnostic [3] Associate-source-diagnostic, + responding-AP-title [4] AP-title OPTIONAL, + responding-AE-qualifier [5] AE-qualifier OPTIONAL, + responding-AP-invocation-identifier [6] AP-invocation-identifier OPTIONAL, + responding-AE-invocation-identifier [7] AE-invocation-identifier OPTIONAL, + -- The following field shall not be present if only the Kernel is used. + responder-acse-requirements [8] IMPLICIT ACSE-requirements OPTIONAL, + -- The following field shall only be present if the Authentication functional unit is selected. + mechanism-name [9] IMPLICIT Mechanism-name OPTIONAL, + -- This following field shall only be present if the Authentication functional unit is selected. + responding-authentication-value + [10] EXPLICIT Authentication-value OPTIONAL, + application-context-name-list + [11] IMPLICIT Application-context-name-list OPTIONAL, + -- The above field shall only be present if the Application Context Negotiation functional unit is selected + implementation-information + [29] IMPLICIT Implementation-data OPTIONAL, + ..., + ..., + user-information + [30] IMPLICIT Association-information OPTIONAL +} + +RLRQ-apdu ::= [APPLICATION 2] IMPLICIT SEQUENCE { + reason [0] IMPLICIT Release-request-reason OPTIONAL, + ..., + ..., + user-information [30] IMPLICIT Association-information OPTIONAL +} + +RLRE-apdu ::= [APPLICATION 3] IMPLICIT SEQUENCE { + reason [0] IMPLICIT Release-response-reason OPTIONAL, + ..., + ..., + user-information [30] IMPLICIT Association-information OPTIONAL +} + +ABRT-apdu ::= [APPLICATION 4] IMPLICIT SEQUENCE { + abort-source [0] IMPLICIT ABRT-source, + abort-diagnostic [1] IMPLICIT ABRT-diagnostic OPTIONAL, + -- This field shall not be present if only the Kernel is used. + ..., + ..., + user-information [30] IMPLICIT Association-information OPTIONAL +} + +ABRT-diagnostic ::= ENUMERATED { + no-reason-given(1), protocol-error(2), + authentication-mechanism-name-not-recognized(3), + authentication-mechanism-name-required(4), authentication-failure(5), + authentication-required(6), ... + } + +ABRT-source ::= INTEGER {acse-service-user(0), acse-service-provider(1) +}(0..1, ...) + +ACSE-requirements ::= BIT STRING { + authentication(0), application-context-negotiation(1)} + +Application-context-name-list ::= SEQUENCE OF Application-context-name + +Application-context-name ::= OBJECT IDENTIFIER + +-- Application-entity title productions follow (not in alphabetical order) +AP-title ::= CHOICE { + ap-title-form1 AP-title-form1, + ap-title-form2 AP-title-form2, + ... +} + +AE-qualifier ::= CHOICE { + ae-qualifier-form1 AE-qualifier-form1, + ae-qualifier-form2 AE-qualifier-form2, + ... +} + +-- When both AP-title and AE-qualifier data values are present in an AARQ or AARE APDU, both must +-- have the same form to allow the construction of an AE-title as discussed in CCITT Rec. X.665 | +-- ISO/IEC 9834-6. +AP-title-form1 ::= + Name + +-- The value assigned to AP-title-form1 is The Directory Name of an application-process title. +AE-qualifier-form1 ::= + RelativeDistinguishedName + +-- The value assigned to AE-qualifier-form1 is the relative distinguished name of a particular +-- application-entity of the application-process identified by AP-title-form1. +AP-title-form2 ::= OBJECT IDENTIFIER + +AE-qualifier-form2 ::= INTEGER + +AE-title ::= CHOICE { + ae-title-form1 AE-title-form1, + ae-title-form2 AE-title-form2, + ... +} + +-- As defined in CCITT Rec. X.650 | ISO 7498-3, an application-entity title is composed of an application- +-- process title and an application-entity qualifier. The ACSE protocol provides for the transfer of an +-- application-entity title value by the transfer of its component values. However, the following data type +-- is provided for International Standards that reference a single syntactic structure for AE titles. +AE-title-form1 ::= + Name + +-- For access to The Directory (ITU-T Rec. X.500-Series | ISO/IEC 9594), an AE title has AE-title-form1. +-- This value can be constructed from AP-title-form1 and AE-qualifier-form1 values contained in an +-- AARQ or AARE APDU. A discussion of forming an AE-title-form1 from AP-title-form1 and AE-qualifier- +-- form1 may be found in CCITT Rec. X.665 | ISO/IEC 9834-6. +AE-title-form2 ::= OBJECT IDENTIFIER + +-- A discussion of forming an AE-title-form2 from AP-title-form2 and AE-qualifier-form2 may be +-- found in CCITT Rec. X.665 | ISO/IEC 9834-6. +AE-invocation-identifier ::= INTEGER + +AP-invocation-identifier ::= INTEGER + +-- End of Application-entity title productions +Associate-result ::= INTEGER { + accepted(0), rejected-permanent(1), rejected-transient(2)}(0..2, ...) + +Associate-source-diagnostic ::= CHOICE { + acse-service-user + [1] INTEGER {null(0), no-reason-given(1), + application-context-name-not-supported(2), + calling-AP-title-not-recognized(3), + calling-AP-invocation-identifier-not-recognized(4), + calling-AE-qualifier-not-recognized(5), + calling-AE-invocation-identifier-not-recognized(6), + called-AP-title-not-recognized(7), + called-AP-invocation-identifier-not-recognized(8), + called-AE-qualifier-not-recognized(9), + called-AE-invocation-identifier-not-recognized(10), + authentication-mechanism-name-not-recognized(11), + authentication-mechanism-name-required(12), + authentication-failure(13), authentication-required(14)} + (0..14, ...), + acse-service-provider + [2] INTEGER {null(0), no-reason-given(1), no-common-acse-version(2)} + (0..2, ...) +} + +Association-information ::= SEQUENCE SIZE (1, ..., 0 | 2..MAX) OF EXTERNAL + +Authentication-value ::= CHOICE { + charstring [0] IMPLICIT GraphicString, + bitstring [1] IMPLICIT BIT STRING, + external [2] IMPLICIT EXTERNAL, + other + [3] IMPLICIT SEQUENCE {other-mechanism-name + MECHANISM-NAME.&id({ObjectSet}), + other-mechanism-value + MECHANISM-NAME.&Type + ({ObjectSet}{@.other-mechanism-name})} +} + +-- The abstract syntax of (calling/responding) authentication-value is determined by the authentication +-- mechanism used during association establishment. The authentication mechanism is either explicitly +-- denoted by the &id field (of type OBJECT IDENTIFIER) for a mechanism belonging to the class +-- MECHANISM-NAME, or it is known implicitly by +-- prior agreement between the communicating partners. If the "other" component is chosen, then +-- the "mechanism-name" component must be present in accordance with +-- ITU-T Rec. X.680 | ISO/IEC 8824. If the value "mechanism-name" occurs in the AARQ-apdu or the +-- AARE-apdu, then that value must be the same as the value for "other-mechanism-name" +Implementation-data ::= GraphicString + +Mechanism-name ::= OBJECT IDENTIFIER + +MECHANISM-NAME ::= TYPE-IDENTIFIER + +ObjectSet MECHANISM-NAME ::= + {...} + +Release-request-reason ::= INTEGER {normal(0), urgent(1), user-defined(30) +}(0 | 1 | 30, ...) + +Release-response-reason ::= INTEGER { + normal(0), not-finished(1), user-defined(30)}(0 | 1 | 30, ...) + +END + +-- Generated by Asnp, the ASN.1 pretty-printer of France Telecom R&D diff --git a/ACSE/2.5.1.0.3.asn1 b/ACSE/2.5.1.0.3.asn1 new file mode 100644 index 0000000..b755285 --- /dev/null +++ b/ACSE/2.5.1.0.3.asn1 @@ -0,0 +1,240 @@ +-- Module UsefulDefinitions (X.501 TC2:08/1997) +-- See also ITU-T X.501 (1997) Technical Cor. 2 (02/2001) +-- See also the index of all ASN.1 assignments needed in this document + +UsefulDefinitions {joint-iso-itu-t ds(5) module(1) usefulDefinitions(0) 3} +DEFINITIONS ::= +BEGIN + +-- EXPORTS All - +-- The types and values defined in this module are exported for use in the other ASN.1 modules contained +-- within the Directory Specifications, and for the use of other applications which will use them to access +-- Directory services. Other applications may use them for their own purposes, but this will not constrain +-- extensions and modifications needed to maintain or improve the Directory service. +ID ::= OBJECT IDENTIFIER + +ds ID ::= {joint-iso-itu-t ds(5)} + +-- categories of information object +module ID ::= {ds 1} + +serviceElement ID ::= {ds 2} + +applicationContext ID ::= {ds 3} + +attributeType ID ::= {ds 4} + +attributeSyntax ID ::= {ds 5} + +objectClass ID ::= {ds 6} + +-- attributeSet ID ::= {ds 7} +algorithm ID ::= {ds 8} + +abstractSyntax ID ::= {ds 9} + +-- object ID ::= {ds 10} +-- port ID ::= {ds 11} +dsaOperationalAttribute ID ::= + {ds 12} + +matchingRule ID ::= {ds 13} + +knowledgeMatchingRule ID ::= {ds 14} + +nameForm ID ::= {ds 15} + +group ID ::= {ds 16} + +subentry ID ::= {ds 17} + +operationalAttributeType ID ::= {ds 18} + +operationalBinding ID ::= {ds 19} + +schemaObjectClass ID ::= {ds 20} + +schemaOperationalAttribute ID ::= {ds 21} + +administrativeRoles ID ::= {ds 23} + +accessControlAttribute ID ::= {ds 24} + +rosObject ID ::= {ds 25} + +contract ID ::= {ds 26} + +package ID ::= {ds 27} + +accessControlSchemes ID ::= {ds 28} + +certificateExtension ID ::= {ds 29} + +managementObject ID ::= {ds 30} + +attributeValueContext ID ::= {ds 31} + +-- securityExchange ID ::= {ds 32} +idmProtocol ID ::= {ds 33} + +problem ID ::= {ds 34} + +notification ID ::= {ds 35} + +matchingRestriction ID ::= + {ds 36} -- None are currently defined by this specification + +controlAttributeType ID ::= {ds 37} + +-- modules +usefulDefinitions ID ::= {module usefulDefinitions(0) 3} + +informationFramework ID ::= {module informationFramework(1) 3} + +directoryAbstractService ID ::= {module directoryAbstractService(2) 3} + +distributedOperations ID ::= {module distributedOperations(3) 3} + +protocolObjectIdentifiers ID ::= {module protocolObjectIdentifiers(4) 3} + +selectedAttributeTypes ID ::= {module selectedAttributeTypes(5) 3} + +selectedObjectClasses ID ::= {module selectedObjectClasses(6) 3} + +authenticationFramework ID ::= {module authenticationFramework(7) 3} + +algorithmObjectIdentifiers ID ::= {module algorithmObjectIdentifiers(8) 3} + +directoryObjectIdentifiers ID ::= {module directoryObjectIdentifiers(9) 3} + +upperBounds ID ::= {module upperBounds(10) 3} + +dap ID ::= {module dap(11) 3} + +dsp ID ::= {module dsp(12) 3} + +distributedDirectoryOIDs ID ::= {module distributedDirectoryOIDs(13) 3} + +directoryShadowOIDs ID ::= {module directoryShadowOIDs(14) 3} + +directoryShadowAbstractService ID ::= + {module directoryShadowAbstractService(15) 3} + +disp ID ::= {module disp(16) 3} + +dop ID ::= {module dop(17) 3} + +opBindingManagement ID ::= {module opBindingManagement(18) 3} + +opBindingOIDs ID ::= {module opBindingOIDs(19) 3} + +hierarchicalOperationalBindings ID ::= + {module hierarchicalOperationalBindings(20) 3} + +dsaOperationalAttributeTypes ID ::= {module dsaOperationalAttributeTypes(22) 3} + +schemaAdministration ID ::= {module schemaAdministration(23) 3} + +basicAccessControl ID ::= {module basicAccessControl(24) 3} + +directoryOperationalBindingTypes ID ::= + {module directoryOperationalBindingTypes(25) 3} + +certificateExtensions ID ::= {module certificateExtensions(26) 0} + +directoryManagement ID ::= {module directoryManagement(27) 1} + +enhancedSecurity ID ::= {module enhancedSecurity(28) 1} + +iDMProtocolSpecification ID ::= {module iDMProtocolSpecification(30) 4} + +directoryIDMProtocols ID ::= {module directoryIDMProtocols(31) 4} + +-- directorySecurityExchanges ID ::= {module directorySecurityExchanges (29) 1} +-- synonyms +id-oc ID ::= + objectClass + +id-at ID ::= attributeType + +id-as ID ::= abstractSyntax + +id-mr ID ::= matchingRule + +id-nf ID ::= nameForm + +id-sc ID ::= subentry + +id-oa ID ::= operationalAttributeType + +id-ob ID ::= operationalBinding + +id-doa ID ::= dsaOperationalAttribute + +id-kmr ID ::= knowledgeMatchingRule + +id-soc ID ::= schemaObjectClass + +id-soa ID ::= schemaOperationalAttribute + +id-ar ID ::= administrativeRoles + +id-aca ID ::= accessControlAttribute + +id-ac ID ::= applicationContext + +id-rosObject ID ::= rosObject + +id-contract ID ::= contract + +id-package ID ::= package + +id-acScheme ID ::= accessControlSchemes + +id-ce ID ::= certificateExtension + +id-mgt ID ::= managementObject + +id-idm ID ::= idmProtocol + +id-avc ID ::= attributeValueContext + +-- id-se ID ::= securityExchange +id-pr ID ::= problem + +id-not ID ::= notification + +id-mre ID ::= matchingRestriction + +id-cat ID ::= controlAttributeType + +-- obsolete module identifiers +-- usefulDefinition ID ::= {module 0} +-- informationFramework ID ::= {module 1} +-- directoryAbstractService ID ::= {module 2} +-- distributedOperations ID ::= {module 3} +-- protocolObjectIdentifiers ID ::= {module 4} +-- selectedAttributeTypes ID ::= {module 5} +-- selectedObjectClasses ID ::= {module 6} +-- authenticationFramework ID ::= {module 7} +-- algorithmObjectIdentifiers ID ::= {module 8} +-- directoryObjectIdentifiers ID ::= {module 9} +-- upperBounds ID ::= {module 10} +-- dap ID ::= {module 11} +-- dsp ID ::= {module 12} +-- distributedDirectoryObjectIdentifiers ID ::= {module 13} +-- unused module identifiers +-- directoryShadowOIDs ID ::= {module 14} +-- directoryShadowAbstractService ID ::= {module 15} +-- disp ID ::= {module 16} +-- dop ID ::= {module 17} +-- opBindingManagement ID ::= {module 18} +-- opBindingOIDs ID ::= {module 