summaryrefslogtreecommitdiff
path: root/asn1/DirectoryAbstractService.asn1
diff options
context:
space:
mode:
Diffstat (limited to 'asn1/DirectoryAbstractService.asn1')
-rw-r--r--asn1/DirectoryAbstractService.asn11479
1 files changed, 761 insertions, 718 deletions
diff --git a/asn1/DirectoryAbstractService.asn1 b/asn1/DirectoryAbstractService.asn1
index ca1d934..b098ae0 100644
--- a/asn1/DirectoryAbstractService.asn1
+++ b/asn1/DirectoryAbstractService.asn1
@@ -1,718 +1,761 @@
--- Module DirectoryAbstractService (X.511 TC2:08/1997)
--- See also ITU-T X.511 (1997) Technical Cor. 2 (02/2001)
--- See also the index of all ASN.1 assignments needed in this document
-
-DirectoryAbstractService {joint-iso-itu-t ds(5) module(1)
- directoryAbstractService(2) 3} DEFINITIONS ::=
-BEGIN
-
--- EXPORTS All
--- The types and values defined in this module are exported for use in the other ASN.1 modules contained
--- within the Directory Specifications, and for the use of other applications which will use them to access
--- Directory services. Other applications may use them for their own purposes, but this will not constrain
--- extensions and modifications needed to maintain or improve the Directory service.
-IMPORTS
- informationFramework, distributedOperations, authenticationFramework,
- dap, directoryShadowAbstractService, basicAccessControl, enhancedSecurity,
- id-at
- FROM UsefulDefinitions {joint-iso-itu-t ds(5) module(1)
- usefulDefinitions(0) 3}
- AttributeTypeAndValue
- FROM BasicAccessControl {joint-iso-itu-t ds(5) module(1)
- basicAccessControl(24) 3}
- AgreementID
- FROM DirectoryShadowAbstractService {joint-iso-itu-t ds(5) module(1)
- directoryShadowAbstractService(15) 4}
- Attribute, AttributeType, AttributeValue, AttributeValueAssertion,
- DistinguishedName, Name, RelativeDistinguishedName, SupportedAttributes,
- ATTRIBUTE, MATCHING-RULE, ContextAssertion, AttributeTypeAssertion,
- OBJECT-CLASS, RelaxationPolicy
- FROM InformationFramework {joint-iso-itu-t ds(5) module(1)
- informationFramework(1) 3}
- OperationProgress, ReferenceType, Exclusions, AccessPoint,
- ContinuationReference
- FROM DistributedOperations {joint-iso-itu-t ds(5) module(1)
- distributedOperations(3) 3}
- CertificationPath, SIGNED{}, SIGNATURE{}, ENCRYPTED{}, AlgorithmIdentifier,
- AttributeCertificationPath
- FROM AuthenticationFramework {joint-iso-itu-t ds(5) module(1)
- authenticationFramework(7) 3}
- OPTIONALLY-PROTECTED{}, OPTIONALLY-PROTECTED-SEQ{}
- FROM EnhancedSecurity {joint-iso-itu-t ds(5) modules(1)
- enhancedSecurity(28) 1}
- id-opcode-read, id-opcode-compare, id-opcode-abandon, id-opcode-list,
- id-opcode-search, id-opcode-addEntry, id-opcode-removeEntry,
- id-opcode-modifyEntry, id-opcode-modifyDN, id-errcode-abandoned,
- id-errcode-abandonFailed, id-errcode-attributeError, id-errcode-nameError,
- id-errcode-referral, id-errcode-securityError, id-errcode-serviceError,
- id-errcode-updateError
- FROM DirectoryAccessProtocol {joint-iso-itu-t ds(5) module(1) dap(11) 3}
- OPERATION, ERROR, Code
- FROM Remote-Operations-Information-Objects {joint-iso-itu-t
- remote-operations(4) informationObjects(5) version1(0)}
- emptyUnbind
- FROM Remote-Operations-Useful-Definitions {joint-iso-itu-t
- remote-operations(4) useful-definitions(7) version1(0)}
- InvokeId
- FROM Remote-Operations-Generic-ROS-PDUs {joint-iso-itu-t
- remote-operations(4) generic-ROS-PDUs(6) version1(0)}
- --PROTECTED
- -- FROM Notation { joint-iso-itu-t genericULS (20) modules (1) notation (1) }
- SPKM-REQ, SPKM-REP-TI, SPKM-ERROR
- FROM SpkmGssTokens {iso(1) identified-organization(3) dod(6) internet(1)
- security(5) mechanisms(5) spkm(1) spkmGssTokens(10)};
-
--- Common data types
--- Parameterized type for representing optional signing
-OPTIONALLY-SIGNED{Type} ::= CHOICE {unsigned Type,
- signed SIGNED{Type}
-}
-
-CommonArguments ::= SET {
- serviceControls [30] ServiceControls DEFAULT {},
- securityParameters [29] SecurityParameters OPTIONAL,
- requestor [28] DistinguishedName OPTIONAL,
- operationProgress
- [27] OperationProgress DEFAULT {nameResolutionPhase notStarted},
- aliasedRDNs [26] INTEGER OPTIONAL,
- criticalExtensions [25] BIT STRING OPTIONAL,
- referenceType [24] ReferenceType OPTIONAL,
- entryOnly [23] BOOLEAN DEFAULT TRUE,
- nameResolveOnMaste [21] BOOLEAN DEFAULT FALSE,
- operationContexts [20] ContextSelection OPTIONAL,
- familyGrouping [19] FamilyGrouping DEFAULT entryOnly
-}
-
-FamilyGrouping ::= ENUMERATED {
- entryOnly(1), compoundEntry(2), strands(3), multiStrand(4)}
-
-CommonResults ::= SET {
- securityParameters [30] SecurityParameters OPTIONAL,
- performer [29] DistinguishedName OPTIONAL,
- aliasDereferenced [28] BOOLEAN DEFAULT FALSE,
- notification [27] SEQUENCE SIZE (1..MAX) OF Attribute OPTIONAL
-}
-
-CommonResultsSeq ::= SEQUENCE {
- securityParameters [30] SecurityParameters OPTIONAL,
- performer [29] DistinguishedName OPTIONAL,
- aliasDereferenced [28] BOOLEAN DEFAULT FALSE
-}
-
-ServiceControls ::= SET {
- options [0] ServiceControlOptions DEFAULT {},
- priority [1] INTEGER {low(0), medium(1), high(2)} DEFAULT medium,
- timeLimit [2] INTEGER OPTIONAL,
- sizeLimit [3] INTEGER OPTIONAL,
- scopeOfReferral [4] INTEGER {dmd(0), country(1)} OPTIONAL,
- attributeSizeLimit [5] INTEGER OPTIONAL,
- manageDSAITPlaneRef
- [6] SEQUENCE {dsaName Name,
- agreementID AgreementID} OPTIONAL,
- serviceType [7] OBJECT IDENTIFIER OPTIONAL,
- userClass [8] INTEGER OPTIONAL
-}
-
-ServiceControlOptions ::= BIT STRING {
- preferChaining(0), chainingProhibited(1), localScope(2), dontUseCopy(3),
- dontDereferenceAliases(4), subentries(5), copyShallDo(6),
- partialNameResolution(7), manageDSAIT(8), noSubtypeMatch(9),
- noSubtypeSelection(10), countFamily(11)}
-
-EntryInformationSelection ::= SET {
- attributes
- CHOICE {allUserAttributes [0] NULL,
- select [1] SET OF AttributeType
- -- empty set implies no attributes are requested
- } DEFAULT allUserAttributes:NULL,
- infoTypes
- [2] INTEGER {attributeTypesOnly(0), attributeTypesAndValues(1)}
- DEFAULT attributeTypesAndValues,
- extraAttributes
- CHOICE {allOperationalAttributes [3] NULL,
- select [4] SET OF AttributeType} OPTIONAL,
- contextSelection ContextSelection OPTIONAL,
- returnContexts BOOLEAN DEFAULT FALSE,
- familyReturn FamilyReturn DEFAULT {memberSelect contributingEntriesOnly}
-}
-
-ContextSelection ::= CHOICE {
- allContexts NULL,
- selectedContexts SET OF TypeAndContextAssertion
-}
-
-TypeAndContextAssertion ::= SEQUENCE {
- type AttributeType,
- contextAssertions
- CHOICE {preference SEQUENCE OF ContextAssertion,
- all SET OF ContextAssertion}
-}
-
-FamilyReturn ::= SEQUENCE {
- memberSelect
- ENUMERATED {contributingEntriesOnly(1), participatingEntriesOnly(2),
- compoundEntry(3)},
- familySelect SEQUENCE SIZE (1..MAX) OF OBJECT-CLASS.&id OPTIONAL
-}
-
-family-information ATTRIBUTE ::= {
- WITH SYNTAX FamilyEntries
- USAGE directoryOperation
- ID id-at-family-information
-}
-
-FamilyEntries ::= SEQUENCE {
- family-class OBJECT-CLASS.&id, -- structural object class value
- familyEntries SEQUENCE OF FamilyEntry
-}
-
-FamilyEntry ::= SEQUENCE {
- rdn RelativeDistinguishedName,
- information
- SEQUENCE OF CHOICE {attributeType AttributeType,
- attribute Attribute},
- family-info SEQUENCE SIZE (1..MAX) OF FamilyEntries OPTIONAL
-}
-
-EntryInformation ::= SEQUENCE {
- name Name,
- fromEntry BOOLEAN DEFAULT TRUE,
- information
- SET SIZE (1..MAX) OF
- CHOICE {attributeType AttributeType,
- attribute Attribute} OPTIONAL,
- incompleteEntry [3] BOOLEAN DEFAULT FALSE, -- not in 1988-edition systems
- partialNameResolution
- [4] BOOLEAN DEFAULT FALSE -- not in 1988 or 1993 edition systems --
-}
-
-Filter ::= CHOICE {
- item [0] FilterItem,
- and [1] SET OF Filter,
- or [2] SET OF Filter,
- not [3] Filter
-}
-
-FilterItem ::= CHOICE {
- equality [0] AttributeValueAssertion,
- substrings
- [1] SEQUENCE {type ATTRIBUTE.&id({SupportedAttributes}),
- strings
- SEQUENCE OF
- CHOICE {initial
- [0] ATTRIBUTE.&Type
- ({SupportedAttributes}
- {@substrings.type}),
- any
- [1] ATTRIBUTE.&Type
- ({SupportedAttributes}
- {@substrings.type}),
- final
- [2] ATTRIBUTE.&Type
- ({SupportedAttributes}
- {@substrings.type}),
- control Attribute -- Used to specify interpretation of following items
- }},
- greaterOrEqual [2] AttributeValueAssertion,
- lessOrEqual [3] AttributeValueAssertion,
- present [4] AttributeType,
- approximateMatch [5] AttributeValueAssertion,
- extensibleMatch [6] MatchingRuleAssertion,
- contextPresent [7] AttributeTypeAssertion
-}
-
-MatchingRuleAssertion ::= SEQUENCE {
- matchingRule [1] SET SIZE (1..MAX) OF MATCHING-RULE.&id,
- type [2] AttributeType OPTIONAL,
- matchValue
- [3] MATCHING-RULE.&AssertionType
- (CONSTRAINED BY {
- -- matchValue must be a value of type specified by the &AssertionType field of
- -- one of the MATCHING-RULE information objects identified by matchingRule -- }),
- dnAttributes [4] BOOLEAN DEFAULT FALSE
-}
-
-PagedResultsRequest ::= CHOICE {
- newRequest
- SEQUENCE {pageSize INTEGER,
- sortKeys SEQUENCE SIZE (1..MAX) OF SortKey OPTIONAL,
- reverse [1] BOOLEAN DEFAULT FALSE,
- unmerged [2] BOOLEAN DEFAULT FALSE},
- queryReference OCTET STRING
-}
-
-SortKey ::= SEQUENCE {
- type AttributeType,
- orderingRule MATCHING-RULE.&id OPTIONAL
-}
-
-SecurityParameters ::= SET {
- certification-path [0] CertificationPath OPTIONAL,
- name [1] DistinguishedName OPTIONAL,
- time [2] Time OPTIONAL,
- random [3] BIT STRING OPTIONAL,
- target [4] ProtectionRequest OPTIONAL,
- response [5] BIT STRING OPTIONAL,
- operationCode [6] Code OPTIONAL,
- attributeCertificationPath [7] AttributeCertificationPath OPTIONAL,
- errorProtection [8] ErrorProtectionRequest OPTIONAL,
- errorCode [9] Code OPTIONAL
-}
-
-ProtectionRequest ::= INTEGER {
- none(0), signed(1), encrypted(2), signed-encrypted(3)}
-
-Time ::= CHOICE {utcTime UTCTime,
- generalizedTime GeneralizedTime
-}
-
-ErrorProtectionRequest ::= INTEGER {
- none(0), signed(1), encrypted(2), signed-encrypted(3)}
-
--- Bind and unbind operations