19} +-- hierarchicalOperationalBindings ID ::= {module 20} +-- dsaOperationalAttributeTypes ID ::= {module 22} +-- schemaAdministration ID ::= {module 23} +-- basicAccessControl ID ::= {module 24} +-- operationalBindingOIDs ID ::= {module 25} +END -- UsefulDefinitions + +-- Generated by Asnp, the ASN.1 pretty-printer of France Telecom R&D diff --git a/ACSE/2.5.1.1.3.asn1 b/ACSE/2.5.1.1.3.asn1 new file mode 100644 index 0000000..58d934b --- /dev/null +++ b/ACSE/2.5.1.1.3.asn1 @@ -0,0 +1,876 @@ +-- Module InformationFramework (X.501 TC2:08/1997) +-- See also ITU-T X.501 (1997) Technical Cor. 2 (02/2001) +-- See also the index of all ASN.1 assignments needed in this document + +InformationFramework {joint-iso-itu-t ds(5) module(1) informationFramework(1) + 3} DEFINITIONS ::= +BEGIN + +-- EXPORTS All - +-- The types and values defined in this module are exported for use in the other ASN.1 modules contained +-- within the Directory Specifications, and for the use of other applications which will use them to access +-- Directory services. Other applications may use them for their own purposes, but this will not constrain +-- extensions and modifications needed to maintain or improve the Directory service. +IMPORTS + id-oc, id-at, id-mr, id-oa, id-sc, id-ar, id-nf, selectedAttributeTypes, + directoryAbstractService, upperBounds + FROM UsefulDefinitions {joint-iso-itu-t ds(5) module(1) + usefulDefinitions(0) 3} + commonName, generalizedTimeMatch, generalizedTimeOrderingMatch, booleanMatch, + integerMatch, integerOrderingMatch, objectIdentifierFirstComponentMatch, + integerFirstComponentMatch, DirectoryString{} + FROM SelectedAttributeTypes {joint-iso-itu-t ds(5) module(1) + selectedAttributeTypes(5) 3} + TypeAndContextAssertion, ServiceControlOptions, SearchControlOptions, + HierarchySelections, FamilyGrouping, FamilyReturn + FROM DirectoryAbstractService {joint-iso-itu-t ds(5) module(1) + directoryAbstractService(2) 3} + ub-search + FROM UpperBounds {joint-iso-itu-t ds(5) module(1) upperBounds(10) 3}; + +-- attribute data types +Attribute ::= SEQUENCE { + type ATTRIBUTE.&id({SupportedAttributes}), + values + SET SIZE (0..MAX) OF ATTRIBUTE.&Type({SupportedAttributes}{@type}), + valuesWithContext + SET SIZE (1..MAX) OF + SEQUENCE {value ATTRIBUTE.&Type({SupportedAttributes}{@type}), + contextList SET SIZE (1..MAX) OF Context} OPTIONAL +} + +AttributeType ::= ATTRIBUTE.&id + +AttributeValue ::= ATTRIBUTE.&Type + +Context ::= SEQUENCE { + contextType CONTEXT.&id({SupportedContexts}), + contextValues + SET SIZE (1..MAX) OF CONTEXT.&Type({SupportedContexts}{@contextType}), + fallback BOOLEAN DEFAULT FALSE +} + +AttributeValueAssertion ::= SEQUENCE { + type ATTRIBUTE.&id({SupportedAttributes}), + assertion + ATTRIBUTE.&equality-match.&AssertionType + ({SupportedAttributes}{@type}), + assertedContexts + CHOICE {allContexts [0] NULL, + selectedContexts [1] SET SIZE (1..MAX) OF ContextAssertion + } OPTIONAL +} + +ContextAssertion ::= SEQUENCE { + contextType CONTEXT.&id({SupportedContexts}), + contextValues + SET SIZE (1..MAX) OF + CONTEXT.&Assertion({SupportedContexts}{@contextType}) +} + +AttributeTypeAssertion ::= SEQUENCE { + type ATTRIBUTE.&id({SupportedAttributes}), + assertedContexts SEQUENCE SIZE (1..MAX) OF ContextAssertion OPTIONAL +} + +-- Definition of the following information object set is deferred, perhaps to standardized +-- profiles or to protocol implementation conformance statements. The set is required to +-- specify a table constraint on the values component of Attribute, the value component +-- of AttributeTypeAndValue, and the assertion component of AttributeValueAssertion. +SupportedAttributes ATTRIBUTE ::= + {objectClass | aliasedEntryName, ...} + +-- Definition of the following information object set is deferred, perhaps to standardized +-- profiles or to protocol implementation conformance statements. The set is required to +-- specify a table constraint on the context specifications +SupportedContexts CONTEXT ::= + {...} + +-- naming data types +Name ::= CHOICE { -- only one possibility for now --rdnSequence RDNSequence +} + +RDNSequence ::= SEQUENCE OF RelativeDistinguishedName + +DistinguishedName ::= RDNSequence + +RelativeDistinguishedName ::= + SET SIZE (1..MAX) OF AttributeTypeAndDistinguishedValue + +AttributeTypeAndDistinguishedValue ::= SEQUENCE { + type ATTRIBUTE.&id({SupportedAttributes}), + value ATTRIBUTE.&Type({SupportedAttributes}{@type}), + primaryDistinguished BOOLEAN DEFAULT TRUE, + valuesWithContext + SET SIZE (1..MAX) OF + SEQUENCE {distingAttrValue + [0] ATTRIBUTE.&Type({SupportedAttributes}{@type}) + OPTIONAL, + contextList SET SIZE (1..MAX) OF Context} OPTIONAL +} + +-- subtree data types +SubtreeSpecification ::= SEQUENCE { + base [0] LocalName DEFAULT {}, + COMPONENTS OF ChopSpecification, + specificationFilter [4] Refinement OPTIONAL +} + +-- empty sequence specifies whole administrative area +LocalName ::= RDNSequence + +ChopSpecification ::= SEQUENCE { + specificExclusions + [1] SET SIZE (1..MAX) OF + CHOICE {chopBefore [0] LocalName, + chopAfter [1] LocalName} OPTIONAL, + minimum [2] BaseDistance DEFAULT 0, + maximum [3] BaseDistance OPTIONAL +} + +BaseDistance ::= INTEGER(0..MAX) + +Refinement ::= CHOICE { + item [0] OBJECT-CLASS.&id, + and [1] SET OF Refinement, + or [2] SET OF Refinement, + not [3] Refinement +} + +-- OBJECT-CLASS information object class specification +OBJECT-CLASS ::= CLASS { + &Superclasses OBJECT-CLASS OPTIONAL, + &kind ObjectClassKind DEFAULT structural, + &MandatoryAttributes ATTRIBUTE OPTIONAL, + &OptionalAttributes ATTRIBUTE OPTIONAL, + &id OBJECT IDENTIFIER UNIQUE +} +WITH SYNTAX { + [SUBCLASS OF &Superclasses] + [KIND &kind] + [MUST CONTAIN &MandatoryAttributes] + [MAY CONTAIN &OptionalAttributes] + ID &id +} + +ObjectClassKind ::= ENUMERATED {abstract(0), structural(1), auxiliary(2)} + +-- object classes +top OBJECT-CLASS ::= { + KIND abstract + MUST CONTAIN {objectClass} + ID id-oc-top +} + +alias OBJECT-CLASS ::= { + SUBCLASS OF {top} + MUST CONTAIN {aliasedEntryName} + ID id-oc-alias +} + +parent OBJECT-CLASS ::= {KIND abstract + ID id-oc-parent +} + +child OBJECT-CLASS ::= {KIND auxiliary + ID id-oc-child +} + +-- ATTRIBUTE information object class specification +ATTRIBUTE ::= CLASS { + &derivation ATTRIBUTE OPTIONAL, + &Type OPTIONAL, -- either &Type or &derivation required + &equality-match MATCHING-RULE OPTIONAL, + &ordering-match MATCHING-RULE OPTIONAL, + &substrings-match MATCHING-RULE OPTIONAL, + &single-valued BOOLEAN DEFAULT FALSE, + &collective BOOLEAN DEFAULT FALSE, + -- operational extensions + &no-user-modification BOOLEAN DEFAULT FALSE, + &usage AttributeUsage DEFAULT userApplications, + &id OBJECT IDENTIFIER UNIQUE +} +WITH SYNTAX { + [SUBTYPE OF &derivation] + [WITH SYNTAX &Type] + [EQUALITY MATCHING RULE &equality-match] + [ORDERING MATCHING RULE &ordering-match] + [SUBSTRINGS MATCHING RULE &substrings-match] + [SINGLE VALUE &single-valued] + [COLLECTIVE &collective] + [NO USER MODIFICATION &no-user-modification] + [USAGE &usage] + ID &id +} + +AttributeUsage ::= ENUMERATED { + userApplications(0), directoryOperation(1), distributedOperation(2), + dSAOperation(3)} + +-- attributes +objectClass ATTRIBUTE ::= { + WITH SYNTAX OBJECT IDENTIFIER + EQUALITY MATCHING RULE objectIdentifierMatch + ID id-at-objectClass +} + +aliasedEntryName ATTRIBUTE ::= { + WITH SYNTAX DistinguishedName + EQUALITY MATCHING RULE distinguishedNameMatch + SINGLE VALUE TRUE + ID id-at-aliasedEntryName +} + +-- MATCHING-RULE information object class specification +MATCHING-RULE ::= CLASS { + &ParentMatchingRules MATCHING-RULE.&id OPTIONAL, + &AssertionType OPTIONAL, + &uniqueMatchIndicator ATTRIBUTE.&id OPTIONAL, + &id OBJECT IDENTIFIER UNIQUE +} +WITH SYNTAX { + [PARENT &ParentMatchingRules] + [SYNTAX &AssertionType] + [UNIQUE-MATCH-INDICATOR &uniqueMatchIndicator] + ID &id +} + +-- matching rules +objectIdentifierMatch MATCHING-RULE ::= { + SYNTAX OBJECT IDENTIFIER + ID id-mr-objectIdentifierMatch +} + +distinguishedNameMatch MATCHING-RULE ::= { + SYNTAX DistinguishedName + ID id-mr-distinguishedNameMatch +} + +MAPPING-BASED-MATCHING{SelectedBy, BOOLEAN:combinable, MappingResult, + OBJECT IDENTIFIER:matchingRule} ::= CLASS { + &selectBy SelectedBy OPTIONAL, + &ApplicableTo ATTRIBUTE, + &subtypesIncluded BOOLEAN DEFAULT TRUE, + &combinable BOOLEAN(combinable), + &mappingResults MappingResult OPTIONAL, + &userControl BOOLEAN DEFAULT FALSE, + &exclusive BOOLEAN DEFAULT TRUE, + &matching-rule MATCHING-RULE.&id(matchingRule), + &id OBJECT IDENTIFIER UNIQUE +} +WITH SYNTAX { + [SELECT BY &selectBy] + APPLICABLE TO &ApplicableTo + [SUBTYPES INCLUDED &subtypesIncluded] + COMBINABLE &combinable + [MAPPING RESULTS &mappingResults] + [USER CONTROL &userControl] + [EXCLUSIVE &exclusive] + MATCHING RULE &matching-rule + ID &id +} + +-- NAME-FORM information object class specification +NAME-FORM ::= CLASS { + &namedObjectClass OBJECT-CLASS, + &MandatoryAttributes ATTRIBUTE, + &OptionalAttributes ATTRIBUTE OPTIONAL, + &id OBJECT IDENTIFIER UNIQUE +} +WITH SYNTAX { + NAMES &namedObjectClass + WITH ATTRIBUTES &MandatoryAttributes + [AND OPTIONALLY &OptionalAttributes] + ID &id +} + +-- STRUCTURE-RULE class and DIT structure rule data types +STRUCTURE-RULE ::= CLASS { + &nameForm NAME-FORM, + &SuperiorStructureRules STRUCTURE-RULE OPTIONAL, + &id RuleIdentifier +} +WITH SYNTAX { + NAME FORM &nameForm + [SUPERIOR RULES &SuperiorStructureRules] + ID &id +} + +DITStructureRule ::= SEQUENCE { + ruleIdentifier RuleIdentifier, + -- must be unique within the scope of the subschema + nameForm NAME-FORM.&id, + superiorStructureRules SET SIZE (1..MAX) OF RuleIdentifier OPTIONAL +} + +RuleIdentifier ::= INTEGER + +-- CONTENT-RULE class and DIT content rule data types +CONTENT-RULE ::= CLASS { + &structuralClass OBJECT-CLASS.&id UNIQUE, + &Auxiliaries OBJECT-CLASS OPTIONAL, + &Mandatory ATTRIBUTE OPTIONAL, + &Optional ATTRIBUTE OPTIONAL, + &Precluded ATTRIBUTE OPTIONAL +} +WITH SYNTAX { + STRUCTURAL OBJECT-CLASS &structuralClass + [AUXILIARY OBJECT-CLASSES &Auxiliaries] + [MUST CONTAIN &Mandatory] + [MAY CONTAIN &Optional] + [MUST-NOT CONTAIN &Precluded] +} + +DITContentRule ::= SEQUENCE { + structuralObjectClass OBJECT-CLASS.&id, + auxiliaries SET SIZE (1..MAX) OF OBJECT-CLASS.&id OPTIONAL, + mandatory [1] SET SIZE (1..MAX) OF ATTRIBUTE.&id OPTIONAL, + optional [2] SET SIZE (1..MAX) OF ATTRIBUTE.&id OPTIONAL, + precluded [3] SET SIZE (1..MAX) OF ATTRIBUTE.&id OPTIONAL +} + +CONTEXT ::= CLASS { + &Type , + &Assertion OPTIONAL, + &id OBJECT IDENTIFIER UNIQUE +}WITH SYNTAX {WITH SYNTAX &Type + [ASSERTED AS &Assertion] + ID &id +} + +DITContextUse ::= SEQUENCE { + attributeType ATTRIBUTE.&id, + mandatoryContexts [1] SET SIZE (1..MAX) OF CONTEXT.&id OPTIONAL, + optionalContexts [2] SET SIZE (1..MAX) OF CONTEXT.&id OPTIONAL +} + +DIT-CONTEXT-USE-RULE ::= CLASS { + &attributeType ATTRIBUTE.&id UNIQUE, + &Mandatory CONTEXT OPTIONAL, + &Optional CONTEXT OPTIONAL +} +WITH SYNTAX { + ATTRIBUTE TYPE &attributeType + [MANDATORY CONTEXTS &Mandatory] + [OPTIONAL CONTEXTS &Optional] +} + +-- system schema information objects +-- object classes +subentry OBJECT-CLASS ::= { + SUBCLASS OF {top} + KIND structural + MUST CONTAIN {commonName | subtreeSpecification} + ID id-sc-subentry +} + +subentryNameForm NAME-FORM ::= { + NAMES subentry + WITH ATTRIBUTES {commonName} + ID id-nf-subentryNameForm +} + +accessControlSubentry OBJECT-CLASS ::= { + KIND auxiliary + ID id-sc-accessControlSubentry +} + +collectiveAttributeSubentry OBJECT-CLASS ::= { + KIND auxiliary + ID id-sc-collectiveAttributeSubentry +} + +contextAssertionSubentry OBJECT-CLASS ::= { + KIND auxiliary + MUST CONTAIN {contextAssertionDefaults} + ID id-sc-contextAssertionSubentry +} + +serviceAdminSubentry OBJECT-CLASS ::= { + KIND auxiliary + MUST CONTAIN {searchRules} + ID id-sc-serviceAdminSubentry +} + +-- attributes +createTimestamp ATTRIBUTE ::= { + WITH SYNTAX GeneralizedTime + -- as per 41.3 b) or c) of ITU-T Rec. X.680 | ISO/IEC 8824-1 + EQUALITY MATCHING RULE generalizedTimeMatch + ORDERING MATCHING RULE generalizedTimeOrderingMatch + SINGLE VALUE TRUE + NO USER MODIFICATION TRUE + USAGE directoryOperation + ID id-oa-createTimestamp +} + +modifyTimestamp ATTRIBUTE ::= { + WITH SYNTAX GeneralizedTime + -- as per 41.3 b) or c) of ITU-T Rec. X.680 | ISO/IEC 8824-1 + EQUALITY MATCHING RULE generalizedTimeMatch + ORDERING MATCHING RULE generalizedTimeOrderingMatch + SINGLE VALUE TRUE + NO USER MODIFICATION TRUE + USAGE directoryOperation + ID id-oa-modifyTimestamp +} + +subschemaTimestamp ATTRIBUTE ::= { + WITH SYNTAX GeneralizedTime + -- as per 41.3 b) or c) of ITU-T Rec.X. 680 | ISO/IEC 8824-1 + EQUALITY MATCHING RULE generalizedTimeMatch + ORDERING MATCHING RULE generalizedTimeOrderingMatch + SINGLE VALUE TRUE + NO USER MODIFICATION TRUE + USAGE directoryOperation + ID id-oa-subschemaTimestamp +} + +creatorsName ATTRIBUTE ::= { + WITH SYNTAX DistinguishedName + EQUALITY MATCHING RULE distinguishedNameMatch + SINGLE VALUE TRUE + NO USER MODIFICATION TRUE + USAGE directoryOperation + ID id-oa-creatorsName +} + +modifiersName ATTRIBUTE ::= { + WITH SYNTAX DistinguishedName + EQUALITY MATCHING RULE distinguishedNameMatch + SINGLE VALUE TRUE + NO USER MODIFICATION TRUE + USAGE directoryOperation + ID id-oa-modifiersName +} + +subschemaSubentryList ATTRIBUTE ::= { + WITH SYNTAX DistinguishedName + EQUALITY MATCHING RULE distinguishedNameMatch + SINGLE VALUE TRUE + NO USER MODIFICATION TRUE + USAGE directoryOperation + ID id-oa-subschemaSubentryList +} + +accessControlSubentryList ATTRIBUTE ::= { + WITH SYNTAX DistinguishedName + EQUALITY MATCHING RULE distinguishedNameMatch + NO USER MODIFICATION TRUE + USAGE directoryOperation + ID id-oa-accessControlSubentryList +} + +collectiveAttributeSubentryList ATTRIBUTE ::= { + WITH SYNTAX DistinguishedName + EQUALITY MATCHING RULE distinguishedNameMatch + NO USER MODIFICATION TRUE + USAGE directoryOperation + ID id-oa-collectiveAttributeSubentryList +} + +contextDefaultSubentryList ATTRIBUTE ::= { + WITH SYNTAX DistinguishedName + EQUALITY MATCHING RULE distinguishedNameMatch + NO USER MODIFICATION TRUE + USAGE directoryOperation + ID id-oa-contextDefaultSubentryList +} + +serviceAdminSubentryList ATTRIBUTE ::= { + WITH SYNTAX DistinguishedName + EQUALITY MATCHING RULE distinguishedNameMatch + NO USER MODIFICATION TRUE + USAGE directoryOperation + ID id-oa-serviceAdminSubentryList +} + +hasSubordinates ATTRIBUTE ::= { + WITH SYNTAX BOOLEAN + EQUALITY MATCHING RULE booleanMatch + SINGLE VALUE TRUE + NO USER MODIFICATION TRUE + USAGE directoryOperation + ID id-oa-hasSubordinates +} + +administrativeRole ATTRIBUTE ::= { + WITH SYNTAX OBJECT-CLASS.