-directoryBind OPERATION ::= {
- ARGUMENT DirectoryBindArgument
- RESULT DirectoryBindResult
- ERRORS {directoryBindError}
-}
-
-DirectoryBindArgument ::= SET {
- credentials [0] Credentials OPTIONAL,
- versions [1] Versions DEFAULT {v1}
-}
-
-Credentials ::= CHOICE {
- simple [0] SimpleCredentials,
- strong [1] StrongCredentials,
- externalProcedure [2] EXTERNAL,
- spkm [3] SpkmCredentials
-}
-
-SimpleCredentials ::= SEQUENCE {
- name [0] DistinguishedName,
- validity
- [1] SET {time1 [0] CHOICE {utc UTCTime,
- gt GeneralizedTime} OPTIONAL,
- time2 [1] CHOICE {utc UTCTime,
- gt GeneralizedTime} OPTIONAL,
- random1 [2] BIT STRING OPTIONAL,
- random2 [3] BIT STRING OPTIONAL},
- password
- [2] CHOICE {unprotected OCTET STRING,
- protected SIGNATURE{OCTET STRING}} OPTIONAL
-}
-
-StrongCredentials ::= SET {
- certification-path [0] CertificationPath OPTIONAL,
- bind-token [1] Token,
- name [2] DistinguishedName OPTIONAL,
- attributeCertificationPath [3] AttributeCertificationPath OPTIONAL
-}
-
-SpkmCredentials ::= CHOICE {req [0] SPKM-REQ,
- rep [1] SPKM-REP-TI
-}
-
-Token ::=
- SIGNED
- {SEQUENCE {algorithm [0] AlgorithmIdentifier,
- name [1] DistinguishedName,
- time [2] Time,
- random [3] BIT STRING,
- response [4] BIT STRING OPTIONAL,
- bindIntAlgorithm
- [5] SEQUENCE SIZE (1..MAX) OF AlgorithmIdentifier OPTIONAL,
- bindIntKeyInfo [6] BindKeyInfo OPTIONAL,
- bindConfAlgorithm
- [7] SEQUENCE SIZE (1..MAX) OF AlgorithmIdentifier OPTIONAL,
- bindConfKeyInfo [8] BindKeyInfo OPTIONAL}}
-
-Versions ::= BIT STRING {v1(0), v2(1)}
-
-DirectoryBindResult ::= DirectoryBindArgument
-
-directoryBindError ERROR ::= {
- PARAMETER OPTIONALLY-PROTECTED
- {SET {versions [0] Versions DEFAULT {v1},
- error
- CHOICE {serviceError [1] ServiceProblem,
- securityError [2] SecurityProblem}}}
-}
-
-BindKeyInfo ::= ENCRYPTED{BIT STRING}
-
-directoryUnbind OPERATION ::= emptyUnbind
-
--- Operations, arguments, and results
-read OPERATION ::= {
- ARGUMENT ReadArgument
- RESULT ReadResult
- ERRORS
- {attributeError | nameError | serviceError | referral | abandoned |
- securityError}
- CODE id-opcode-read
-}
-
-ReadArgument ::=
- OPTIONALLY-PROTECTED
- {SET {object [0] Name,
- selection [1] EntryInformationSelection DEFAULT {},
- modifyRightsRequest [2] BOOLEAN DEFAULT FALSE,
- COMPONENTS OF CommonArguments}}
-
-ReadResult ::=
- OPTIONALLY-PROTECTED
- {SET {entry [0] EntryInformation,
- modifyRights [1] ModifyRights OPTIONAL,
- COMPONENTS OF CommonResults}}
-
-ModifyRights ::=
- SET OF
- SEQUENCE {item
- CHOICE {entry [0] NULL,
- attribute [1] AttributeType,
- value [2] AttributeValueAssertion},
- permission
- [3] BIT STRING {add(0), remove(1), rename(2), move(3)}
- }
-
-compare OPERATION ::= {
- ARGUMENT CompareArgument
- RESULT CompareResult
- ERRORS
- {attributeError | nameError | serviceError | referral | abandoned |
- securityError}
- CODE id-opcode-compare
-}
-
-CompareArgument ::=
- OPTIONALLY-PROTECTED
- {SET {object [0] Name,
- purported [1] AttributeValueAssertion,
- COMPONENTS OF CommonArguments}}
-
-CompareResult ::=
- OPTIONALLY-PROTECTED
- {SET {name Name OPTIONAL,
- matched [0] BOOLEAN,
- fromEntry [1] BOOLEAN DEFAULT TRUE,
- matchedSubtype [2] AttributeType OPTIONAL,
- COMPONENTS OF CommonResults}}
-
-abandon OPERATION ::= {
- ARGUMENT AbandonArgument
- RESULT AbandonResult
- ERRORS {abandonFailed}
- CODE id-opcode-abandon
-}
-
-AbandonArgument ::=
- OPTIONALLY-PROTECTED-SEQ{SEQUENCE {invokeID [0] InvokeId}}
-
-AbandonResult ::= CHOICE {
- null NULL,
- information
- OPTIONALLY-PROTECTED-SEQ{SEQUENCE {invokeID InvokeId,
- COMPONENTS OF CommonResultsSeq
- }}
-}
-
-list OPERATION ::= {
- ARGUMENT ListArgument
- RESULT ListResult
- ERRORS {nameError | serviceError | referral | abandoned | securityError}
- CODE id-opcode-list
-}
-
-ListArgument ::=
- OPTIONALLY-PROTECTED
- {SET {object [0] Name,
- pagedResults [1] PagedResultsRequest OPTIONAL,
- listFamily [2] BOOLEAN DEFAULT FALSE,
- COMPONENTS OF CommonArguments}}
-
-ListResult ::=
- OPTIONALLY-PROTECTED
- {CHOICE {listInfo
- SET {name Name OPTIONAL,
- subordinates
- [1] SET OF
- SEQUENCE {rdn RelativeDistinguishedName,
- aliasEntry [0] BOOLEAN DEFAULT FALSE,
- fromEntry [1] BOOLEAN DEFAULT TRUE
- },
- partialOutcomeQualifier
- [2] PartialOutcomeQualifier OPTIONAL,
- COMPONENTS OF CommonResults},
- uncorrelatedListInfo [0] SET OF ListResult}}
-
-PartialOutcomeQualifier ::= SET {
- limitProblem [0] LimitProblem OPTIONAL,
- unexplored
- [1] SET SIZE (1..MAX) OF ContinuationReference OPTIONAL,
- unavailableCriticalExtensions [2] BOOLEAN DEFAULT FALSE,
- unknownErrors
- [3] SET SIZE (1..MAX) OF ABSTRACT-SYNTAX.&Type OPTIONAL,
- queryReference [4] OCTET STRING OPTIONAL,
- overspecFilter [5] Filter OPTIONAL,
- notification
- [6] SEQUENCE SIZE (1..MAX) OF Attribute OPTIONAL,
- entryCount
- CHOICE {bestEstimate [7] INTEGER,
- lowEstimate [8] INTEGER} OPTIONAL
-}
-
-LimitProblem ::= INTEGER {
- timeLimitExceeded(0), sizeLimitExceeded(1), administrativeLimitExceeded(2)
-}
-
-search OPERATION ::= {
- ARGUMENT SearchArgument
- RESULT SearchResult
- ERRORS
- {attributeError | nameError | serviceError | referral | abandoned |
- securityError}
- CODE id-opcode-search
-}
-
-SearchArgument ::=
- OPTIONALLY-PROTECTED
- {SET {baseObject [0] Name,
- subset
- [1] INTEGER {baseObject(0), oneLevel(1), wholeSubtree(2)}
- DEFAULT baseObject,
- filter [2] Filter DEFAULT and:{},
- searchAliases [3] BOOLEAN DEFAULT TRUE,
- selection [4] EntryInformationSelection DEFAULT {},
- pagedResults [5] PagedResultsRequest OPTIONAL,
- matchedValuesOnly [6] BOOLEAN DEFAULT FALSE,
- extendedFilter [7] Filter OPTIONAL,
- checkOverspecified [8] BOOLEAN DEFAULT FALSE,
- relaxation [9] RelaxationPolicy OPTIONAL,
- extendedArea [10] INTEGER OPTIONAL,
- hierarchySelections [11] HierarchySelections DEFAULT {self},
- searchControlOptions
- [12] SearchControlOptions DEFAULT {searchAliases},
- COMPONENTS OF CommonArguments}}
-
-HierarchySelections ::= BIT STRING {
- self(0), children(1), parent(2), hierarchy(3), top(4), subtree(5),
- siblings(6), siblingChildren(7), siblingSubtree(8), all(9)}
-
-SearchControlOptions ::= BIT STRING {
- searchAliases(0), matchedValuesOnly(1), checkOverspecified(2),
- performExactly(3), includeAllAreas(4), noSystemRelaxation(5), dnAttribute(6),
- matchOnResidualName(7), entryCount(8), useSubset(9),
- separateFamilyMembers(10), searchFamily(11)}
-
-SearchResult ::=
- OPTIONALLY-PROTECTED
- {CHOICE {searchInfo
- SET {name Name OPTIONAL,
- entries [0] SET OF EntryInformation,
- partialOutcomeQualifier
- [2] PartialOutcomeQualifier OPTIONAL,
- altMatching [3] BOOLEAN DEFAULT FALSE,
- COMPONENTS OF CommonResults},
- uncorrelatedSearchInfo [0] SET OF SearchResult}}
-
-addEntry OPERATION ::= {
- ARGUMENT AddEntryArgument
- RESULT AddEntryResult
- ERRORS
- {attributeError | nameError | serviceError | referral | securityError |
- updateError}
- CODE id-opcode-addEntry
-}
-
-AddEntryArgument ::=
- OPTIONALLY-PROTECTED
- {SET {object [0] Name,
- entry [1] SET OF Attribute,
- targetSystem [2] AccessPoint OPTIONAL,
- COMPONENTS OF CommonArguments}}
-
-AddEntryResult ::= CHOICE {
- null NULL,
- information
- OPTIONALLY-PROTECTED-SEQ{SEQUENCE {COMPONENTS OF CommonResultsSeq}}
-}
-
-removeEntry OPERATION ::= {
- ARGUMENT RemoveEntryArgument
- RESULT RemoveEntryResult
- ERRORS {nameError | serviceError | referral | securityError | updateError}
- CODE id-opcode-removeEntry
-}
-
-RemoveEntryArgument ::=
- OPTIONALLY-PROTECTED{SET {object [0] Name,
- COMPONENTS OF CommonArguments}}
-
-RemoveEntryResult ::= CHOICE {
- null NULL,
- information
- OPTIONALLY-PROTECTED-SEQ{SEQUENCE {COMPONENTS OF CommonResultsSeq}}
-}
-
-modifyEntry OPERATION ::= {
- ARGUMENT ModifyEntryArgument
- RESULT ModifyEntryResult
- ERRORS
- {attributeError | nameError | serviceError | referral | securityError |
- updateError}
- CODE id-opcode-modifyEntry
-}
-
-ModifyEntryArgument ::=
- OPTIONALLY-PROTECTED
- {SET {object [0] Name,
- changes [1] SEQUENCE OF EntryModification,
- selection [2] EntryInformationSelection OPTIONAL,
- COMPONENTS OF CommonArguments}}
-
-ModifyEntryResult ::= CHOICE {
- null NULL,
- information
- OPTIONALLY-PROTECTED-SEQ{SEQUENCE {entry [0] EntryInformation OPTIONAL,
- COMPONENTS OF CommonResultsSeq
- }}
-}
-
-EntryModification ::= CHOICE {
- addAttribute [0] Attribute,
- removeAttribute [1] AttributeType,
- addValues [2] Attribute,
- removeValues [3] Attribute,
- alterValues [4] AttributeTypeAndValue,
- resetValue [5] AttributeType
-}
-
-modifyDN OPERATION ::= {
- ARGUMENT ModifyDNArgument
- RESULT ModifyDNResult
- ERRORS {nameError | serviceError | referral | securityError | updateError}
- CODE id-opcode-modifyDN
-}
-
-ModifyDNArgument ::=
- OPTIONALLY-PROTECTED
- {SET {object [0] DistinguishedName,
- newRDN [1] RelativeDistinguishedName,
- deleteOldRDN [2] BOOLEAN DEFAULT FALSE,
- newSuperior [3] DistinguishedName OPTIONAL,
- COMPONENTS OF CommonArguments}}
-
-ModifyDNResult ::= CHOICE {
- null NULL,
- information
- OPTIONALLY-PROTECTED-SEQ{SEQUENCE {newRDN RelativeDistinguishedName,
- COMPONENTS OF CommonResultsSeq
- }}
-}
-
--- Errors and parameters
-abandoned ERROR ::= { -- not literally an "error"
- PARAMETER OPTIONALLY-PROTECTED {SET {COMPONENTS OF CommonResults}}
- CODE id-errcode-abandoned
-}
-
-abandonFailed ERROR ::= {
- PARAMETER OPTIONALLY-PROTECTED
- {SET {problem [0] AbandonProblem,
- operation [1] InvokeId,
- COMPONENTS OF CommonResults}}
- CODE id-errcode-abandonFailed
-}
-
-AbandonProblem ::= INTEGER {noSuchOperation(1), tooLate(2), cannotAbandon(3)}
-
-attributeError ERROR ::= {
- PARAMETER OPTIONALLY-PROTECTED
- {SET {object [0] Name,
- problems
- [1] SET OF
- SEQUENCE {problem [0] AttributeProblem,
- type [1] AttributeType,
- value [2] AttributeValue OPTIONAL},
- COMPONENTS OF CommonResults}}
- CODE id-errcode-attributeError
-}
-
-AttributeProblem ::= INTEGER {
- noSuchAttributeOrValue(1), invalidAttributeSyntax(2),
- undefinedAttributeType(3), inappropriateMatching(4), constraintViolation(5),