&id + EQUALITY MATCHING RULE objectIdentifierMatch + USAGE directoryOperation + ID id-oa-administrativeRole +} + +subtreeSpecification ATTRIBUTE ::= { + WITH SYNTAX SubtreeSpecification + USAGE directoryOperation + ID id-oa-subtreeSpecification +} + +collectiveExclusions ATTRIBUTE ::= { + WITH SYNTAX OBJECT IDENTIFIER + EQUALITY MATCHING RULE objectIdentifierMatch + USAGE directoryOperation + ID id-oa-collectiveExclusions +} + +contextAssertionDefaults ATTRIBUTE ::= { + WITH SYNTAX TypeAndContextAssertion + EQUALITY MATCHING RULE objectIdentifierFirstComponentMatch + USAGE directoryOperation + ID id-oa-contextAssertionDefault +} + +searchRules ATTRIBUTE ::= { + WITH SYNTAX SearchRuleDescription + EQUALITY MATCHING RULE integerFirstComponentMatch + USAGE directoryOperation + ID id-oa-searchRules +} + +SearchRuleDescription ::= SEQUENCE { + COMPONENTS OF SearchRule, + name [28] SET SIZE (1..MAX) OF DirectoryString{ub-search} OPTIONAL, + description [29] DirectoryString{ub-search} OPTIONAL, + obsolete [30] BOOLEAN DEFAULT FALSE +} + +hierarchyLevel ATTRIBUTE ::= { + WITH SYNTAX INTEGER + EQUALITY MATCHING RULE integerMatch + ORDERING MATCHING RULE integerOrderingMatch + SINGLE VALUE TRUE + NO USER MODIFICATION TRUE + USAGE directoryOperation + ID id-oa-hierarchyLevel +} + +hierarchyBelow ATTRIBUTE ::= { + WITH SYNTAX BOOLEAN + EQUALITY MATCHING RULE booleanMatch + SINGLE VALUE TRUE + NO USER MODIFICATION TRUE + USAGE directoryOperation + ID id-oa-hierarchyBelow +} + +hierarchyParent ATTRIBUTE ::= { + WITH SYNTAX DistinguishedName + EQUALITY MATCHING RULE distinguishedNameMatch + SINGLE VALUE TRUE + USAGE directoryOperation + ID id-oa-hierarchyParent +} + +SearchRule ::= SEQUENCE { + COMPONENTS OF SearchRuleId, + serviceType [1] OBJECT IDENTIFIER OPTIONAL, + userClass [2] INTEGER OPTIONAL, + inputAttributeTypes + [3] SEQUENCE SIZE (1..MAX) OF RequestAttribute OPTIONAL, + attributeCombination [4] AttributeCombination DEFAULT and:{}, + outputAttributeTypes [5] SEQUENCE SIZE (1..MAX) OF ResultAttribute OPTIONAL, + defaultControls [6] ControlOptions OPTIONAL, + mandatoryControls [7] ControlOptions OPTIONAL, + searchRuleControls [8] ControlOptions OPTIONAL, + familyGrouping [9] FamilyGrouping OPTIONAL, + familyReturn [10] FamilyReturn OPTIONAL, + relaxation [11] RelaxationPolicy OPTIONAL, + additionalControl [12] SEQUENCE SIZE (1..MAX) OF AttributeType OPTIONAL, + allowedSubset [13] AllowedSubset DEFAULT '111'B, + imposedSubset [14] ImposedSubset OPTIONAL, + entryLimit [15] EntryLimit OPTIONAL +} + +SearchRuleId ::= SEQUENCE {id INTEGER, + dmdId [0] OBJECT IDENTIFIER +} + +AllowedSubset ::= BIT STRING {baseObject(0), oneLevel(1), wholeSubtree(2)} + +ImposedSubset ::= ENUMERATED {baseObject(0), oneLevel(1), wholeSubtree(2)} + +RequestAttribute ::= SEQUENCE { + attributeType ATTRIBUTE.&id({SupportedAttributes}), + includeSubtypes [0] BOOLEAN DEFAULT FALSE, + selectedValues + [1] SEQUENCE SIZE (0..MAX) OF + ATTRIBUTE.&Type({SupportedAttributes}{@attributeType}) OPTIONAL, + defaultValues + [2] SEQUENCE SIZE (0..MAX) OF + SEQUENCE {entryType OBJECT-CLASS.&id OPTIONAL, + values + SEQUENCE OF + ATTRIBUTE.&Type + ({SupportedAttributes}{@attributeType})} OPTIONAL, + contexts [3] SEQUENCE SIZE (0..MAX) OF ContextProfile OPTIONAL, + contextCombination [4] ContextCombination DEFAULT and:{}, + matchingUse [5] SEQUENCE SIZE (1..MAX) OF MatchingUse OPTIONAL +} + +ContextProfile ::= SEQUENCE { + contextType CONTEXT.&id({SupportedContexts}), + contextValue + SEQUENCE SIZE (1..MAX) OF + CONTEXT.&Assertion({SupportedContexts}{@contextType}) OPTIONAL +} + +ContextCombination ::= CHOICE { + context [0] CONTEXT.&id, + and [1] SEQUENCE OF ContextCombination, + or [2] SEQUENCE OF ContextCombination, + not [3] ContextCombination +} + +MatchingUse ::= SEQUENCE { + restrictionType + MATCHING-RESTRICTION.&id({SupportedMatchingRestrictions}), + restrictionValue + MATCHING-RESTRICTION.&Restriction + ({SupportedMatchingRestrictions}{@restrictionType}) +} + +-- Definition of the following information object set is deferred, perhaps to standardized +-- profiles or to protocol implementation conformance statements. The set is required to +-- specify a table constraint on the components of SupportedMatchingRestrictions +SupportedMatchingRestrictions MATCHING-RESTRICTION ::= + {...} + +AttributeCombination ::= CHOICE { + attribute [0] AttributeType, + and [1] SEQUENCE OF AttributeCombination, + or [2] SEQUENCE OF AttributeCombination, + not [3] AttributeCombination +} + +ResultAttribute ::= SEQUENCE { + attributeType ATTRIBUTE.&id({SupportedAttributes}), + outputValues + CHOICE {selectedValues + SEQUENCE SIZE (1..MAX) OF + ATTRIBUTE.&Type({SupportedAttributes}{@attributeType}), + matchedValuesOnly NULL} OPTIONAL, + contexts [0] SEQUENCE SIZE (1..MAX) OF ContextProfile OPTIONAL +} + +OutputValues ::= CHOICE { + selectedValues + SEQUENCE SIZE (1..MAX) OF ATTRIBUTE.&Type({SupportedAttributes}), + matchedValuesOnly NULL +} + +ControlOptions ::= SEQUENCE { + serviceControls [0] ServiceControlOptions DEFAULT {}, + searchOptions [1] SearchControlOptions DEFAULT {searchAliases}, + hierarchyOptions [2] HierarchySelections OPTIONAL +} + +EntryLimit ::= SEQUENCE {default INTEGER, + max INTEGER +} + +RelaxationPolicy ::= SEQUENCE { + basic [0] MRMapping DEFAULT {}, + tightenings [1] SEQUENCE SIZE (1..MAX) OF MRMapping OPTIONAL, + relaxations [2] SEQUENCE SIZE (1..MAX) OF MRMapping OPTIONAL, + maximum [3] INTEGER OPTIONAL, -- mandatory if tightenings is present + minimum [4] INTEGER DEFAULT 1 +} + +MRMapping ::= SEQUENCE { + mapping [0] SEQUENCE SIZE (1..MAX) OF Mapping OPTIONAL, + substitution [1] SEQUENCE SIZE (1..MAX) OF MRSubstitution OPTIONAL +} + +Mapping ::= SEQUENCE { + mappingFunction + OBJECT IDENTIFIER + (CONSTRAINED BY {-- shall be an-- + + -- object identifier of a mapping-based matching algorithm -- }), + level INTEGER DEFAULT 0 +} + +MRSubstitution ::= SEQUENCE { + attribute AttributeType, + oldMatchingRule [0] MATCHING-RULE.&id OPTIONAL, + newMatchingRule [1] MATCHING-RULE.&id OPTIONAL +} + +SEARCH-RULE ::= CLASS { + &dmdId OBJECT IDENTIFIER, + &serviceType OBJECT IDENTIFIER OPTIONAL, + &userClass INTEGER OPTIONAL, + &InputAttributeTypes REQUEST-ATTRIBUTE OPTIONAL, + &combination AttributeCombination OPTIONAL, + &OutputAttributeTypes RESULT-ATTRIBUTE OPTIONAL, + &defaultControls ControlOptions OPTIONAL, + &mandatoryControls ControlOptions OPTIONAL, + &searchRuleControls ControlOptions OPTIONAL, + &familyGrouping FamilyGrouping OPTIONAL, + &familyReturn FamilyReturn OPTIONAL, + &additionalControl AttributeType OPTIONAL, + &relaxation RelaxationPolicy OPTIONAL, + &entryLimit EntryLimit OPTIONAL, + &allowedSubset AllowedSubset DEFAULT '111'B, + &imposedSubset ImposedSubset OPTIONAL, + &id INTEGER UNIQUE +} +WITH SYNTAX { + DMD ID &dmdId + [SERVICE-TYPE &serviceType] + [USER-CLASS &userClass] + [INPUT ATTRIBUTES &InputAttributeTypes] + [COMBINATION &combination] + [OUTPUT ATTRIBUTES &OutputAttributeTypes] + [DEFAULT CONTROL &defaultControls] + [MANDATORY CONTROL &mandatoryControls] + [SEARCH-RULE CONTROL &searchRuleControls] + [FAMILY-GROUPING &familyGrouping] + [FAMILY-RETURN &familyReturn] + [ADDITIONAL CONTROL &additionalControl] + [RELAXATION &relaxation] + [ALLOWED SUBSET &allowedSubset] + [IMPOSED SUBSET &imposedSubset] + [ENTRY LIMIT &entryLimit] + ID &id +} + +REQUEST-ATTRIBUTE ::= CLASS { + &attributeType ATTRIBUTE.&id, + &SelectedValues ATTRIBUTE.&Type OPTIONAL, + &DefaultValues SEQUENCE {entryType OBJECT-CLASS.&id OPTIONAL, + values SEQUENCE OF ATTRIBUTE.&Type + } OPTIONAL, + &contexts SEQUENCE OF ContextProfile OPTIONAL, + &contextCombination ContextCombination OPTIONAL, + &MatchingUse MatchingUse OPTIONAL, + &includeSubtypes BOOLEAN DEFAULT FALSE +} +WITH SYNTAX { + ATTRIBUTE TYPE &attributeType + [SELECTED VALUES &SelectedValues] + [DEFAULT VALUES &DefaultValues] + [CONTEXTS &contexts] + [CONTEXT COMBINATION &contextCombination] + [MATCHING USE &MatchingUse] + [INCLUDE SUBTYPES &includeSubtypes] +} + +RESULT-ATTRIBUTE ::= CLASS { + &attributeType ATTRIBUTE.&id, + &outputValues OutputValues OPTIONAL, + &contexts ContextProfile OPTIONAL +} +WITH SYNTAX { + ATTRIBUTE TYPE &attributeType + [OUTPUT VALUES &outputValues] + [CONTEXTS &contexts] +} + +MATCHING-RESTRICTION ::= CLASS { + &Restriction , + &Rules MATCHING-RULE.&id, + &id OBJECT IDENTIFIER UNIQUE +}WITH SYNTAX {RESTRICTION &Restriction + RULES &Rules + ID &id +} + +-- object identifier assignments +-- object classes +id-oc-top OBJECT IDENTIFIER ::= + {id-oc 0} + +id-oc-alias OBJECT IDENTIFIER ::= {id-oc 1} + +id-oc-parent OBJECT IDENTIFIER ::= {id-oc 28} + +id-oc-child OBJECT IDENTIFIER ::= {id-oc 29} + +-- attributes +id-at-objectClass OBJECT IDENTIFIER ::= {id-at 0} + +id-at-aliasedEntryName OBJECT IDENTIFIER ::= {id-at 1} + +-- matching rules +id-mr-objectIdentifierMatch OBJECT IDENTIFIER ::= {id-mr 0} + +id-mr-distinguishedNameMatch OBJECT IDENTIFIER ::= {id-mr 1} + +-- operational attributes +id-oa-excludeAllCollectiveAttributes OBJECT IDENTIFIER ::= + {id-oa 0} + +id-oa-createTimestamp OBJECT IDENTIFIER ::= {id-oa 1} + +id-oa-modifyTimestamp OBJECT IDENTIFIER ::= {id-oa 2} + +id-oa-creatorsName OBJECT IDENTIFIER ::= {id-oa 3} + +id-oa-modifiersName OBJECT IDENTIFIER ::= {id-oa 4} + +id-oa-administrativeRole OBJECT IDENTIFIER ::= {id-oa 5} + +id-oa-subtreeSpecification OBJECT IDENTIFIER ::= {id-oa 6} + +id-oa-collectiveExclusions OBJECT IDENTIFIER ::= {id-oa 7} + +id-oa-subschemaTimestamp OBJECT IDENTIFIER ::= {id-oa 8} + +id-oa-hasSubordinates OBJECT IDENTIFIER ::= {id-oa 9} + +id-oa-subschemaSubentryList OBJECT IDENTIFIER ::= {id-oa 10} + +id-oa-accessControlSubentryList OBJECT IDENTIFIER ::= {id-oa 11} + +id-oa-collectiveAttributeSubentryList OBJECT IDENTIFIER ::= {id-oa 12} + +id-oa-contextDefaultSubentryList OBJECT IDENTIFIER ::= {id-oa 13} + +id-oa-contextAssertionDefault OBJECT IDENTIFIER ::= {id-oa 14} + +id-oa-serviceAdminSubentryList OBJECT IDENTIFIER ::= {id-oa 15} + +id-oa-searchRules OBJECT IDENTIFIER ::= {id-oa 16} + +id-oa-hierarchyLevel OBJECT IDENTIFIER ::= {id-oa 17} + +id-oa-hierarchyBelow OBJECT IDENTIFIER ::= {id-oa 18} + +id-oa-hierarchyParent OBJECT IDENTIFIER ::= {id-oa 19} + +-- subentry classes +id-sc-subentry OBJECT IDENTIFIER ::= {id-sc 0} + +id-sc-accessControlSubentry OBJECT IDENTIFIER ::= {id-sc 1} + +id-sc-collectiveAttributeSubentry OBJECT IDENTIFIER ::= {id-sc 2} + +id-sc-contextAssertionSubentry OBJECT IDENTIFIER ::= {id-sc 3} + +id-sc-serviceAdminSubentry OBJECT IDENTIFIER ::= {id-sc 4} + +-- Name forms +id-nf-subentryNameForm OBJECT IDENTIFIER ::= {id-nf 16} + +-- administrative roles +id-ar-autonomousArea OBJECT IDENTIFIER ::= {id-ar 1} + +id-ar-accessControlSpecificArea OBJECT IDENTIFIER ::= {id-ar 2} + +id-ar-accessControlInnerArea OBJECT IDENTIFIER ::= {id-ar 3} + +id-ar-subschemaAdminSpecificArea OBJECT IDENTIFIER ::= {id-ar 4} + +id-ar-collectiveAttributeSpecificArea OBJECT IDENTIFIER ::= {id-ar 5} + +id-ar-collectiveAttributeInnerArea OBJECT IDENTIFIER ::= {id-ar 6} + +id-ar-contextDefaultSpecificArea OBJECT IDENTIFIER ::= {id-ar 7} + +id-ar-serviceSpecificArea OBJECT IDENTIFIER ::= {id-ar 8} + +END -- InformationFramework + +-- Generated by Asnp, the ASN.1 pretty-printer of France Telecom R&D diff --git a/ACSE/2.5.1.10.3.asn1 b/ACSE/2.5.1.10.3.asn1 new file mode 100644 index 0000000..3ebc334 --- /dev/null +++ b/ACSE/2.5.1.10.3.asn1 @@ -0,0 +1,90 @@ +-- Module UpperBounds (X.520:08/1997) +-- See also ITU-T X.520 (08/1997) +-- See also the index of all ASN.1 assignments needed in this document + +UpperBounds {joint-iso-itu-t ds(5) module(1) upperBounds(10) 3} DEFINITIONS ::= +BEGIN + +-- EXPORTS All +-- The types and values defined in this module are exported for use in the other ASN.1 modules contained +-- within the Directory Specifications, and for the use of other applications which will use them to access +-- Directory services. Other applications may use them for their own purposes, but this will not constrain +-- extensions and modifications needed to maintain or improve the Directory service. +ub-answerback INTEGER ::= + 8 + +ub-business-category INTEGER ::= 128 + +ub-common-name INTEGER ::= 64 + +ub-country-code INTEGER ::= 4 + +ub-description INTEGER ::= 1024 + +ub-destination-indicator INTEGER ::= 128 + +ub-directory-string-first-component-match INTEGER ::= 32768 + +ub-international-isdn-number INTEGER ::= 16 + +ub-knowledge-information INTEGER ::= 32768 + +ub-locality-name INTEGER ::= 128 + +ub-match INTEGER ::= 128 + +ub-name INTEGER ::= 64 + +ub-organization-name INTEGER ::= 64 + +ub-organizational-unit-name INTEGER ::= 64 + +ub-physical-office-name INTEGER ::= 128 + +ub-post-office-box INTEGER ::= 40 + +ub-postal-code INTEGER ::= 40 + +ub-postal-line INTEGER ::= 6 + +ub-postal-string INTEGER ::= 30 + +ub-privacy-mark-length INTEGER ::= 128 + +ub-schema INTEGER ::= 1024 + +ub-search INTEGER ::= 32768 + +ub-serial-number INTEGER ::= 64 + +ub-state-name INTEGER ::= 128 + +ub-street-address INTEGER ::= 128 + +ub-surname INTEGER ::= 64 + +ub-tag INTEGER ::= 64 + +ub-telephone-number INTEGER ::= 32 + +ub-teletex-terminal-id INTEGER ::= 1024 + +ub-telex-number INTEGER ::= 14 + +ub-title INTEGER ::= 64 + +ub-user-password INTEGER ::= 128 + +ub-x121-address INTEGER ::= 15 + +ub-localeContextSyntax INTEGER ::= 128 + +ub-locale-context-syntax INTEGER ::= 64 + +ub-pseudonym INTEGER ::= 128 + +ub-content INTEGER ::= 32768 + +END -- UpperBounds + +-- Generated by Asnp, the ASN.1 pretty-printer of France Telecom R&D diff --git a/ACSE/2.5.1.2.3.asn1 b/ACSE/2.5.1.2.3.asn1 new file mode 100644 index 0000000..ca1d934 --- /dev/null +++ b/ACSE/2.5.1.2.3.asn1 @@ -0,0 +1,718 @@ +-- Module DirectoryAbstractService (X.511 TC2:08/1997) +-- See also ITU-T X.511 (1997) Technical Cor. 2 (02/2001) +-- See also the index of all ASN.1 assignments needed in this document + +DirectoryAbstractService {joint-iso-itu-t ds(5) module(1) + directoryAbstractService(2) 3} DEFINITIONS ::= +BEGIN + +-- EXPORTS All +-- The types and values defined in this module are exported for use in the other ASN.1 modules contained +-- within the Directory Specifications, and for the use of other applications which will use them to access +-- Directory services. Other applications may use them for their own purposes, but this will not constrain +-- extensions and modifications needed to maintain or improve the Directory service. +IMPORTS + informationFramework, distributedOperations, authenticationFramework, + dap, directoryShadowAbstractService, basicAccessControl, enhancedSecurity, + id-at + FROM UsefulDefinitions {joint-iso-itu-t ds(5) module(1) + usefulDefinitions(0) 3} + AttributeTypeAndValue + FROM BasicAccessControl {joint-iso-itu-t ds(5) module(1) + basicAccessControl(24) 3} + AgreementID + FROM DirectoryShadowAbstractService {joint-iso-itu-t ds(5) module(1) + directoryShadowAbstractService(15) 4} + Attribute, AttributeType, AttributeValue, AttributeValueAssertion, + DistinguishedName, Name, RelativeDistinguishedName, SupportedAttributes, + ATTRIBUTE, MATCHING-RULE, ContextAssertion, AttributeTypeAssertion, + OBJECT-CLASS, RelaxationPolicy + FROM InformationFramework {joint-iso-itu-t ds(5) module(1) + informationFramework(1) 3} + OperationProgress, ReferenceType, Exclusions, AccessPoint, + ContinuationReference + FROM DistributedOperations {joint-iso-itu-t ds(5) module(1) + distributedOperations(3) 3} + CertificationPath, SIGNED{}, SIGNATURE{}, ENCRYPTED{}, AlgorithmIdentifier, + AttributeCertificationPath + FROM AuthenticationFramework {joint-iso-itu-t ds(5) module(1) + authenticationFramework(7) 3} + OPTIONALLY-PROTECTED{}, OPTIONALLY-PROTECTED-SEQ{} + FROM EnhancedSecurity {joint-iso-itu-t ds(5) modules(1) + enhancedSecurity(28) 1} + id-opcode-read, id-opcode-compare, id-opcode-abandon, id-opcode-list, + id-opcode-search, id-opcode-addEntry, id-opcode-removeEntry, + id-opcode-modifyEntry, id-opcode-modifyDN, id-errcode-abandoned, + id-errcode-abandonFailed, id-errcode-attributeError, id-errcode-nameError, + id-errcode-referral, id-errcode-securityError, id-errcode-serviceError, + id-errcode-updateError + FROM DirectoryAccessProtocol {joint-iso-itu-t ds(5) module(1) dap(11) 3} + OPERATION, ERROR, Code + FROM Remote-Operations-Information-Objects {joint-iso-itu-t + remote-operations(4) informationObjects(5) version1(0)} + emptyUnbind + FROM Remote-Operations-Useful-Definitions {joint-iso-itu-t + remote-operations(4) useful-definitions(7) version1(0)} + InvokeId + FROM Remote-Operations-Generic-ROS-PDUs {joint-iso-itu-t + remote-operations(4) generic-ROS-PDUs(6) version1(0)} + --PROTECTED + -- FROM Notation { joint-iso-itu-t genericULS (20) modules (1) notation (1) } + SPKM-REQ, SPKM-REP-TI, SPKM-ERROR + FROM SpkmGssTokens {iso(1) identified-organization(3) dod(6) internet(1) + security(5) mechanisms(5) spkm(1) spkmGssTokens(10)}; + +-- Common data types +-- Parameterized type for representing optional signing +OPTIONALLY-SIGNED{Type} ::= CHOICE {unsigned Type, + signed SIGNED{Type} +} + +CommonArguments ::= SET { + serviceControls [30] ServiceControls DEFAULT {}, + securityParameters [29] SecurityParameters OPTIONAL, + requestor [28] DistinguishedName OPTIONAL, + operationProgress + [27] OperationProgress DEFAULT {nameResolutionPhase notStarted}, + aliasedRDNs [26] INTEGER OPTIONAL, + criticalExtensions [25] BIT STRING OPTIONAL, + referenceType [24] ReferenceType OPTIONAL, + entryOnly [23] BOOLEAN DEFAULT TRUE, + nameResolveOnMaste [21] BOOLEAN DEFAULT FALSE, + operationContexts [20] ContextSelection OPTIONAL, + familyGrouping [19] FamilyGrouping DEFAULT entryOnly +} + +FamilyGrouping ::= ENUMERATED { + entryOnly(1), compoundEntry(2), strands(3), multiStrand(4)} + +CommonResults ::= SET { + securityParameters [30] SecurityParameters OPTIONAL, + performer [29] DistinguishedName OPTIONAL, + aliasDereferenced [28] BOOLEAN DEFAULT FALSE, + notification [27] SEQUENCE SIZE (1..MAX) OF Attribute OPTIONAL +} + +CommonResultsSeq ::= SEQUENCE { + securityParameters [30] SecurityParameters OPTIONAL, + performer [29] DistinguishedName OPTIONAL, + aliasDereferenced [28] BOOLEAN DEFAULT FALSE +} + +ServiceControls ::= SET { + options [0] ServiceControlOptions DEFAULT {}, + priority [1] INTEGER {low(0), medium(1), high(2)} DEFAULT medium, + timeLimit [2] INTEGER OPTIONAL, + sizeLimit [3] INTEGER OPTIONAL, + scopeOfReferral [4] INTEGER {dmd(0), country(1)} OPTIONAL, + attributeSizeLimit [5] INTEGER OPTIONAL, + manageDSAITPlaneRef + [6] SEQUENCE {dsaName Name, + agreementID AgreementID} OPTIONAL, + serviceType [7] OBJECT IDENTIFIER OPTIONAL, + userClass [8] INTEGER OPTIONAL +} + +ServiceControlOptions ::= BIT STRING { + preferChaining(0), chainingProhibited(1), localScope(2), dontUseCopy(3), + dontDereferenceAliases(4), subentries(5), copyShallDo(6), + partialNameResolution(7), manageDSAIT(8), noSubtypeMatch(9), + noSubtypeSelection(10), countFamily(11)} + +EntryInformationSelection ::= SET { + attributes + CHOICE {allUserAttributes [0] NULL, + select [1] SET OF AttributeType + -- empty set implies no attributes are requested + } DEFAULT allUserAttributes:NULL, + infoTypes + [2] INTEGER {attributeTypesOnly(0), attributeTypesAndValues(1)} + DEFAULT attributeTypesAndValues, + extraAttributes + CHOICE {allOperationalAttributes [3] NULL, + select [4] SET OF AttributeType} OPTIONAL, + contextSelection ContextSelection OPTIONAL, + returnContexts BOOLEAN DEFAULT FALSE, + familyReturn FamilyReturn DEFAULT {memberSelect contributingEntriesOnly} +} + +ContextSelection ::= CHOICE { + allContexts NULL, + selectedContexts SET OF TypeAndContextAssertion +} + +TypeAndContextAssertion ::= SEQUENCE { + type AttributeType, + contextAssertions + CHOICE {preference SEQUENCE OF ContextAssertion, + all SET OF ContextAssertion} +} + +FamilyReturn ::= SEQUENCE { + memberSelect + ENUMERATED {contributingEntriesOnly(1), participatingEntriesOnly(2), + compoundEntry(3)}, + familySelect SEQUENCE SIZE (1..MAX) OF OBJECT-CLASS.&id OPTIONAL +} + +family-information ATTRIBUTE ::= { + WITH SYNTAX FamilyEntries + USAGE directoryOperation + ID id-at-family-information +} + +FamilyEntries ::= SEQUENCE { + family-class OBJECT-CLASS.&id, -- structural object class value + familyEntries SEQUENCE OF FamilyEntry +} + +FamilyEntry ::= SEQUENCE { + rdn RelativeDistinguishedName, + information + SEQUENCE OF CHOICE {attributeType AttributeType, + attribute Attribute}, + family-info SEQUENCE SIZE (1..MAX) OF FamilyEntries OPTIONAL +} + +EntryInformation ::= SEQUENCE { + name Name, + fromEntry BOOLEAN DEFAULT TRUE, + information + SET SIZE (1..MAX) OF + CHOICE {attributeType AttributeType, + attribute Attribute} OPTIONAL, + incompleteEntry [3] BOOLEAN DEFAULT FALSE, -- not in 1988-edition systems + partialNameResolution + [4] BOOLEAN DEFAULT FALSE -- not in 1988 or 1993 edition systems -- +} + +Filter ::= CHOICE { + item [0] FilterItem, + and [1] SET OF Filter, + or [2] SET OF Filter, + not [3] Filter +} + +FilterItem ::= CHOICE { + equality [0] AttributeValueAssertion, + substrings + [1] SEQUENCE {type ATTRIBUTE.&id({SupportedAttributes}), + strings + SEQUENCE OF + CHOICE {initial + [0] ATTRIBUTE.&Type + ({SupportedAttributes} + {@substrings.type}), + any + [1] ATTRIBUTE.&Type + ({SupportedAttributes} + {@substrings.type}), + final + [2] ATTRIBUTE.&Type + ({SupportedAttributes} + {@substrings.type}), + control Attribute -- Used to specify interpretation of following items + }}, + greaterOrEqual [2] AttributeValueAssertion, + lessOrEqual [3] AttributeValueAssertion, + present [4] AttributeType, + approximateMatch [5] AttributeValueAssertion, + extensibleMatch [6] MatchingRuleAssertion, + contextPresent [7] AttributeTypeAssertion +} + +MatchingRuleAssertion ::= SEQUENCE { + matchingRule [1] SET SIZE (1..MAX) OF MATCHING-RULE.&id, + type [2] AttributeType OPTIONAL, + matchValue + [3] MATCHING-RULE.&AssertionType + (CONSTRAINED BY { + -- matchValue must be a value of type specified by the &AssertionType field of + -- one of the MATCHING-RULE information objects identified by matchingRule -- }), + dnAttributes [4] BOOLEAN DEFAULT FALSE +} + +PagedResultsRequest ::= CHOICE { + newRequest + SEQUENCE {pageSize INTEGER, + sortKeys SEQUENCE SIZE (1..MAX) OF SortKey OPTIONAL, + reverse [1] BOOLEAN DEFAULT FALSE, + unmerged [2] BOOLEAN DEFAULT FALSE}, + queryReference OCTET STRING +} + +SortKey ::= SEQUENCE { + type AttributeType, + orderingRule MATCHING-RULE.&id OPTIONAL +} + +SecurityParameters ::= SET { + certification-path [0] CertificationPath OPTIONAL, + name [1] DistinguishedName OPTIONAL, + time [2] Time OPTIONAL, + random [3] BIT STRING OPTIONAL, + target [4] ProtectionRequest OPTIONAL, + response [5] BIT STRING OPTIONAL, + operationCode [6] Code OPTIONAL, + attributeCertificationPath [7] AttributeCertificationPath OPTIONAL, + errorProtection [8] ErrorProtectionRequest OPTIONAL, + errorCode [9] Code OPTIONAL +} + +ProtectionRequest ::= INTEGER { + none(0), signed(1), encrypted(2), signed-encrypted(3)} + +Time ::= CHOICE {utcTime UTCTime, + generalizedTime GeneralizedTime +} + +ErrorProtectionRequest ::= INTEGER { + none(0), signed(1), encrypted(2), signed-encrypted(3)} + +-- Bind and unbind operations +directoryBind OPERATION ::= { + ARGUMENT DirectoryBindArgument + RESULT DirectoryBindResult + ERRORS {directoryBindError} +} + +DirectoryBindArgument ::= SET { + credentials [0] Credentials OPTIONAL, + versions [1] Versions DEFAULT {v1} +} + +Credentials ::= CHOICE { + simple [0] SimpleCredentials, + strong [1] StrongCredentials, + externalProcedure [2] EXTERNAL, + spkm [3] SpkmCredentials +} + +SimpleCredentials ::= SEQUENCE { + name [0] DistinguishedName, + validity + [1] SET {time1 [0] CHOICE {utc UTCTime, + gt GeneralizedTime} OPTIONAL, + time2 [1] CHOICE {utc UTCTime, + gt GeneralizedTime} OPTIONAL, + random1 [2] BIT STRING OPTIONAL, + random2 [3] BIT STRING OPTIONAL}, + password + [2] CHOICE {unprotected OCTET STRING, + protected SIGNATURE{OCTET STRING}} OPTIONAL +} + +StrongCredentials ::= SET { + certification-path [0] CertificationPath OPTIONAL, + bind-token [1] Token, + name [2] DistinguishedName OPTIONAL, + attributeCertificationPath [3] AttributeCertificationPath OPTIONAL +} + +SpkmCredentials ::= CHOICE {req [0] SPKM-REQ, + rep [1] SPKM-REP-TI +} + +Token ::= + SIGNED + {SEQUENCE {algorithm [0] AlgorithmIdentifier, + name [1] DistinguishedName, + time [2] Time, + random [3] BIT STRING, + response [4] BIT STRING OPTIONAL, + bindIntAlgorithm + [5] SEQUENCE SIZE (1..MAX) OF AlgorithmIdentifier OPTIONAL, + bindIntKeyInfo [6] BindKeyInfo OPTIONAL, + bindConfAlgorithm + [7] SEQUENCE SIZE (1..MAX) OF AlgorithmIdentifier OPTIONAL, + bindConfKeyInfo [8] BindKeyInfo OPTIONAL}} + +Versions ::= BIT STRING {v1(0), v2(1)} + +DirectoryBindResult ::= DirectoryBindArgument + +directoryBindError ERROR ::= { + PARAMETER OPTIONALLY-PROTECTED + {SET {versions [0] Versions DEFAULT {v1}, + error + CHOICE {serviceError [1] ServiceProblem, + securityError [2] SecurityProblem}}} +} + +BindKeyInfo ::= ENCRYPTED{BIT STRING} + +directoryUnbind OPERATION ::= emptyUnbind + +-- Operations, arguments, and results +read OPERATION ::= { + ARGUMENT ReadArgument + RESULT ReadResult + ERRORS + {attributeError | nameError | serviceError | referral | abandoned | + securityError} + CODE id-opcode-read +} + +ReadArgument ::= + OPTIONALLY-PROTECTED + {SET {object [0] Name, + selection [1] EntryInformationSelection DEFAULT {}, + modifyRightsRequest [2] BOOLEAN DEFAULT FALSE, + COMPONENTS OF CommonArguments}} + +ReadResult ::= + OPTIONALLY-PROTECTED + {SET {entry [0] EntryInformation, + modifyRights [1] ModifyRights OPTIONAL, + COMPONENTS OF CommonResults}} + +ModifyRights ::= + SET OF + SEQUENCE {item + CHOICE {entry [0] NULL, + attribute [1] AttributeType, + value [2] AttributeValueAssertion}, + permission + [3] BIT STRING {add(0), remove(1), rename(2), move(3)} + } + +compare OPERATION ::= { + ARGUMENT CompareArgument + RESULT CompareResult + ERRORS + {attributeError | nameError | serviceError | referral | abandoned | + securityError} + CODE id-opcode-compare +} + +CompareArgument ::= + OPTIONALLY-PROTECTED + {SET {object [0] Name, + purported [1] AttributeValueAssertion, + COMPONENTS OF CommonArguments}} + +CompareResult ::= + OPTIONALLY-PROTECTED + {SET {name Name OPTIONAL, + matched [0] BOOLEAN, + fromEntry [1] BOOLEAN DEFAULT TRUE, + matchedSubtype [2] AttributeType OPTIONAL, + COMPONENTS OF CommonResults}} + +abandon OPERATION ::= { + ARGUMENT AbandonArgument + RESULT AbandonResult + ERRORS {abandonFailed} + CODE id-opcode-abandon +} + +AbandonArgument ::= + OPTIONALLY-PROTECTED-SEQ{SEQUENCE {invokeID [0] InvokeId}} + +AbandonResult ::= CHOICE { + null NULL, + information + OPTIONALLY-PROTECTED-SEQ{SEQUENCE {invokeID InvokeId, + COMPONENTS OF CommonResultsSeq + }} +} + +list OPERATION ::= { + ARGUMENT ListArgument + RESULT ListResult + ERRORS {nameError | serviceError | referral | abandoned | securityError} + CODE id-opcode-list +} + +ListArgument ::= + OPTIONALLY-PROTECTED + {SET {object [0] Name, + pagedResults [1] PagedResultsRequest OPTIONAL, + listFamily [2] BOOLEAN DEFAULT FALSE, + COMPONENTS OF CommonArguments}} + +ListResult ::= + OPTIONALLY-PROTECTED + {CHOICE {listInfo + SET {name Name OPTIONAL, + subordinates + [1] SET OF + SEQUENCE {rdn RelativeDistinguishedName, + aliasEntry [0] BOOLEAN DEFAULT FALSE, + fromEntry [1] BOOLEAN DEFAULT TRUE + }, + partialOutcomeQualifier + [2] PartialOutcomeQualifier OPTIONAL, + COMPONENTS OF CommonResults}, + uncorrelatedListInfo [0] SET OF ListResult}} + +PartialOutcomeQualifier ::= SET { + limitProblem [0] LimitProblem OPTIONAL, + unexplored + [1] SET SIZE (1..MAX) OF ContinuationReference OPTIONAL, + unavailableCriticalExtensions [2] BOOLEAN DEFAULT FALSE, + unknownErrors + [3] SET SIZE (1..MAX) OF ABSTRACT-SYNTAX.&Type OPTIONAL, + queryReference [4] OCTET STRING OPTIONAL, + overspecFilter [5] Filter OPTIONAL, + notification + [6] SEQUENCE SIZE (1..MAX) OF Attribute OPTIONAL, + entryCount + CHOICE {bestEstimate [7] INTEGER, + lowEstimate [8] INTEGER} OPTIONAL +} + +LimitProblem ::= INTEGER { + timeLimitExceeded(0), sizeLimitExceeded(1), administrativeLimitExceeded(2) +} + +search OPERATION ::= { + ARGUMENT SearchArgument + RESULT SearchResult + ERRORS + {attributeError | nameError | serviceError | referral | abandoned | + securityError} + CODE id-opcode-search +} + +SearchArgument ::= + OPTIONALLY-PROTECTED + {SET {baseObject [0] Name, + subset + [1] INTEGER {baseObject(0), oneLevel(1), wholeSubtree(2)} + DEFAULT baseObject, + filter [2] Filter DEFAULT and:{}, + searchAliases [3] BOOLEAN DEFAULT TRUE, + selection [4] EntryInformationSelection DEFAULT {}, + pagedResults [5] PagedResultsRequest OPTIONAL, + matchedValuesOnly [6] BOOLEAN DEFAULT FALSE, + extendedFilter [7] Filter OPTIONAL, + checkOverspecified [8] BOOLEAN DEFAULT FALSE, + relaxation [9] RelaxationPolicy OPTIONAL, + extendedArea [10] INTEGER OPTIONAL, + hierarchySelections [11] HierarchySelections DEFAULT {self}, + searchControlOptions + [12] SearchControlOptions DEFAULT {searchAliases}, + COMPONENTS OF CommonArguments}} + +HierarchySelections ::= BIT STRING { + self(0), children(1), parent(2), hierarchy(3), top(4), subtree(5), + siblings(6), siblingChildren(7), siblingSubtree(8), all(9)} + +SearchControlOptions ::= BIT STRING { + searchAliases(0), matchedValuesOnly(1), checkOverspecified(2), + performExactly(3), includeAllAreas(4), noSystemRelaxation(5), dnAttribute(6), + matchOnResidualName(7), entryCount(8), useSubset(9), + separateFamilyMembers(10), searchFamily(11)} + +SearchResult ::= + OPTIONALLY-PROTECTED + {CHOICE {searchInfo + SET {name Name OPTIONAL, + entries [0] SET OF EntryInformation, + partialOutcomeQualifier + [2] PartialOutcomeQualifier OPTIONAL, + altMatching [3] BOOLEAN DEFAULT FALSE, + COMPONENTS OF CommonResults}, + uncorrelatedSearchInfo [0] SET OF SearchResult}} + +addEntry OPERATION ::= { + ARGUMENT AddEntryArgument + RESULT AddEntryResult + ERRORS + {attributeError | nameError | serviceError | referral | securityError | + updateError} + CODE id-opcode-addEntry +} + +AddEntryArgument ::= + OPTIONALLY-PROTECTED + {SET {object [0] Name, + entry [1] SET OF Attribute, + targetSystem [2] AccessPoint OPTIONAL, + COMPONENTS OF CommonArguments}} + +AddEntryResult ::= CHOICE { + null NULL, + information + OPTIONALLY-PROTECTED-SEQ{SEQUENCE {COMPONENTS OF CommonResultsSeq}} +} + +removeEntry OPERATION ::= { + ARGUMENT RemoveEntryArgument + RESULT RemoveEntryResult + ERRORS {nameError | serviceError | referral | securityError | updateError} + CODE id-opcode-removeEntry +} + +RemoveEntryArgument ::= + OPTIONALLY-PROTECTED{SET {object [0] Name, + COMPONENTS OF CommonArguments}} + +RemoveEntryResult ::= CHOICE { + null NULL, + information + OPTIONALLY-PROTECTED-SEQ{SEQUENCE {COMPONENTS OF CommonResultsSeq}} +} + +modifyEntry OPERATION ::= { + ARGUMENT ModifyEntryArgument + RESULT ModifyEntryResult + ERRORS + {attributeError | nameError | serviceError | referral | securityError | + updateError} + CODE id-opcode-modifyEntry +} + +ModifyEntryArgument ::= + OPTIONALLY-PROTECTED + {SET {object [0] Name, + changes [1] SEQUENCE OF EntryModification, + selection [2] EntryInformationSelection OPTIONAL, + COMPONENTS OF CommonArguments}} + +ModifyEntryResult ::= CHOICE { + null NULL, + information + OPTIONALLY-PROTECTED-SEQ{SEQUENCE {entry [0] EntryInformation OPTIONAL, + COMPONENTS OF CommonResultsSeq + }} +} + +EntryModification ::= CHOICE { + addAttribute [0] Attribute, + removeAttribute [1] AttributeType, + addValues [2] Attribute, + removeValues [3] Attribute, + alterValues [4] AttributeTypeAndValue, + resetValue [5] AttributeType +} + +modifyDN OPERATION ::= { + ARGUMENT ModifyDNArgument + RESULT ModifyDNResult + ERRORS {nameError | serviceError | referral | securityError | updateError} + CODE id-opcode-modifyDN +} + +ModifyDNArgument ::= + OPTIONALLY-PROTECTED + {SET {object [0] DistinguishedName, + newRDN [1] RelativeDistinguishedName, + deleteOldRDN [2] BOOLEAN DEFAULT FALSE, + newSuperior [3] DistinguishedName OPTIONAL, + COMPONENTS OF CommonArguments}} + +ModifyDNResult ::= CHOICE { + null NULL, + information + OPTIONALLY-PROTECTED-SEQ{SEQUENCE {newRDN RelativeDistinguishedName, + COMPONENTS OF CommonResultsSeq + }} +} + +-- Errors and parameters +abandoned ERROR ::= { -- not literally an "error" + PARAMETER OPTIONALLY-PROTECTED {SET {COMPONENTS OF CommonResults}} + CODE id-errcode-abandoned +} + +abandonFailed ERROR ::= { + PARAMETER OPTIONALLY-PROTECTED + {SET {problem [0] AbandonProblem, + operation [1] InvokeId, + COMPONENTS OF CommonResults}} + CODE id-errcode-abandonFailed +} + +AbandonProblem ::= INTEGER {noSuchOperation(1), tooLate(2), cannotAbandon(3)} + +attributeError ERROR ::= { + PARAMETER OPTIONALLY-PROTECTED + {SET {object [0] Name, + problems + [1] SET OF + SEQUENCE {problem [0] AttributeProblem, + type [1] AttributeType, + value [2] AttributeValue OPTIONAL}, + COMPONENTS OF CommonResults}} + CODE id-errcode-attributeError +} + +AttributeProblem ::= INTEGER { + noSuchAttributeOrValue(1), invalidAttributeSyntax(2), + undefinedAttributeType(3), inappropriateMatching(4), constraintViolation(5), + attributeOrValueAlreadyExists(6), contextViolation(7)} + +nameError ERROR ::= { + PARAMETER OPTIONALLY-PROTECTED + {SET {problem [0] NameProblem, + matched [1] Name, + COMPONENTS OF CommonResults}} + CODE id-errcode-nameError +} + +NameProblem ::= INTEGER { + noSuchObject(1), aliasProblem(2), invalidAttributeSyntax(3), + aliasDereferencingProblem(4), contextProblem(5)} + +referral ERROR ::= { -- not literally an "error" + PARAMETER OPTIONALLY-PROTECTED + {SET {candidate [0] ContinuationReference, + COMPONENTS OF CommonResults}} + CODE id-errcode-referral +} + +securityError ERROR ::= { + PARAMETER OPTIONALLY-PROTECTED + {SET {problem [0] SecurityProblem, + spkmInfo [1] SPKM-ERROR, + COMPONENTS OF CommonResults}} + CODE id-errcode-securityError +} + +SecurityProblem ::= INTEGER { + inappropriateAuthentication(1), invalidCredentials(2), + insufficientAccessRights(3), invalidSignature(4), protectionRequired(5), + noInformation(6), blockedCredentials(7), invalidQOPMatch(8), spkmError(9) +} + +serviceError ERROR ::= { + PARAMETER OPTIONALLY-PROTECTED + {SET {problem [0] ServiceProblem, + COMPONENTS OF CommonResults}} + CODE id-errcode-serviceError +} + +ServiceProblem ::= INTEGER { + busy(1), unavailable(2), unwillingToPerform(3), chainingRequired(4), + unableToProceed(5), invalidReference(6), timeLimitExceeded(7), + administrativeLimitExceeded(8), loopDetected(9), + unavailableCriticalExtension(10), outOfScope(11), ditError(12), + invalidQueryReference(13), requestedServiceNotAvailable(14), + relaxationNotSupported(15), unavailableRelaxationLevel(16), + unsupportedMatchingUse(17), unmatchedKeyAttributes(18), + ambiguousKeyAttributes(19)} + +updateError ERROR ::= { + PARAMETER OPTIONALLY-PROTECTED + {SET {problem [0] UpdateProblem, + attributeInfo + [1] SET SIZE (1..MAX) OF + CHOICE {attributeType AttributeType, + attribute Attribute} OPTIONAL, + COMPONENTS OF CommonResults}} + CODE id-errcode-updateError +} + +UpdateProblem ::= INTEGER { + namingViolation(1), objectClassViolation(2), notAllowedOnNonLeaf(3), + notAllowedOnRDN(4), entryAlreadyExists(5), affectsMultipleDSAs(6), + objectClassModificationProhibited(7), notAncestor(8), parentNotAncestor(9), + hierarchyRuleViolation(10), familyRuleViolation(11)} + +id-at-family-information OBJECT IDENTIFIER ::= {id-at 64} + +END -- DirectoryAbstractService + +-- Generated by Asnp, the ASN.1 pretty-printer of France Telecom R&D diff --git a/ACSE/2.5.1.5.3.asn1 b/ACSE/2.5.1.5.3.asn1 new file mode 100644 index 0000000..0ac391f --- /dev/null +++ b/ACSE/2.5.1.5.3.asn1 @@ -0,0 +1,1467 @@ +-- Module SelectedAttributeTypes (X.520:08/1997) +-- See also ITU-T X.520 (08/1997) +-- See also the index of all ASN.1 assignments needed in this document + +SelectedAttributeTypes {joint-iso-itu-t ds(5) module(1) + selectedAttributeTypes(5) 3} DEFINITIONS ::= +BEGIN + +-- EXPORTS All +-- The types and values defined in this module are exported for use in the other ASN.1 modules contained +-- within the Directory Specifications, and for the use of other applications which will use them to access +-- Directory services. Other applications may use them for their own purposes, but this will not constrain +-- extensions and modifications needed to maintain or improve the Directory service. +IMPORTS + informationFramework, upperBounds, id-at, id-mr, id-avc, + directoryAbstractService, id-pr, id-not, id-cat + FROM UsefulDefinitions {joint-iso-itu-t ds(5) module(1) + usefulDefinitions(0) 3} + Attribute, ATTRIBUTE, MATCHING-RULE, AttributeType, OBJECT-CLASS, + DistinguishedName, objectIdentifierMatch, distinguishedNameMatch, + CONTEXT, ContextAssertion, AttributeCombination, ContextCombination, + MAPPING-BASED-MATCHING, MRMapping, AttributeValueAssertion + FROM InformationFramework informationFramework + G3FacsimileNonBasicParameters + FROM MTSAbstractService {joint-iso-itu-t mhs(6) mts(3) modules(0) + mts-abstract-service(1) version-1999(1)} + ub-answerback, ub-name, ub-common-name, ub-surname, ub-serial-number, + ub-locality-name, ub-state-name, ub-street-address, ub-organization-name, + ub-organizational-unit-name, ub-title, ub-description, + ub-business-category, ub-postal-line, ub-postal-string, ub-postal-code, + ub-post-office-box, ub-physical-office-name, ub-telex-number, + ub-country-code, ub-teletex-terminal-id, ub-telephone-number, + ub-x121-address, ub-international-isdn-number, ub-destination-indicator, + ub-user-password, ub-match, ub-knowledge-information, + ub-directory-string-first-component-match, ub-localeContextSyntax, + ub-pseudonym + FROM UpperBounds upperBounds + FilterItem, HierarchySelections, SearchControlOptions, ServiceControlOptions + FROM DirectoryAbstractService