- attributeOrValueAlreadyExists(6), contextViolation(7)}
-
-nameError ERROR ::= {
- PARAMETER OPTIONALLY-PROTECTED
- {SET {problem [0] NameProblem,
- matched [1] Name,
- COMPONENTS OF CommonResults}}
- CODE id-errcode-nameError
-}
-
-NameProblem ::= INTEGER {
- noSuchObject(1), aliasProblem(2), invalidAttributeSyntax(3),
- aliasDereferencingProblem(4), contextProblem(5)}
-
-referral ERROR ::= { -- not literally an "error"
- PARAMETER OPTIONALLY-PROTECTED
- {SET {candidate [0] ContinuationReference,
- COMPONENTS OF CommonResults}}
- CODE id-errcode-referral
-}
-
-securityError ERROR ::= {
- PARAMETER OPTIONALLY-PROTECTED
- {SET {problem [0] SecurityProblem,
- spkmInfo [1] SPKM-ERROR,
- COMPONENTS OF CommonResults}}
- CODE id-errcode-securityError
-}
-
-SecurityProblem ::= INTEGER {
- inappropriateAuthentication(1), invalidCredentials(2),
- insufficientAccessRights(3), invalidSignature(4), protectionRequired(5),
- noInformation(6), blockedCredentials(7), invalidQOPMatch(8), spkmError(9)
-}
-
-serviceError ERROR ::= {
- PARAMETER OPTIONALLY-PROTECTED
- {SET {problem [0] ServiceProblem,
- COMPONENTS OF CommonResults}}
- CODE id-errcode-serviceError
-}
-
-ServiceProblem ::= INTEGER {
- busy(1), unavailable(2), unwillingToPerform(3), chainingRequired(4),
- unableToProceed(5), invalidReference(6), timeLimitExceeded(7),
- administrativeLimitExceeded(8), loopDetected(9),
- unavailableCriticalExtension(10), outOfScope(11), ditError(12),
- invalidQueryReference(13), requestedServiceNotAvailable(14),
- relaxationNotSupported(15), unavailableRelaxationLevel(16),
- unsupportedMatchingUse(17), unmatchedKeyAttributes(18),
- ambiguousKeyAttributes(19)}
-
-updateError ERROR ::= {
- PARAMETER OPTIONALLY-PROTECTED
- {SET {problem [0] UpdateProblem,
- attributeInfo
- [1] SET SIZE (1..MAX) OF
- CHOICE {attributeType AttributeType,
- attribute Attribute} OPTIONAL,
- COMPONENTS OF CommonResults}}
- CODE id-errcode-updateError
-}
-
-UpdateProblem ::= INTEGER {
- namingViolation(1), objectClassViolation(2), notAllowedOnNonLeaf(3),
- notAllowedOnRDN(4), entryAlreadyExists(5), affectsMultipleDSAs(6),
- objectClassModificationProhibited(7), notAncestor(8), parentNotAncestor(9),
- hierarchyRuleViolation(10), familyRuleViolation(11)}
-
-id-at-family-information OBJECT IDENTIFIER ::= {id-at 64}
-
-END -- DirectoryAbstractService
-
--- Generated by Asnp, the ASN.1 pretty-printer of France Telecom R&D
+-- Module DirectoryAbstractService (X.511:02/2001)
+DirectoryAbstractService {joint-iso-itu-t ds(5) module(1)
+ directoryAbstractService(2) 4} DEFINITIONS ::=
+BEGIN
+
+-- EXPORTS All
+-- The types and values defined in this module are exported for use in the other ASN.1 modules contained
+-- within the Directory Specifications, and for the use of other applications which will use them to access
+-- Directory services. Other applications may use them for their own purposes, but this will not constrain
+-- extensions and modifications needed to maintain or improve the Directory service.
+IMPORTS
+ -- from ITU-T Rec. X.501 | ISO/IEC 9594-2
+ attributeCertificateDefinitions, authenticationFramework, basicAccessControl,
+ dap, directoryShadowAbstractService, distributedOperations,
+ enhancedSecurity, id-at, informationFramework, selectedAttributeTypes,
+ serviceAdministration, upperBounds
+ FROM UsefulDefinitions {joint-iso-itu-t ds(5) module(1)
+ usefulDefinitions(0) 4}
+ Attribute, ATTRIBUTE, AttributeType, AttributeTypeAssertion, AttributeValue,
+ AttributeValueAssertion, CONTEXT, ContextAssertion, DistinguishedName,
+ MATCHING-RULE, Name, OBJECT-CLASS, RelativeDistinguishedName,
+ SupportedAttributes, SupportedContexts
+ FROM InformationFramework {joint-iso-itu-t ds(5) module(1)
+ informationFramework(1) 4}
+ RelaxationPolicy
+ FROM ServiceAdministration {joint-iso-itu-t ds(5) module(1)
+ serviceAdministration(33) 4}
+ AttributeTypeAndValue
+ FROM BasicAccessControl {joint-iso-itu-t ds(5) module(1)
+ basicAccessControl(24) 4}
+ OPTIONALLY-PROTECTED{}, OPTIONALLY-PROTECTED-SEQ{}
+ FROM EnhancedSecurity {joint-iso-itu-t ds(5) module(1) enhancedSecurity(28)
+ 4}
+ -- from ITU-T Rec. X.518 | ISO/IEC 9594-4
+ AccessPoint, ContinuationReference, Exclusions, OperationProgress,
+ ReferenceType
+ FROM DistributedOperations {joint-iso-itu-t ds(5) module(1)
+ distributedOperations(3) 4}
+ -- from ITU-T Rec. X.519 | ISO/IEC 9594-5
+ id-errcode-abandoned, id-errcode-abandonFailed, id-errcode-attributeError,
+ id-errcode-nameError, id-errcode-referral, id-errcode-securityError,
+ id-errcode-serviceError, id-errcode-updateError, id-opcode-abandon,
+ id-opcode-addEntry, id-opcode-compare, id-opcode-list, id-opcode-modifyDN,
+ id-opcode-modifyEntry, id-opcode-read, id-opcode-removeEntry,
+ id-opcode-search
+ FROM DirectoryAccessProtocol {joint-iso-itu-t ds(5) module(1) dap(11) 4}
+ -- from ITU-T Rec. X.520 | ISO/IEC 9594-6
+ DirectoryString{}
+ FROM SelectedAttributeTypes {joint-iso-itu-t ds(5) module(1)
+ selectedAttributeTypes(5) 4}
+ ub-domainLocalID
+ FROM UpperBounds {joint-iso-itu-t ds(5) module(1) upperBounds(10) 4}
+ -- from ITU-T Rec. X.509 | ISO/IEC 9594-8
+ AlgorithmIdentifier, CertificationPath, ENCRYPTED{}, SIGNATURE{}, SIGNED{}
+ FROM AuthenticationFramework {joint-iso-itu-t ds(5) module(1)
+ authenticationFramework(7) 4}
+ AttributeCertificationPath
+ FROM AttributeCertificateDefinitions {joint-iso-itu-t ds(5) module(1)
+ attributeCertificateDefinitions(32) 4}
+ -- from ITU-T Rec. X.525 | ISO/IEC 9594-9
+ AgreementID
+ FROM DirectoryShadowAbstractService {joint-iso-itu-t ds(5) module(1)
+ directoryShadowAbstractService(15) 4}
+ -- from ITU-T Rec. X.880 | ISO/IEC 13712-1
+ Code, ERROR, OPERATION
+ FROM Remote-Operations-Information-Objects {joint-iso-itu-t
+ remote-operations(4) informationObjects(5) version1(0)}
+ emptyUnbind
+ FROM Remote-Operations-Useful-Definitions {joint-iso-itu-t
+ remote-operations(4) useful-definitions(7) version1(0)}
+ InvokeId
+ FROM Remote-Operations-Generic-ROS-PDUs {joint-iso-itu-t
+ remote-operations(4) generic-ROS-PDUs(6) version1(0)}
+ -- from RFC 2025
+ SPKM-ERROR, SPKM-REP-TI, SPKM-REQ
+ FROM SpkmGssTokens {iso(1) identified-organization(3) dod(6) internet(1)
+ security(5) mechanisms(5) spkm(1) spkmGssTokens(10)};
+
+-- Common data types
+CommonArguments ::= SET {
+ serviceControls [30] ServiceControls DEFAULT {},
+ securityParameters [29] SecurityParameters OPTIONAL,
+ requestor [28] DistinguishedName OPTIONAL,
+ operationProgress
+ [27] OperationProgress DEFAULT {nameResolutionPhase notStarted},
+ aliasedRDNs [26] INTEGER OPTIONAL,
+ criticalExtensions [25] BIT STRING OPTIONAL,
+ referenceType [24] ReferenceType OPTIONAL,
+ entryOnly [23] BOOLEAN DEFAULT TRUE,
+ exclusions [22] Exclusions OPTIONAL,
+ nameResolveOnMaster [21] BOOLEAN DEFAULT FALSE,
+ operationContexts [20] ContextSelection OPTIONAL,
+ familyGrouping [19] FamilyGrouping DEFAULT entryOnly
+}
+
+FamilyGrouping ::= ENUMERATED {
+ entryOnly(1), compoundEntry(2), strands(3), multiStrand(4)}
+
+CommonResults ::= SET {
+ securityParameters [30] SecurityParameters OPTIONAL,
+ performer [29] DistinguishedName OPTIONAL,
+ aliasDereferenced [28] BOOLEAN DEFAULT FALSE,
+ notification [27] SEQUENCE SIZE (1..MAX) OF Attribute OPTIONAL
+}
+
+CommonResultsSeq ::= SEQUENCE {
+ securityParameters [30] SecurityParameters OPTIONAL,
+ performer [29] DistinguishedName OPTIONAL,
+ aliasDereferenced [28] BOOLEAN DEFAULT FALSE,
+ notification [27] SEQUENCE SIZE (1..MAX) OF Attribute OPTIONAL
+}
+
+ServiceControls ::= SET {
+ options [0] ServiceControlOptions DEFAULT {},
+ priority [1] INTEGER {low(0), medium(1), high(2)} DEFAULT medium,
+ timeLimit [2] INTEGER OPTIONAL,
+ sizeLimit [3] INTEGER OPTIONAL,
+ scopeOfReferral [4] INTEGER {dmd(0), country(1)} OPTIONAL,
+ attributeSizeLimit [5] INTEGER OPTIONAL,
+ manageDSAITPlaneRef
+ [6] SEQUENCE {dsaName Name,
+ agreementID AgreementID} OPTIONAL,
+ serviceType [7] OBJECT IDENTIFIER OPTIONAL,
+ userClass [8] INTEGER OPTIONAL
+}
+
+ServiceControlOptions ::= BIT STRING {
+ preferChaining(0), chainingProhibited(1), localScope(2), dontUseCopy(3),
+ dontDereferenceAliases(4), subentries(5), copyShallDo(6),
+ partialNameResolution(7), manageDSAIT(8), noSubtypeMatch(9),
+ noSubtypeSelection(10), countFamily(11)}
+
+EntryInformationSelection ::= SET {
+ attributes
+ CHOICE {allUserAttributes [0] NULL,
+ select [1] SET OF AttributeType
+ -- empty set implies no attributes are requested
+ } DEFAULT allUserAttributes:NULL,
+ infoTypes
+ [2] INTEGER {attributeTypesOnly(0), attributeTypesAndValues(1)}
+ DEFAULT attributeTypesAndValues,
+ extraAttributes
+ CHOICE {allOperationalAttributes [3] NULL,
+ select [4] SET SIZE (1..MAX) OF AttributeType
+ } OPTIONAL,
+ contextSelection ContextSelection OPTIONAL,
+ returnContexts BOOLEAN DEFAULT FALSE,
+ familyReturn FamilyReturn DEFAULT {memberSelect contributingEntriesOnly}
+}
+
+ContextSelection ::= CHOICE {
+ allContexts NULL,
+ selectedContexts SET SIZE (1..MAX) OF TypeAndContextAssertion
+}
+
+TypeAndContextAssertion ::= SEQUENCE {
+ type AttributeType,
+ contextAssertions
+ CHOICE {preference SEQUENCE OF ContextAssertion,
+ all SET OF ContextAssertion}
+}
+
+FamilyReturn ::= SEQUENCE {
+ memberSelect
+ ENUMERATED {contributingEntriesOnly(1), participatingEntriesOnly(2),
+ compoundEntry(3)},
+ familySelect SEQUENCE SIZE (1..MAX) OF OBJECT-CLASS.&id OPTIONAL
+}
+
+EntryInformation ::= SEQUENCE {
+ name Name,
+ fromEntry BOOLEAN DEFAULT TRUE,
+ information
+ SET SIZE (1..MAX) OF
+ CHOICE {attributeType AttributeType,
+ attribute Attribute} OPTIONAL,
+ incompleteEntry [3] BOOLEAN DEFAULT FALSE, -- not in 1988-edition systems
+ partialName [4] BOOLEAN DEFAULT FALSE, -- not in 1988 or 1993 edition systems
+ derivedEntry
+ [5] BOOLEAN DEFAULT FALSE -- not in pre-2001 edition systems --
+}
+
+family-information ATTRIBUTE ::= {
+ WITH SYNTAX FamilyEntries
+ USAGE directoryOperation
+ ID id-at-family-information
+}
+
+FamilyEntries ::= SEQUENCE {
+ family-class OBJECT-CLASS.&id, -- structural object class value