directoryAbstractService; + +-- Directory string type +DirectoryString{INTEGER:maxSize} ::= CHOICE { + teletexString TeletexString(SIZE (1..maxSize)), + printableString PrintableString(SIZE (1..maxSize)), + universalString UniversalString(SIZE (1..maxSize)), + bmpString BMPString(SIZE (1..maxSize)), + uTF8String UTF8String(SIZE (1..maxSize)) +} + +-- Attribute types +knowledgeInformation ATTRIBUTE ::= { + WITH SYNTAX DirectoryString {ub-knowledge-information} + EQUALITY MATCHING RULE caseIgnoreMatch + ID id-at-knowledgeInformation +} + +name ATTRIBUTE ::= { + WITH SYNTAX DirectoryString {ub-name} + EQUALITY MATCHING RULE caseIgnoreMatch + SUBSTRINGS MATCHING RULE caseIgnoreSubstringsMatch + ID id-at-name +} + +commonName ATTRIBUTE ::= { + SUBTYPE OF name + WITH SYNTAX DirectoryString {ub-common-name} + ID id-at-commonName +} + +surname ATTRIBUTE ::= { + SUBTYPE OF name + WITH SYNTAX DirectoryString {ub-surname} + ID id-at-surname +} + +givenName ATTRIBUTE ::= { + SUBTYPE OF name + WITH SYNTAX DirectoryString {ub-name} + ID id-at-givenName +} + +initials ATTRIBUTE ::= { + SUBTYPE OF name + WITH SYNTAX DirectoryString {ub-name} + ID id-at-initials +} + +generationQualifier ATTRIBUTE ::= { + SUBTYPE OF name + WITH SYNTAX DirectoryString {ub-name} + ID id-at-generationQualifier +} + +uniqueIdentifier ATTRIBUTE ::= { + WITH SYNTAX UniqueIdentifier + EQUALITY MATCHING RULE bitStringMatch + ID id-at-uniqueIdentifier +} + +UniqueIdentifier ::= BIT STRING + +dnQualifier ATTRIBUTE ::= { + WITH SYNTAX PrintableString + EQUALITY MATCHING RULE caseIgnoreMatch + ORDERING MATCHING RULE caseIgnoreOrderingMatch + SUBSTRINGS MATCHING RULE caseIgnoreSubstringsMatch + ID id-at-dnQualifier +} + +serialNumber ATTRIBUTE ::= { + WITH SYNTAX PrintableString(SIZE (1..ub-serial-number)) + EQUALITY MATCHING RULE caseIgnoreMatch + SUBSTRINGS MATCHING RULE caseIgnoreSubstringsMatch + ID id-at-serialNumber +} + +pseudonym ATTRIBUTE ::= { + SUBTYPE OF name + WITH SYNTAX DirectoryString {ub-pseudonym} + ID id-at-pseudonym +} + +countryName ATTRIBUTE ::= { + SUBTYPE OF name + WITH SYNTAX CountryName + SINGLE VALUE TRUE + ID id-at-countryName +} + +CountryName ::= PrintableString(SIZE (2)) -- ISO 3166 codes only + + +localityName ATTRIBUTE ::= { + SUBTYPE OF name + WITH SYNTAX DirectoryString {ub-locality-name} + ID id-at-localityName +} + +collectiveLocalityName ATTRIBUTE ::= { + SUBTYPE OF localityName + COLLECTIVE TRUE + ID id-at-collectiveLocalityName +} + +stateOrProvinceName ATTRIBUTE ::= { + SUBTYPE OF name + WITH SYNTAX DirectoryString {ub-state-name} + ID id-at-stateOrProvinceName +} + +collectiveStateOrProvinceName ATTRIBUTE ::= { + SUBTYPE OF stateOrProvinceName + COLLECTIVE TRUE + ID id-at-collectiveStateOrProvinceName +} + +streetAddress ATTRIBUTE ::= { + WITH SYNTAX DirectoryString {ub-street-address} + EQUALITY MATCHING RULE caseIgnoreMatch + SUBSTRINGS MATCHING RULE caseIgnoreSubstringsMatch + ID id-at-streetAddress +} + +collectiveStreetAddress ATTRIBUTE ::= { + SUBTYPE OF streetAddress + COLLECTIVE TRUE + ID id-at-collectiveStreetAddress +} + +houseIdentifier ATTRIBUTE ::= { + WITH SYNTAX DirectoryString {ub-name} + EQUALITY MATCHING RULE caseIgnoreMatch + SUBSTRINGS MATCHING RULE caseIgnoreSubstringsMatch + ID id-at-houseIdentifier +} + +organizationName ATTRIBUTE ::= { + SUBTYPE OF name + WITH SYNTAX DirectoryString {ub-organization-name} + ID id-at-organizationName +} + +collectiveOrganizationName ATTRIBUTE ::= { + SUBTYPE OF organizationName + COLLECTIVE TRUE + ID id-at-collectiveOrganizationName +} + +organizationalUnitName ATTRIBUTE ::= { + SUBTYPE OF name + WITH SYNTAX DirectoryString {ub-organizational-unit-name} + ID id-at-organizationalUnitName +} + +collectiveOrganizationalUnitName ATTRIBUTE ::= { + SUBTYPE OF organizationalUnitName + COLLECTIVE TRUE + ID id-at-collectiveOrganizationalUnitName +} + +title ATTRIBUTE ::= { + SUBTYPE OF name + WITH SYNTAX DirectoryString {ub-title} + ID id-at-title +} + +description ATTRIBUTE ::= { + WITH SYNTAX DirectoryString {ub-description} + EQUALITY MATCHING RULE caseIgnoreMatch + SUBSTRINGS MATCHING RULE caseIgnoreSubstringsMatch + ID id-at-description +} + +searchGuide ATTRIBUTE ::= {WITH SYNTAX Guide + ID id-at-searchGuide +} + +Guide ::= SET { + objectClass [0] OBJECT-CLASS.&id OPTIONAL, + criteria [1] Criteria +} + +Criteria ::= CHOICE { + type [0] CriteriaItem, + and [1] SET OF Criteria, + or [2] SET OF Criteria, + not [3] Criteria +} + +CriteriaItem ::= CHOICE { + equality [0] AttributeType, + substrings [1] AttributeType, + greaterOrEqual [2] AttributeType, + lessOrEqual [3] AttributeType, + approximateMatch [4] AttributeType +} + +enhancedSearchGuide ATTRIBUTE ::= { + WITH SYNTAX EnhancedGuide + ID id-at-enhancedSearchGuide +} + +EnhancedGuide ::= SEQUENCE { + objectClass [0] OBJECT-CLASS.&id, + criteria [1] Criteria, + subset + [2] INTEGER {baseObject(0), oneLevel(1), wholeSubtree(2)} DEFAULT oneLevel +} + +businessCategory ATTRIBUTE ::= { + WITH SYNTAX DirectoryString {ub-business-category} + EQUALITY MATCHING RULE caseIgnoreMatch + SUBSTRINGS MATCHING RULE caseIgnoreSubstringsMatch + ID id-at-businessCategory +} + +postalAddress ATTRIBUTE ::= { + WITH SYNTAX PostalAddress + EQUALITY MATCHING RULE caseIgnoreListMatch + SUBSTRINGS MATCHING RULE caseIgnoreListSubstringsMatch + ID id-at-postalAddress +} + +PostalAddress ::= + SEQUENCE SIZE (1..ub-postal-line) OF DirectoryString{ub-postal-string} + +collectivePostalAddress ATTRIBUTE ::= { + SUBTYPE OF postalAddress + COLLECTIVE TRUE + ID id-at-collectivePostalAddress +} + +postalCode ATTRIBUTE ::= { + WITH SYNTAX DirectoryString {ub-postal-code} + EQUALITY MATCHING RULE caseIgnoreMatch + SUBSTRINGS MATCHING RULE caseIgnoreSubstringsMatch + ID id-at-postalCode +} + +collectivePostalCode ATTRIBUTE ::= { + SUBTYPE OF postalCode + COLLECTIVE TRUE + ID id-at-collectivePostalCode +} + +postOfficeBox ATTRIBUTE ::= { + WITH SYNTAX DirectoryString {ub-post-office-box} + EQUALITY MATCHING RULE caseIgnoreMatch + SUBSTRINGS MATCHING RULE caseIgnoreSubstringsMatch + ID id-at-postOfficeBox +} + +collectivePostOfficeBox ATTRIBUTE ::= { + SUBTYPE OF postOfficeBox + COLLECTIVE TRUE + ID id-at-collectivePostOfficeBox +} + +physicalDeliveryOfficeName ATTRIBUTE ::= { + WITH SYNTAX DirectoryString {ub-physical-office-name} + EQUALITY MATCHING RULE caseIgnoreMatch + SUBSTRINGS MATCHING RULE caseIgnoreSubstringsMatch + ID id-at-physicalDeliveryOfficeName +} + +collectivePhysicalDeliveryOfficeName ATTRIBUTE ::= { + SUBTYPE OF physicalDeliveryOfficeName + COLLECTIVE TRUE + ID id-at-collectivePhysicalDeliveryOfficeName +} + +telephoneNumber ATTRIBUTE ::= { + WITH SYNTAX TelephoneNumber + EQUALITY MATCHING RULE telephoneNumberMatch + SUBSTRINGS MATCHING RULE telephoneNumberSubstringsMatch + ID id-at-telephoneNumber +} + +TelephoneNumber ::= PrintableString(SIZE (1..ub-telephone-number)) + +-- String complying with CCITT Rec. E.123 only +collectiveTelephoneNumber ATTRIBUTE ::= { + SUBTYPE OF telephoneNumber + COLLECTIVE TRUE + ID id-at-collectiveTelephoneNumber +} + +telexNumber ATTRIBUTE ::= { + WITH SYNTAX TelexNumber + ID id-at-telexNumber +} + +TelexNumber ::= SEQUENCE { + telexNumber PrintableString(SIZE (1..ub-telex-number)), + countryCode PrintableString(SIZE (1..ub-country-code)), + answerback PrintableString(SIZE (1..ub-answerback)) +} + +collectiveTelexNumber ATTRIBUTE ::= { + SUBTYPE OF telexNumber + COLLECTIVE TRUE + ID id-at-collectiveTelexNumber +} + +facsimileTelephoneNumber ATTRIBUTE ::= { + WITH SYNTAX FacsimileTelephoneNumber + EQUALITY MATCHING RULE facsimileNumberMatch + SUBSTRINGS MATCHING RULE facsimileNumberSubstringsMatch + ID id-at-facsimileTelephoneNumber +} + +facsimileNumberMatch MATCHING-RULE ::= { + SYNTAX TelephoneNumber + ID id-mr-facsimileNumberMatch +} + +facsimileNumberSubstringsMatch MATCHING-RULE ::= { + SYNTAX SubstringAssertion + ID id-mr-facsimileNumberSubstringsMatch +} + +FacsimileTelephoneNumber ::= SEQUENCE { + telephoneNumber TelephoneNumber, + parameters G3FacsimileNonBasicParameters OPTIONAL +} + +collectiveFacsimileTelephoneNumber ATTRIBUTE ::= { + SUBTYPE OF facsimileTelephoneNumber + COLLECTIVE TRUE + ID id-at-collectiveFacsimileTelephoneNumber +} + +x121Address ATTRIBUTE ::= { + WITH SYNTAX X121Address + EQUALITY MATCHING RULE numericStringMatch + SUBSTRINGS MATCHING RULE numericStringSubstringsMatch + ID id-at-x121Address +} + +X121Address ::= NumericString(SIZE (1..ub-x121-address)) + +-- String as defined by ITU-T Rec. X.121 +internationalISDNNumber ATTRIBUTE ::= { + WITH SYNTAX InternationalISDNNumber + EQUALITY MATCHING RULE numericStringMatch + SUBSTRINGS MATCHING RULE numericStringSubstringsMatch + ID id-at-internationalISDNNumber +} + +InternationalISDNNumber ::= + NumericString(SIZE (1..ub-international-isdn-number)) + +-- String complying with ITU-T Rec. E.164 only +collectiveInternationalISDNNumber ATTRIBUTE ::= { + SUBTYPE OF internationalISDNNumber + COLLECTIVE TRUE + ID id-at-collectiveInternationalISDNNumber +} + +registeredAddress ATTRIBUTE ::= { + SUBTYPE OF postalAddress + WITH SYNTAX PostalAddress + ID id-at-registeredAddress +} + +destinationIndicator ATTRIBUTE ::= { + WITH SYNTAX DestinationIndicator + EQUALITY MATCHING RULE caseIgnoreMatch + SUBSTRINGS MATCHING RULE caseIgnoreSubstringsMatch + ID id-at-destinationIndicator +} + +DestinationIndicator ::= PrintableString(SIZE (1..ub-destination-indicator)) + +communicationsService ATTRIBUTE ::= { + WITH SYNTAX OBJECT IDENTIFIER + EQUALITY MATCHING RULE objectIdentifierMatch + ID id-at-communicationsService +} + +communicationsNetwork ATTRIBUTE ::= { + WITH SYNTAX OBJECT IDENTIFIER + EQUALITY MATCHING RULE objectIdentifierMatch + SINGLE VALUE TRUE + ID id-at-communicationsNetwork +} + +-- alphabetical characters only +preferredDeliveryMethod ATTRIBUTE ::= { + WITH SYNTAX PreferredDeliveryMethod + SINGLE VALUE TRUE + ID id-at-preferredDeliveryMethod +} + +PreferredDeliveryMethod ::= + SEQUENCE OF + INTEGER {any-delivery-method(0), mhs-delivery(1), physical-delivery(2), + telex-delivery(3), teletex-delivery(4), g3-facsimile-delivery(5), + g4-facsimile-delivery(6), ia5-terminal-delivery(7), + videotex-delivery(8), telephone-delivery(9)} + +presentationAddress ATTRIBUTE ::= { + WITH SYNTAX PresentationAddress + EQUALITY MATCHING RULE presentationAddressMatch + SINGLE VALUE TRUE + ID id-at-presentationAddress +} + +PresentationAddress ::= SEQUENCE { + pSelector [0] OCTET STRING OPTIONAL, + sSelector [1] OCTET STRING OPTIONAL, + tSelector [2] OCTET STRING OPTIONAL, + nAddresses [3] SET SIZE (1..MAX) OF OCTET STRING +} + +supportedApplicationContext ATTRIBUTE ::= { + WITH SYNTAX OBJECT IDENTIFIER + EQUALITY MATCHING RULE objectIdentifierMatch + ID id-at-supportedApplicationContext +} + +protocolInformation ATTRIBUTE ::= { + WITH SYNTAX ProtocolInformation + EQUALITY MATCHING RULE protocolInformationMatch + ID id-at-protocolInformation +} + +ProtocolInformation ::= SEQUENCE { + nAddress OCTET STRING, + profiles SET OF OBJECT IDENTIFIER +} + +distinguishedName ATTRIBUTE ::= { + WITH SYNTAX DistinguishedName + EQUALITY MATCHING RULE distinguishedNameMatch + ID id-at-distinguishedName +} + +member ATTRIBUTE ::= {SUBTYPE OF distinguishedName + ID id-at-member +} + +uniqueMember ATTRIBUTE ::= { + WITH SYNTAX NameAndOptionalUID + EQUALITY MATCHING RULE uniqueMemberMatch + ID id-at-uniqueMember +} + +NameAndOptionalUID ::= SEQUENCE { + dn DistinguishedName, + uid UniqueIdentifier OPTIONAL +} + +owner ATTRIBUTE ::= {SUBTYPE OF distinguishedName + ID id-at-owner +} + +roleOccupant ATTRIBUTE ::= { + SUBTYPE OF distinguishedName + ID id-at-roleOccupant +} + +seeAlso ATTRIBUTE ::= {SUBTYPE OF distinguishedName + ID id-at-seeAlso +} + +dmdName ATTRIBUTE ::= { + SUBTYPE OF name + WITH SYNTAX DirectoryString {ub-common-name} + ID id-at-dmdName +} + +dSAProblem ATTRIBUTE ::= { + WITH SYNTAX OBJECT IDENTIFIER + EQUALITY MATCHING RULE objectIdentifierMatch + ID id-not-dSAProblem +} + +searchServiceProblem ATTRIBUTE ::= { + WITH SYNTAX OBJECT IDENTIFIER + EQUALITY MATCHING RULE objectIdentifierMatch + SINGLE VALUE TRUE + ID id-not-searchServiceProblem +} + +serviceType ATTRIBUTE ::= { + WITH SYNTAX OBJECT IDENTIFIER + EQUALITY MATCHING RULE objectIdentifierMatch + SINGLE VALUE TRUE + ID id-not-serviceType +} + +attributeTypeList ATTRIBUTE ::= { + WITH SYNTAX OBJECT IDENTIFIER + EQUALITY MATCHING RULE objectIdentifierMatch + ID id-not-attributeTypeList +} + +filterItem ATTRIBUTE ::= { + WITH SYNTAX FilterItem + ID id-not-filterItem +} + +attributeCombinations ATTRIBUTE ::= { + WITH SYNTAX AttributeCombination + ID id-not-attributeCombinations +} + +contextTypeList ATTRIBUTE ::= { + WITH SYNTAX OBJECT IDENTIFIER + EQUALITY MATCHING RULE objectIdentifierMatch + ID id-not-contextTypeList +} + +contextList ATTRIBUTE ::= { + WITH SYNTAX ContextAssertion + ID id-not-contextList +} + +hierarchySelectList ATTRIBUTE ::= { + WITH SYNTAX HierarchySelections + SINGLE VALUE TRUE + ID id-not-hierarchySelectList +} + +searchOptionsList ATTRIBUTE ::= { + WITH SYNTAX SearchControlOptions + SINGLE VALUE TRUE + ID id-not-searchOptionsList +} + +serviceControlOptionsList ATTRIBUTE ::= { + WITH SYNTAX ServiceControlOptions + SINGLE VALUE TRUE + ID id-not-serviceControlOptionsList +} + +multipleMatchingLocalities ATTRIBUTE ::= { + WITH SYNTAX MultipleMatchingLocalities + ID id-not-multipleMatchingLocalities +} + +MultipleMatchingLocalities ::= SEQUENCE { + matchingRuleUsed MATCHING-RULE.