+ familyEntries SEQUENCE OF FamilyEntry
+}
+
+FamilyEntry ::= SEQUENCE {
+ rdn RelativeDistinguishedName,
+ information
+ SEQUENCE OF CHOICE {attributeType AttributeType,
+ attribute Attribute},
+ family-info SEQUENCE SIZE (1..MAX) OF FamilyEntries OPTIONAL
+}
+
+Filter ::= CHOICE {
+ item [0] FilterItem,
+ and [1] SET OF Filter,
+ or [2] SET OF Filter,
+ not [3] Filter
+}
+
+FilterItem ::= CHOICE {
+ equality [0] AttributeValueAssertion,
+ substrings
+ [1] SEQUENCE {type ATTRIBUTE.&id({SupportedAttributes}),
+ strings
+ SEQUENCE OF
+ CHOICE {initial
+ [0] ATTRIBUTE.&Type
+ ({SupportedAttributes}
+ {@substrings.type}),
+ any
+ [1] ATTRIBUTE.&Type
+ ({SupportedAttributes}
+ {@substrings.type}),
+ final
+ [2] ATTRIBUTE.&Type
+ ({SupportedAttributes}
+ {@substrings.type}),
+ control Attribute}}, -- Used to specify interpretation of following items
+ greaterOrEqual [2] AttributeValueAssertion,
+ lessOrEqual [3] AttributeValueAssertion,
+ present [4] AttributeType,
+ approximateMatch [5] AttributeValueAssertion,
+ extensibleMatch [6] MatchingRuleAssertion,
+ contextPresent [7] AttributeTypeAssertion
+}
+
+MatchingRuleAssertion ::= SEQUENCE {
+ matchingRule [1] SET SIZE (1..MAX) OF MATCHING-RULE.&id,
+ type [2] AttributeType OPTIONAL,
+ matchValue
+ [3] MATCHING-RULE.&AssertionType
+ (CONSTRAINED BY {
+ -- matchValue shall be a value of type specified by the &AssertionType field of
+ -- one of the MATCHING-RULE information objects identified by matchingRule -- }),
+ dnAttributes [4] BOOLEAN DEFAULT FALSE
+}
+
+PagedResultsRequest ::= CHOICE {
+ newRequest
+ SEQUENCE {pageSize INTEGER,
+ sortKeys SEQUENCE SIZE (1..MAX) OF SortKey OPTIONAL,
+ reverse [1] BOOLEAN DEFAULT FALSE,
+ unmerged [2] BOOLEAN DEFAULT FALSE},
+ queryReference OCTET STRING
+}
+
+SortKey ::= SEQUENCE {
+ type AttributeType,
+ orderingRule MATCHING-RULE.&id OPTIONAL
+}
+
+SecurityParameters ::= SET {
+ certification-path [0] CertificationPath OPTIONAL,
+ name [1] DistinguishedName OPTIONAL,
+ time [2] Time OPTIONAL,
+ random [3] BIT STRING OPTIONAL,
+ target [4] ProtectionRequest OPTIONAL,
+ response [5] BIT STRING OPTIONAL,
+ operationCode [6] Code OPTIONAL,
+ attributeCertificationPath [7] AttributeCertificationPath OPTIONAL,
+ errorProtection [8] ErrorProtectionRequest OPTIONAL,
+ errorCode [9] Code OPTIONAL
+}
+
+ProtectionRequest ::= INTEGER {
+ none(0), signed(1), encrypted(2), signed-encrypted(3)}
+
+Time ::= CHOICE {utcTime UTCTime,
+ generalizedTime GeneralizedTime
+}
+
+ErrorProtectionRequest ::= INTEGER {
+ none(0), signed(1), encrypted(2), signed-encrypted(3)}
+
+-- Bind and unbind operations
+directoryBind OPERATION ::= {
+ ARGUMENT DirectoryBindArgument
+ RESULT DirectoryBindResult
+ ERRORS {directoryBindError}
+}
+
+DirectoryBindArgument ::= SET {
+ credentials [0] Credentials OPTIONAL,
+ versions [1] Versions DEFAULT {v1}
+}
+
+Credentials ::= CHOICE {
+ simple [0] SimpleCredentials,
+ strong [1] StrongCredentials,
+ externalProcedure [2] EXTERNAL,
+ spkm [3] SpkmCredentials
+}
+
+SimpleCredentials ::= SEQUENCE {
+ name [0] DistinguishedName,
+ validity
+ [1] SET {time1 [0] CHOICE {utc UTCTime,
+ gt GeneralizedTime} OPTIONAL,
+ time2 [1] CHOICE {utc UTCTime,
+ gt GeneralizedTime} OPTIONAL,
+ random1 [2] BIT STRING OPTIONAL,
+ random2 [3] BIT STRING OPTIONAL} OPTIONAL,
+ password
+ [2] CHOICE {unprotected OCTET STRING,
+ protected SIGNATURE{OCTET STRING}} OPTIONAL
+}
+
+StrongCredentials ::= SET {
+ certification-path [0] CertificationPath OPTIONAL,
+ bind-token [1] Token,
+ name [2] DistinguishedName OPTIONAL,
+ attributeCertificationPath [3] AttributeCertificationPath OPTIONAL
+}
+
+SpkmCredentials ::= CHOICE {req [0] SPKM-REQ,
+ rep [1] SPKM-REP-TI
+}
+
+Token ::=
+ SIGNED
+ {SEQUENCE {algorithm [0] AlgorithmIdentifier,
+ name [1] DistinguishedName,
+ time [2] UTCTime,
+ random [3] BIT STRING,
+ response [4] BIT STRING OPTIONAL,
+ bindIntAlgorithm
+ [5] SEQUENCE SIZE (1..MAX) OF AlgorithmIdentifier OPTIONAL,
+ bindIntKeyInfo [6] BindKeyInfo OPTIONAL,
+ bindConfAlgorithm
+ [7] SEQUENCE SIZE (1..MAX) OF AlgorithmIdentifier OPTIONAL,
+ bindConfKeyInfo
+ [8] BindKeyInfo--,--
+ OPTIONAL -- dirqop [9] OBJECT IDENTIFIER OPTIONAL--
+ }}
+
+Versions ::= BIT STRING {v1(0), v2(1)}
+
+DirectoryBindResult ::= DirectoryBindArgument
+
+directoryBindError ERROR ::= {
+ PARAMETER OPTIONALLY-PROTECTED
+ {SET {versions [0] Versions DEFAULT {v1},
+ error
+ CHOICE {serviceError [1] ServiceProblem,
+ securityError [2] SecurityProblem},
+ securityParameters [30] SecurityParameters OPTIONAL}}
+}
+
+BindKeyInfo ::= ENCRYPTED{BIT STRING}
+
+directoryUnbind OPERATION ::= emptyUnbind
+
+-- Operations, arguments, and results
+read OPERATION ::= {
+ ARGUMENT ReadArgument
+ RESULT ReadResult
+ ERRORS
+ {attributeError | nameError | serviceError | referral | abandoned |
+ securityError}
+ CODE id-opcode-read
+}
+
+ReadArgument ::=
+ OPTIONALLY-PROTECTED
+ {SET {object [0] Name,
+ selection [1] EntryInformationSelection DEFAULT {},
+ modifyRightsRequest [2] BOOLEAN DEFAULT FALSE,