&id OPTIONAL, + attributeList SEQUENCE OF AttributeValueAssertion +} + +proposedRelaxation ATTRIBUTE ::= { + WITH SYNTAX SEQUENCE OF MRMapping + ID id-not-proposedRelaxation +} + +appliedRelaxation ATTRIBUTE ::= { + WITH SYNTAX OBJECT IDENTIFIER + EQUALITY MATCHING RULE objectIdentifierMatch + ID id-not-appliedRelaxation +} + +-- Matching rules +caseIgnoreMatch MATCHING-RULE ::= { + SYNTAX DirectoryString {ub-match} + ID id-mr-caseIgnoreMatch +} + +caseIgnoreOrderingMatch MATCHING-RULE ::= { + SYNTAX DirectoryString {ub-match} + ID id-mr-caseIgnoreOrderingMatch +} + +caseIgnoreSubstringsMatch MATCHING-RULE ::= { + SYNTAX SubstringAssertion + ID id-mr-caseIgnoreSubstringsMatch +} + +SubstringAssertion ::= + SEQUENCE OF + CHOICE {initial [0] DirectoryString{ub-match}, + any [1] DirectoryString{ub-match}, + final [2] DirectoryString{ub-match}, + control Attribute + } -- Used to specify interpretation of the following items + +-- at most one initial and one final component +caseExactMatch MATCHING-RULE ::= { + SYNTAX DirectoryString {ub-match} + ID id-mr-caseExactMatch +} + +caseExactOrderingMatch MATCHING-RULE ::= { + SYNTAX DirectoryString {ub-match} + ID id-mr-caseExactOrderingMatch +} + +caseExactSubstringsMatch MATCHING-RULE ::= { + SYNTAX SubstringAssertion -- only the PrintableString choice + ID id-mr-caseExactSubstringsMatch +} + +numericStringMatch MATCHING-RULE ::= { + SYNTAX NumericString + ID id-mr-numericStringMatch +} + +numericStringOrderingMatch MATCHING-RULE ::= { + SYNTAX NumericString + ID id-mr-numericStringOrderingMatch +} + +numericStringSubstringsMatch MATCHING-RULE ::= { + SYNTAX SubstringAssertion + ID id-mr-numericStringSubstringsMatch +} + +caseIgnoreListMatch MATCHING-RULE ::= { + SYNTAX CaseIgnoreListMatch + ID id-mr-caseIgnoreListMatch +} + +CaseIgnoreListMatch ::= SEQUENCE OF DirectoryString{ub-match} + +caseIgnoreListSubstringsMatch MATCHING-RULE ::= { + SYNTAX SubstringAssertion + ID id-mr-caseIgnoreListSubstringsMatch +} + +storedPrefixMatch MATCHING-RULE ::= { + SYNTAX DirectoryString {ub-match} + ID id-mr-storedPrefixMatch +} + +booleanMatch MATCHING-RULE ::= {SYNTAX BOOLEAN + ID id-mr-booleanMatch +} + +integerMatch MATCHING-RULE ::= {SYNTAX INTEGER + ID id-mr-integerMatch +} + +integerOrderingMatch MATCHING-RULE ::= { + SYNTAX INTEGER + ID id-mr-integerOrderingMatch +} + +bitStringMatch MATCHING-RULE ::= { + SYNTAX BIT STRING + ID id-mr-bitStringMatch +} + +octetStringMatch MATCHING-RULE ::= { + SYNTAX OCTET STRING + ID id-mr-octetStringMatch +} + +octetStringOrderingMatch MATCHING-RULE ::= { + SYNTAX OCTET STRING + ID id-mr-octetStringOrderingMatch +} + +octetStringSubstringsMatch MATCHING-RULE ::= { + SYNTAX OctetSubstringAssertion + ID id-mr-octetStringSubstringsMatch +} + +OctetSubstringAssertion ::= + SEQUENCE OF + CHOICE {initial [0] OCTET STRING, + any [1] OCTET STRING, + final [2] OCTET STRING} + +-- at most one initial and one final component +telephoneNumberMatch MATCHING-RULE ::= { + SYNTAX TelephoneNumber + ID id-mr-telephoneNumberMatch +} + +telephoneNumberSubstringsMatch MATCHING-RULE ::= { + SYNTAX SubstringAssertion + ID id-mr-telephoneNumberSubstringsMatch +} + +presentationAddressMatch MATCHING-RULE ::= { + SYNTAX PresentationAddress + ID id-mr-presentationAddressMatch +} + +uniqueMemberMatch MATCHING-RULE ::= { + SYNTAX NameAndOptionalUID + ID id-mr-uniqueMemberMatch +} + +protocolInformationMatch MATCHING-RULE ::= { + SYNTAX OCTET STRING + ID id-mr-protocolInformationMatch +} + +uTCTimeMatch MATCHING-RULE ::= {SYNTAX UTCTime + ID id-mr-uTCTimeMatch +} + +uTCTimeOrderingMatch MATCHING-RULE ::= { + SYNTAX UTCTime + ID id-mr-uTCTimeOrderingMatch +} + +generalizedTimeMatch MATCHING-RULE ::= { + SYNTAX GeneralizedTime + -- as per 41.3 b) or c) of ITU-T Rec. X.680 | ISO/IEC 8824-1 + ID id-mr-generalizedTimeMatch +} + +generalizedTimeOrderingMatch MATCHING-RULE ::= { + SYNTAX GeneralizedTime + -- as per 41.3 b) or c) of ITU-T Rec. X.680 | ISO/IEC 8824-1 + ID id-mr-generalizedTimeOrderingMatch +} + +integerFirstComponentMatch MATCHING-RULE ::= { + SYNTAX INTEGER + ID id-mr-integerFirstComponentMatch +} + +objectIdentifierFirstComponentMatch MATCHING-RULE ::= { + SYNTAX OBJECT IDENTIFIER + ID id-mr-objectIdentifierFirstComponentMatch +} + +directoryStringFirstComponentMatch MATCHING-RULE ::= { + SYNTAX DirectoryString {ub-directory-string-first-component-match} + ID id-mr-directoryStringFirstComponentMatch +} + +wordMatch MATCHING-RULE ::= { + SYNTAX DirectoryString {ub-match} + ID id-mr-wordMatch +} + +keywordMatch MATCHING-RULE ::= { + SYNTAX DirectoryString {ub-match} + ID id-mr-keywordMatch +} + +systemProposedMatch MATCHING-RULE ::= {ID id-mr-systemProposedMatch +} + +generalWordMatch MATCHING-RULE ::= { + SYNTAX SubstringAssertion + ID id-mr-generalWordMatch +} + +sequenceMatchType ATTRIBUTE ::= { + WITH SYNTAX + ENUMERATED {sequenceExact(0), sequenceDeletion(1), + sequenceRestrictedDeletion(2), sequencePermutation(3), + sequencePermutationAndDeletion(4), sequenceProviderDefined(5)} + SINGLE VALUE TRUE + ID id-cat-sequenceMatchType +} -- defaulting to sequenceExact, + +wordMatchTypes ATTRIBUTE ::= { + WITH SYNTAX + ENUMERATED {wordExact(0), wordTruncated(1), wordPhonetic(2), + wordProviderDefined(3)} + SINGLE VALUE TRUE + ID id-cat-wordMatchType +} -- defaulting to wordExact + +characterMatchTypes ATTRIBUTE ::= { + WITH SYNTAX + ENUMERATED {characterExact(0), characterCaseIgnore(1), characterMapped(2)} + SINGLE VALUE TRUE + ID id-cat-characterMatchTypes +} + +selectedContexts ATTRIBUTE ::= { + WITH SYNTAX ContextAssertion + ID id-cat-selectedContexts +} + +approximateStringMatch MATCHING-RULE ::= {ID id-mr-approximateStringMatch +} + +ignoreIfAbsentMatch MATCHING-RULE ::= {ID id-mr-ignoreIfAbsentMatch +} + +nullMatch MATCHING-RULE ::= {ID id-mr-nullMatch +} + +ZONAL-MATCHING ::= + MAPPING-BASED-MATCHING{ZonalSelect, TRUE, ZonalResult, zonalMatch.&id} + +ZonalSelect ::= SEQUENCE OF AttributeType + +ZonalResult ::= ENUMERATED { + cannot-select-mapping(0), zero-mappings(2), multiple-mappings(3)} + +zonalMatch MATCHING-RULE ::= { + UNIQUE-MATCH-INDICATOR multipleMatchingLocalities.&id + ID id-mr-zonalMatch +} + +-- Contexts +languageContext CONTEXT ::= { + WITH SYNTAX LanguageContextSyntax + ID id-avc-language +} + +LanguageContextSyntax ::= PrintableString(SIZE (2..3)) -- ISO 639-2 codes only + + +temporalContext CONTEXT ::= { + WITH SYNTAX TimeSpecification + ASSERTED AS TimeAssertion + ID id-avc-temporal +} + +TimeSpecification ::= SEQUENCE { + time + CHOICE {absolute + SEQUENCE {startTime [0] GeneralizedTime OPTIONAL, + endTime [1] GeneralizedTime OPTIONAL}, + periodic SET OF Period}, + notThisTime BOOLEAN DEFAULT FALSE, + timeZone TimeZone OPTIONAL +} + +Period ::= SEQUENCE { + timesOfDay [0] SET SIZE (1..MAX) OF DayTimeBand OPTIONAL, + days + [1] CHOICE {intDay SET OF INTEGER, + bitDay + BIT STRING {sunday(0), monday(1), tuesday(2), wednesday(3), + thursday(4), friday(5), saturday(6)}, + dayOf XDayOf} OPTIONAL, + weeks + [2] CHOICE {allWeeks NULL, + intWeek SET OF INTEGER, + bitWeek + BIT STRING {week1(0), week2(1), week3(2), week4(3), week5(4)} + } OPTIONAL, + months + [3] CHOICE {allMonths NULL, + intMonth SET OF INTEGER, + bitMonth + BIT STRING {january(0), february(1), march(2), april(3), + may(4), june(5), july(6), august(7), + september(8), october(9), november(10), + december(11)}} OPTIONAL, + years [4] SET OF INTEGER(1000..MAX) OPTIONAL +} + +XDayOf ::= CHOICE { + first [1] NamedDay, + second [2] NamedDay, + third [3] NamedDay, + fourth [4] NamedDay, + fifth [5] NamedDay +} + +NamedDay ::= CHOICE { + intNamedDays + ENUMERATED {sunday(1), monday(2), tuesday(3), wednesday(4), thursday(5), + friday(6), saturday(7)}, + bitNamedDays + BIT STRING {sunday(0), monday(1), tuesday(2), wednesday(3), thursday(4), + friday(5), saturday(6)} +} + +DayTimeBand ::= SEQUENCE { + startDayTime [0] DayTime DEFAULT {hour 0}, + endDayTime [1] DayTime DEFAULT {hour 23, minute 59, second 59} +} + +DayTime ::= SEQUENCE { + hour [0] INTEGER(0..23), + minute [1] INTEGER(0..59) DEFAULT 0, + second [2] INTEGER(0..59) DEFAULT 0 +} + +TimeZone ::= INTEGER(-12..12) + +TimeAssertion ::= CHOICE { + now NULL, + at GeneralizedTime, + between + SEQUENCE {startTime [0] GeneralizedTime, + endTime [1] GeneralizedTime OPTIONAL, + entirely BOOLEAN DEFAULT FALSE} +} + +localeContext CONTEXT ::= { + WITH SYNTAX LocaleContextSyntax + ID id-avc-locale +} + +LocaleContextSyntax ::= CHOICE { + localeID1 OBJECT IDENTIFIER, + localeID2 DirectoryString{ub-localeContextSyntax} +} + +-- Object identifier assignments - +-- object identifiers assigned in other modules are shown in comments +-- Attributes +-- id-at-objectClass OBJECT IDENTIFIER ::= {id-at 0} +-- id-at-aliasedEntryName OBJECT IDENTIFIER ::= {id-at 1} +id-at-encryptedAliasedEntryName OBJECT IDENTIFIER ::= + {id-at 1 2} + +id-at-knowledgeInformation OBJECT IDENTIFIER ::= {id-at 2} + +id-at-commonName OBJECT IDENTIFIER ::= {id-at 3} + +id-at-encryptedCommonName OBJECT IDENTIFIER ::= {id-at 3 2} + +id-at-surname OBJECT IDENTIFIER ::= {id-at 4} + +id-at-encryptedSurname OBJECT IDENTIFIER ::= {id-at 4 2} + +id-at-serialNumber OBJECT IDENTIFIER ::= {id-at 5} + +id-at-encryptedSerialNumber OBJECT IDENTIFIER ::= {id-at 5 2} + +id-at-countryName OBJECT IDENTIFIER ::= {id-at 6} + +id-at-encryptedCountryName OBJECT IDENTIFIER ::= {id-at 6 2} + +id-at-localityName OBJECT IDENTIFIER ::= {id-at 7} + +id-at-encryptedLocalityName OBJECT IDENTIFIER ::= {id-at 7 2} + +id-at-collectiveLocalityName OBJECT IDENTIFIER ::= {id-at 7 1} + +id-at-encryptedCollectiveLocalityName OBJECT IDENTIFIER ::= {id-at 7 1 2} + +id-at-stateOrProvinceName OBJECT IDENTIFIER ::= {id-at 8} + +id-at-encryptedStateOrProvinceName OBJECT IDENTIFIER ::= {id-at 8 2} + +id-at-collectiveStateOrProvinceName OBJECT IDENTIFIER ::= {id-at 8 1} + +id-at-encryptedCollectiveStateOrProvinceName OBJECT IDENTIFIER ::= + {id-at 8 1 2} + +id-at-streetAddress OBJECT IDENTIFIER ::= {id-at 9} + +id-at-encryptedStreetAddress OBJECT IDENTIFIER ::= {id-at 9 2} + +id-at-collectiveStreetAddress OBJECT IDENTIFIER ::= {id-at 9 1} + +id-at-encryptedCollectiveStreetAddress OBJECT IDENTIFIER ::= {id-at 9 1 2} + +id-at-organizationName OBJECT IDENTIFIER ::= {id-at 10} + +id-at-encryptedOrganizationName OBJECT IDENTIFIER ::= {id-at 10 2} + +id-at-collectiveOrganizationName OBJECT IDENTIFIER ::= {id-at 10 1} + +id-at-encryptedCollectiveOrganizationName OBJECT IDENTIFIER ::= {id-at 10 1 2} + +id-at-organizationalUnitName OBJECT IDENTIFIER ::= {id-at 11} + +id-at-encryptedOrganizationalUnitName OBJECT IDENTIFIER ::= {id-at 11 2} + +id-at-collectiveOrganizationalUnitName OBJECT IDENTIFIER ::= {id-at 11 1} + +id-at-encryptedCollectiveOrganizationalUnitName OBJECT IDENTIFIER ::= + {id-at 11 1 2} + +id-at-title OBJECT IDENTIFIER ::= {id-at 12} + +id-at-encryptedTitle OBJECT IDENTIFIER ::= {id-at 12 2} + +id-at-description OBJECT IDENTIFIER ::= {id-at 13} + +id-at-encryptedDescription OBJECT IDENTIFIER ::= {id-at 13 2} + +id-at-searchGuide OBJECT IDENTIFIER ::= {id-at 14} + +id-at-encryptedSearchGuide OBJECT IDENTIFIER ::= {id-at 14 2} + +id-at-businessCategory OBJECT IDENTIFIER ::= {id-at 15} + +id-at-encryptedBusinessCategory OBJECT IDENTIFIER ::= {id-at 15 2} + +id-at-postalAddress OBJECT IDENTIFIER ::= {id-at 16} + +id-at-encryptedPostalAddress OBJECT IDENTIFIER ::= {id-at 16 2} + +id-at-collectivePostalAddress OBJECT IDENTIFIER ::= {id-at 16 1} + +id-at-encryptedCollectivePostalAddress OBJECT IDENTIFIER ::= {id-at 16 1 2} + +id-at-postalCode OBJECT IDENTIFIER ::= {id-at 17} + +id-at-encryptedPostalCode OBJECT IDENTIFIER ::= {id-at 17 2} + +id-at-collectivePostalCode OBJECT IDENTIFIER ::= {id-at 17 1} + +id-at-encryptedCollectivePostalCode OBJECT IDENTIFIER ::= {id-at 17 1 2} + +id-at-postOfficeBox OBJECT IDENTIFIER ::= {id-at 18} + +id-at-encryptedPostOfficeBox OBJECT IDENTIFIER ::= {id-at 18 2} + +id-at-collectivePostOfficeBox OBJECT IDENTIFIER ::= {id-at 18 1} + +id-at-encryptedCollectivePostOfficeBox OBJECT IDENTIFIER ::= {id-at 18 1 2} + +id-at-physicalDeliveryOfficeName OBJECT IDENTIFIER ::= {id-at 19} + +id-at-encryptedPhysicalDeliveryOfficeName OBJECT IDENTIFIER ::= {id-at 19 2} + +id-at-collectivePhysicalDeliveryOfficeName OBJECT IDENTIFIER ::= {id-at 19 1} + +id-at-encryptedCollectivePhysicalDeliveryOfficeName OBJECT IDENTIFIER ::= + {id-at 19 1 2} + +id-at-telephoneNumber OBJECT IDENTIFIER ::= {id-at 20} + +id-at-encryptedTelephoneNumber OBJECT IDENTIFIER ::= {id-at 20 2} + +id-at-collectiveTelephoneNumber OBJECT IDENTIFIER ::= {id-at 20 1} + +id-at-encryptedCollectiveTelephoneNumber OBJECT IDENTIFIER ::= {id-at 20 1 2} + +id-at-telexNumber OBJECT IDENTIFIER ::= {id-at 21} + +id-at-encryptedTelexNumber OBJECT IDENTIFIER ::= {id-at 21 2} + +id-at-collectiveTelexNumber OBJECT IDENTIFIER ::= {id-at 21 1} + +id-at-encryptedCollectiveTelexNumber OBJECT IDENTIFIER ::= {id-at 21 1 2} + +-- id-at-teletexTerminalIdentifier OBJECT IDENTIFIER ::= {id-at 22} +-- id-at-encryptedTeletexTerminalIdentifier OBJECT IDENTIFIER ::= {id-at 22 2} +-- id-at-collectiveTeletexTerminalIdentifier OBJECT IDENTIFIER ::= {id-at 22 1} +-- id-at-encryptedCollectiveTeletexTerminalIdentifier +-- OBJECT IDENTIFIER ::= {id-at 22 1 2} +id-at-facsimileTelephoneNumber OBJECT IDENTIFIER ::= + {id-at 23} + +id-at-encryptedFacsimileTelephoneNumber OBJECT IDENTIFIER ::= {id-at 23 2} + +id-at-collectiveFacsimileTelephoneNumber OBJECT IDENTIFIER ::= {id-at 23 1} + +id-at-encryptedCollectiveFacsimileTelephoneNumber OBJECT IDENTIFIER ::= + {id-at 23 1 2} + +id-at-x121Address OBJECT IDENTIFIER ::= {id-at 24} + +id-at-encryptedX121Address OBJECT IDENTIFIER ::= {id-at 24 2} + +id-at-internationalISDNNumber OBJECT IDENTIFIER ::= {id-at 25} + +id-at-encryptedInternationalISDNNumber OBJECT IDENTIFIER ::= {id-at 25 2} + +id-at-collectiveInternationalISDNNumber OBJECT IDENTIFIER ::= {id-at 25 1} + +id-at-encryptedCollectiveInternationalISDNNumber OBJECT IDENTIFIER ::= + {id-at 25 1 2} + +id-at-registeredAddress OBJECT IDENTIFIER ::= {id-at 26} + +id-at-encryptedRegisteredAddress OBJECT IDENTIFIER ::= {id-at 26 2} + +id-at-destinationIndicator OBJECT IDENTIFIER ::= {id-at 27} + +id-at-encryptedDestinationIndicator OBJECT IDENTIFIER ::= {id-at 27 2} + +id-at-preferredDeliveryMethod OBJECT IDENTIFIER ::= {id-at 28} + +id-at-encryptedPreferredDeliveryMethod OBJECT IDENTIFIER ::= {id-at 28 2} + +id-at-presentationAddress OBJECT IDENTIFIER ::= {id-at 29} + +id-at-encryptedPresentationAddress OBJECT IDENTIFIER ::= {id-at 29 2} + +id-at-supportedApplicationContext OBJECT IDENTIFIER ::= {id-at 30} + +id-at-encryptedSupportedApplicationContext OBJECT IDENTIFIER ::= {id-at 30 2} + +id-at-member OBJECT IDENTIFIER ::= {id-at 31} + +id-at-encryptedMember OBJECT IDENTIFIER ::= {id-at 31 2} + +id-at-owner OBJECT IDENTIFIER ::= {id-at 32} + +id-at-encryptedOwner OBJECT IDENTIFIER ::= {id-at 32 2} + +id-at-roleOccupant OBJECT IDENTIFIER ::= {id-at 33} + +id-at-encryptedRoleOccupant OBJECT IDENTIFIER ::= {id-at 33 2} + +id-at-seeAlso OBJECT IDENTIFIER ::= {id-at 34} + +id-at-encryptedSeeAlso OBJECT IDENTIFIER ::= {id-at 34 2} + +-- id-at-userPassword OBJECT IDENTIFIER ::= {id-at 35} +id-at-encryptedUserPassword OBJECT IDENTIFIER ::= + {id-at 35 2} + +-- id-at-userCertificate OBJECT IDENTIFIER ::= {id-at 36} +id-at-encryptedUserCertificate OBJECT IDENTIFIER ::= + {id-at 36 2} + +-- id-at-cACertificate OBJECT IDENTIFIER ::= {id-at 37} +id-at-encryptedCACertificate OBJECT IDENTIFIER ::= + {id-at 37 2} + +-- id-at-authorityRevocationList OBJECT IDENTIFIER ::= {id-at 38} +id-at-encryptedAuthorityRevocationList OBJECT IDENTIFIER ::= + {id-at 38 2} + +-- id-at-certificateRevocationList OBJECT IDENTIFIER ::= {id-at 39} +id-at-encryptedCertificateRevocationList OBJECT IDENTIFIER ::= + {id-at 39 2} + +-- id-at-crossCertificatePair OBJECT IDENTIFIER ::= {id-at 40} +id-at-encryptedCrossCertificatePair OBJECT IDENTIFIER ::= + {id-at 40 2} + +id-at-name OBJECT IDENTIFIER ::= {id-at 41} + +id-at-givenName OBJECT IDENTIFIER ::= {id-at 42} + +id-at-encryptedGivenName OBJECT IDENTIFIER ::= {id-at 42 2} + +id-at-initials OBJECT IDENTIFIER ::= {id-at 43} + +id-at-encryptedInitials OBJECT IDENTIFIER ::= {id-at 43 2} + +id-at-generationQualifier OBJECT IDENTIFIER ::= {id-at 44} + +id-at-encryptedGenerationQualifier OBJECT IDENTIFIER ::= {id-at 44 2} + +id-at-uniqueIdentifier OBJECT IDENTIFIER ::= {id-at 45} + +id-at-encryptedUniqueIdentifier OBJECT IDENTIFIER ::= {id-at 45 2} + +id-at-dnQualifier OBJECT IDENTIFIER ::= {id-at 46} + +id-at-encryptedDnQualifier OBJECT IDENTIFIER ::= {id-at 46 2} + +id-at-enhancedSearchGuide OBJECT IDENTIFIER ::= {id-at 47} + +id-at-encryptedEnhancedSearchGuide OBJECT IDENTIFIER ::= {id-at 47 2} + +id-at-protocolInformation OBJECT IDENTIFIER ::= {id-at 48} + +id-at-encryptedProtocolInformation OBJECT IDENTIFIER ::= {id-at 48 2} + +id-at-distinguishedName OBJECT IDENTIFIER ::= {id-at 49} + +id-at-encryptedDistinguishedName OBJECT IDENTIFIER ::= {id-at 49 2} + +id-at-uniqueMember OBJECT IDENTIFIER ::= {id-at 50} + +id-at-encryptedUniqueMember OBJECT IDENTIFIER ::= {id-at 50 2} + +id-at-houseIdentifier OBJECT IDENTIFIER ::= {id-at 51} + +id-at-encryptedHouseIdentifier OBJECT IDENTIFIER ::= {id-at 51 2} + +--id-at-supportedAlgorithms OBJECT IDENTIFIER ::= {id-at 52} +id-at-encryptedSupportedAlgorithms OBJECT IDENTIFIER ::= + {id-at 52 2} + +--id-at-deltaRevocationList OBJECT IDENTIFIER ::= {id-at 53} +id-at-encryptedDeltaRevocationList OBJECT IDENTIFIER ::= + {id-at 53 2} + +id-at-dmdName OBJECT IDENTIFIER ::= {id-at 54} + +id-at-encryptedDmdName OBJECT IDENTIFIER ::= {id-at 54 2} + +-- id-at-clearance OBJECT IDENTIFIER ::= {id-at 55} +id-at-encryptedClearance OBJECT IDENTIFIER ::= + {id-at 55 2} + +-- id-at-defaultDirQop OBJECT IDENTIFIER ::= {id-at 56} +id-at-encryptedDefaultDirQop OBJECT IDENTIFIER ::= + {id-at 56 2} + +-- id-at-attributeIntegrityInfo OBJECT IDENTIFIER ::= {id-at 57} +id-at-encryptedAttributeIntegrityInfo OBJECT IDENTIFIER ::= + {id-at 57 2} + +--id-at-attributeCertificate OBJECT IDENTIFIER ::= {id-at 58} +id-at-encryptedAttributeCertificate OBJECT IDENTIFIER ::= + {id-at 58 2} + +-- id-at-attributeCertificateRevocationList OBJECT IDENTIFIER ::= {id-at 59} +id-at-encryptedAttributeCertificateRevocationList OBJECT IDENTIFIER ::= + {id-at 59 2} + +-- id-at-confKeyInfo OBJECT IDENTIFIER ::= {id-at 60} +id-at-encryptedConfKeyInfo OBJECT IDENTIFIER ::= + {id-at 60 2} + +-- id-at-family-information OBJECT IDENTIFIER {id-at 64} +id-at-pseudonym OBJECT IDENTIFIER ::= + {id-at 65} + +id-at-communicationsService OBJECT IDENTIFIER ::= {id-at 66} + +id-at-communicationsNetwork OBJECT IDENTIFIER ::= {id-at 67} + +-- Matching rules +-- id-mr-objectIdentifierMatch OBJECT IDENTIFIER ::= {id-mr 0} +-- id-mr-distinguishedNameMatch OBJECT IDENTIFIER ::= {id-mr 1} +id-mr-caseIgnoreMatch OBJECT IDENTIFIER ::= + {id-mr 2} + +id-mr-caseIgnoreOrderingMatch OBJECT IDENTIFIER ::= {id-mr 3} + +id-mr-caseIgnoreSubstringsMatch OBJECT IDENTIFIER ::= {id-mr 4} + +id-mr-caseExactMatch OBJECT IDENTIFIER ::= {id-mr 5} + +id-mr-caseExactOrderingMatch OBJECT IDENTIFIER ::= {id-mr 6} + +id-mr-caseExactSubstringsMatch OBJECT IDENTIFIER ::= {id-mr 7} + +id-mr-numericStringMatch OBJECT IDENTIFIER ::= {id-mr 8} + +id-mr-numericStringOrderingMatch OBJECT IDENTIFIER ::= {id-mr 9} + +id-mr-numericStringSubstringsMatch OBJECT IDENTIFIER ::= {id-mr 10} + +id-mr-caseIgnoreListMatch OBJECT IDENTIFIER ::= {id-mr 11} + +id-mr-caseIgnoreListSubstringsMatch OBJECT IDENTIFIER ::= {id-mr 12} + +id-mr-booleanMatch OBJECT IDENTIFIER ::= {id-mr 13} + +id-mr-integerMatch OBJECT IDENTIFIER ::= {id-mr 14} + +id-mr-integerOrderingMatch OBJECT IDENTIFIER ::= {id-mr 15} + +id-mr-bitStringMatch OBJECT IDENTIFIER ::= {id-mr 16} + +id-mr-octetStringMatch OBJECT IDENTIFIER ::= {id-mr 17} + +id-mr-octetStringOrderingMatch OBJECT IDENTIFIER ::= {id-mr 18} + +id-mr-octetStringSubstringsMatch OBJECT IDENTIFIER ::= {id-mr 19} + +id-mr-telephoneNumberMatch OBJECT IDENTIFIER ::= {id-mr 20} + +id-mr-telephoneNumberSubstringsMatch OBJECT IDENTIFIER ::= {id-mr 21} + +id-mr-presentationAddressMatch OBJECT IDENTIFIER ::= {id-mr 22} + +id-mr-uniqueMemberMatch OBJECT IDENTIFIER ::= {id-mr 23} + +id-mr-protocolInformationMatch OBJECT IDENTIFIER ::= {id-mr 24} + +id-mr-uTCTimeMatch OBJECT IDENTIFIER ::= {id-mr 25} + +id-mr-uTCTimeOrderingMatch OBJECT IDENTIFIER ::= {id-mr 26} + +id-mr-generalizedTimeMatch OBJECT IDENTIFIER ::= {id-mr 27} + +id-mr-generalizedTimeOrderingMatch OBJECT IDENTIFIER ::= {id-mr 28} + +id-mr-integerFirstComponentMatch OBJECT IDENTIFIER ::= {id-mr 29} + +id-mr-objectIdentifierFirstComponentMatch OBJECT IDENTIFIER ::= {id-mr 30} + +id-mr-directoryStringFirstComponentMatch OBJECT IDENTIFIER ::= {id-mr 31} + +id-mr-wordMatch OBJECT IDENTIFIER ::= {id-mr 32} + +id-mr-keywordMatch OBJECT IDENTIFIER ::= {id-mr 33} + +-- id-mr-certificateExactMatch OBJECT IDENTIFIER ::= {id-mr 34} +-- id-mr-certificateMatch OBJECT IDENTIFIER ::= {id-mr 35} +-- id-mr-certificatePairExactMatch OBJECT IDENTIFIER ::= {id-mr 36} +-- id-mr-certificatePairMatch OBJECT IDENTIFIER ::= {id-mr 37} +-- id-mr-certificateListExactMatch OBJECT IDENTIFIER ::= {id-mr 38} +-- id-mr-certificateListMatch OBJECT IDENTIFIER ::= {id-mr 39} +-- id-mr-algorithmIdentifierMatch OBJECT IDENTIFIER ::= {id-mr 40} +id-mr-storedPrefixMatch OBJECT IDENTIFIER ::= + {id-mr 41} + +-- id-mr-attributeCertificateMatch OBJECT IDENTIFIER ::= {id-mr 42} +-- id-mr-readerAndKeyIDMatch OBJECT IDENTIFIER ::= {id-mr 43} +--id-mr-attributeIntegrityMatch OBJECT IDENTIFIER ::= {id-mr 44} +id-mr-systemProposedMatch OBJECT IDENTIFIER ::= + {id-mr 47} + +id-mr-generalWordMatch OBJECT IDENTIFIER ::= {id-mr 48} + +id-mr-approximateStringMatch OBJECT IDENTIFIER ::= {id-mr 49} + +id-mr-ignoreIfAbsentMatch OBJECT IDENTIFIER ::= {id-mr 50} + +id-mr-nullMatch OBJECT IDENTIFIER ::= {id-mr 51} + +id-mr-zonalMatch OBJECT IDENTIFIER ::= {id-mr 52} + +id-mr-facsimileNumberMatch OBJECT IDENTIFIER ::= {id-mr 63} + +id-mr-facsimileNumberSubstringsMatch OBJECT IDENTIFIER ::= {id-mr 64} + +-- contexts +id-avc-language OBJECT IDENTIFIER ::= {id-avc 0} + +id-avc-temporal OBJECT IDENTIFIER ::= {id-avc 1} + +id-avc-locale OBJECT IDENTIFIER ::= {id-avc 2} + +--id-avc-attributeValueSecurityLabelContext OBJECT IDENTIFIER ::= {id-avc 3} +--id-avc-attributeValueIntegrityInfoContext OBJECT IDENTIFIER ::= {id-avc 4} +-- Problem definitions +id-pr-targetDsaUnavailable OBJECT IDENTIFIER ::= + {id-pr 1} + +id-pr-dataSourceUnavailable OBJECT IDENTIFIER ::= {id-pr 2} + +id-pr-unidentifiedOperation OBJECT IDENTIFIER ::= {id-pr 3} + +id-pr-unavailableOperation OBJECT IDENTIFIER ::= {id-pr 4} + +id-pr-searchAttributeViolation OBJECT IDENTIFIER ::= {id-pr 5} + +id-pr-searchAttributeCombinationViolation OBJECT IDENTIFIER ::= {id-pr 6} + +id-pr-searchValueNotAllowed OBJECT IDENTIFIER ::= {id-pr 7} + +id-pr-missingSearchAttribute OBJECT IDENTIFIER ::= {id-pr 8} + +id-pr-searchValueViolation OBJECT IDENTIFIER ::= {id-pr 9} + +id-pr-attributeNegationViolation OBJECT IDENTIFIER ::= {id-pr 10} + +id-pr-searchValueRequired OBJECT IDENTIFIER ::= {id-pr 11} + +id-pr-invalidSearchValue OBJECT IDENTIFIER ::= {id-pr 12} + +id-pr-searchContextViolation OBJECT IDENTIFIER ::= {id-pr 13} + +id-pr-searchContextCombinationViolation OBJECT IDENTIFIER ::= {id-pr 14} + +id-pr-missingSearchContext OBJECT IDENTIFIER ::= {id-pr 15} + +id-pr-searchContextValueViolation OBJECT IDENTIFIER ::= {id-pr 16} + +id-pr-searchContextValueRequired OBJECT IDENTIFIER ::= {id-pr 17} + +id-pr-invalidContextSearchValue OBJECT IDENTIFIER ::= {id-pr 18} + +id-pr-unsupportedMatchingRule OBJECT IDENTIFIER ::= {id-pr 19} + +id-pr-attributeMatchingViolation OBJECT IDENTIFIER ::= {id-pr 20} + +id-pr-unsupportedMatchingUse OBJECT IDENTIFIER ::= {id-pr 21} + +id-pr-matchingUseViolation OBJECT IDENTIFIER ::= {id-pr 22} + +id-pr-hierarchySelectForbidden OBJECT IDENTIFIER ::= {id-pr 23} + +id-pr-invalidHierarchySelect OBJECT IDENTIFIER ::= {id-pr 24} + +id-pr-unavailableHierarchySelect OBJECT IDENTIFIER ::= {id-pr 25} + +id-pr-invalidSearchOptions OBJECT IDENTIFIER ::= {id-pr 26} + +id-pr-missingSearchOptions OBJECT IDENTIFIER ::= {id-pr 27} + +id-pr-invalidServiceControlOptions OBJECT IDENTIFIER ::= {id-pr 28} + +id-pr-missingServiceControlOptions OBJECT IDENTIFIER ::= {id-pr 29} + +id-pr-searchSubsetViolation OBJECT IDENTIFIER ::= {id-pr 30} + +id-pr-unmatchedKeyAttributes OBJECT IDENTIFIER ::= {id-pr 31} + +id-pr-ambiguousKeyAttributes OBJECT IDENTIFIER ::= {id-pr 32} + +-- Notification attributes +id-not-dSAProblem OBJECT IDENTIFIER ::= {id-not 0} + +id-not-searchServiceProblem OBJECT IDENTIFIER ::= {id-not 1} + +id-not-serviceType OBJECT IDENTIFIER ::= {id-not 2} + +id-not-attributeTypeList OBJECT IDENTIFIER ::= {id-not 3} + +id-not-matchingRuleList OBJECT IDENTIFIER ::= {id-not 4} + +id-not-filterItem OBJECT IDENTIFIER ::= {id-not 5} + +id-not-attributeCombinations OBJECT IDENTIFIER ::= {id-not 6} + +id-not-contextTypeList OBJECT IDENTIFIER ::= {id-not 7} + +id-not-contextList OBJECT IDENTIFIER ::= {id-not 8} + +id-not-contextCombinations OBJECT IDENTIFIER ::= {id-not 9} + +id-not-hierarchySelectList OBJECT IDENTIFIER ::= {id-not 10} + +id-not-searchOptionsList OBJECT IDENTIFIER ::= {id-not 11} + +id-not-serviceControlOptionsList OBJECT IDENTIFIER ::= {id-not 12} + +id-not-multipleMatchingLocalities OBJECT IDENTIFIER ::= {id-not 13} + +id-not-proposedRelaxation OBJECT IDENTIFIER ::= {id-not 14} + +id-not-appliedRelaxation OBJECT IDENTIFIER ::= {id-not 15} + +id-not-substringRequirements OBJECT IDENTIFIER ::= {id-not 16} + +-- Control attributes +id-cat-sequenceMatchType OBJECT IDENTIFIER ::= + {id-cat 1} + +id-cat-wordMatchType OBJECT IDENTIFIER ::= {id-cat 2} + +id-cat-characterMatchTypes OBJECT IDENTIFIER ::= {id-cat 3} + +id-cat-selectedContexts OBJECT IDENTIFIER ::= {id-cat 4} + +END -- SelectedAttributeTypes + +-- Generated by Asnp, the ASN.1 pretty-printer of France Telecom R&D -- cgit v1.2.3