+ COMPONENTS OF CommonArguments}}
+
+ReadResult ::=
+ OPTIONALLY-PROTECTED
+ {SET {entry [0] EntryInformation,
+ modifyRights [1] ModifyRights OPTIONAL,
+ COMPONENTS OF CommonResults}}
+
+ModifyRights ::=
+ SET OF
+ SEQUENCE {item
+ CHOICE {entry [0] NULL,
+ attribute [1] AttributeType,
+ value [2] AttributeValueAssertion},
+ permission
+ [3] BIT STRING {add(0), remove(1), rename(2), move(3)}
+ }
+
+compare OPERATION ::= {
+ ARGUMENT CompareArgument
+ RESULT CompareResult
+ ERRORS
+ {attributeError | nameError | serviceError | referral | abandoned |
+ securityError}
+ CODE id-opcode-compare
+}
+
+CompareArgument ::=
+ OPTIONALLY-PROTECTED
+ {SET {object [0] Name,
+ purported [1] AttributeValueAssertion,
+ COMPONENTS OF CommonArguments}}
+
+CompareResult ::=
+ OPTIONALLY-PROTECTED
+ {SET {name Name OPTIONAL,
+ matched [0] BOOLEAN,
+ fromEntry [1] BOOLEAN DEFAULT TRUE,
+ matchedSubtype [2] AttributeType OPTIONAL,
+ COMPONENTS OF CommonResults}}
+
+abandon OPERATION ::= {
+ ARGUMENT AbandonArgument
+ RESULT AbandonResult
+ ERRORS {abandonFailed}
+ CODE id-opcode-abandon
+}
+
+AbandonArgument ::=
+ OPTIONALLY-PROTECTED-SEQ{SEQUENCE {invokeID [0] InvokeId}}
+
+AbandonResult ::= CHOICE {
+ null NULL,
+ information
+ OPTIONALLY-PROTECTED-SEQ{SEQUENCE {invokeID InvokeId,
+ COMPONENTS OF CommonResultsSeq
+ }}
+}
+
+list OPERATION ::= {
+ ARGUMENT ListArgument
+ RESULT ListResult
+ ERRORS {nameError | serviceError | referral | abandoned | securityError}
+ CODE id-opcode-list
+}
+
+ListArgument ::=
+ OPTIONALLY-PROTECTED
+ {SET {object [0] Name,
+ pagedResults [1] PagedResultsRequest OPTIONAL,
+ listFamily [2] BOOLEAN DEFAULT FALSE,
+ COMPONENTS OF CommonArguments}}
+
+ListResult ::=
+ OPTIONALLY-PROTECTED
+ {CHOICE {listInfo
+ SET {name Name OPTIONAL,
+ subordinates
+ [1] SET OF
+ SEQUENCE {rdn RelativeDistinguishedName,
+ aliasEntry [0] BOOLEAN DEFAULT FALSE,
+ fromEntry [1] BOOLEAN DEFAULT TRUE
+ },
+ partialOutcomeQualifier
+ [2] PartialOutcomeQualifier OPTIONAL,
+ COMPONENTS OF CommonResults},
+ uncorrelatedListInfo [0] SET OF ListResult}}
+
+PartialOutcomeQualifier ::= SET {
+ limitProblem [0] LimitProblem OPTIONAL,
+ unexplored
+ [1] SET SIZE (1..MAX) OF ContinuationReference OPTIONAL,
+ unavailableCriticalExtensions [2] BOOLEAN DEFAULT FALSE,
+ unknownErrors
+ [3] SET SIZE (1..MAX) OF ABSTRACT-SYNTAX.&Type OPTIONAL,
+ queryReference [4] OCTET STRING OPTIONAL,
+ overspecFilter [5] Filter OPTIONAL,
+ notification
+ [6] SEQUENCE SIZE (1..MAX) OF Attribute OPTIONAL,
+ entryCount
+ CHOICE {bestEstimate [7] INTEGER,
+ lowEstimate [8] INTEGER} OPTIONAL
+}
+
+LimitProblem ::= INTEGER {
+ timeLimitExceeded(0), sizeLimitExceeded(1), administrativeLimitExceeded(2)
+}
+
+search OPERATION ::= {
+ ARGUMENT SearchArgument
+ RESULT SearchResult
+ ERRORS
+ {attributeError | nameError | serviceError | referral | abandoned |
+ securityError}
+ CODE id-opcode-search
+}
+
+SearchArgument ::=
+ OPTIONALLY-PROTECTED
+ {SET {baseObject [0] Name,
+ subset
+ [1] INTEGER {baseObject(0), oneLevel(1), wholeSubtree(2)}
+ DEFAULT baseObject,
+ filter [2] Filter DEFAULT and:{},
+ searchAliases [3] BOOLEAN DEFAULT TRUE,
+ selection [4] EntryInformationSelection DEFAULT {},
+ pagedResults [5] PagedResultsRequest OPTIONAL,
+ matchedValuesOnly [6] BOOLEAN DEFAULT FALSE,
+ extendedFilter [7] Filter OPTIONAL,
+ checkOverspecified [8] BOOLEAN DEFAULT FALSE,
+ relaxation [9] RelaxationPolicy OPTIONAL,
+ extendedArea [10] INTEGER OPTIONAL,
+ hierarchySelections [11] HierarchySelections DEFAULT {self},
+ searchControlOptions
+ [12] SearchControlOptions DEFAULT {searchAliases},
+ joinArguments
+ [13] SEQUENCE SIZE (1..MAX) OF JoinArgument OPTIONAL,
+ joinType
+ [14] ENUMERATED {innerJoin(0), leftOuterJoin(1), fullOuterJoin(2)}
+ DEFAULT leftOuterJoin,
+ COMPONENTS OF CommonArguments}}
+
+HierarchySelections ::= BIT STRING {
+ self(0), children(1), parent(2), hierarchy(3), top(4), subtree(5),
+ siblings(6), siblingChildren(7), siblingSubtree(8), all(9)}
+
+SearchControlOptions ::= BIT STRING {
+ searchAliases(0), matchedValuesOnly(1), checkOverspecified(2),
+ performExactly(3), includeAllAreas(4), noSystemRelaxation(5), dnAttribute(6),
+ matchOnResidualName(7), entryCount(8), useSubset(9),
+ separateFamilyMembers(10), searchFamily(11)}
+
+JoinArgument ::= SEQUENCE {
+ joinBaseObject [0] Name,
+ domainLocalID [1] DomainLocalID OPTIONAL,
+ joinSubset
+ [2] ENUMERATED {baseObject(0), oneLevel(1), wholeSubtree(2)}
+ DEFAULT baseObject,
+ joinFilter [3] Filter OPTIONAL,
+ joinAttributes [4] SEQUENCE SIZE (1..MAX) OF JoinAttPair OPTIONAL,
+ joinSelection [5] EntryInformationSelection
+}
+
+DomainLocalID ::= DirectoryString{ub-domainLocalID}
+
+JoinAttPair ::= SEQUENCE {
+ baseAtt AttributeType,
+ joinAtt AttributeType,
+ joinContext SEQUENCE SIZE (1..MAX) OF JoinContextType OPTIONAL
+}
+
+JoinContextType ::= CONTEXT.&id({SupportedContexts})
+
+SearchResult ::=
+ OPTIONALLY-PROTECTED
+ {CHOICE {searchInfo
+ SET {name Name OPTIONAL,
+ entries [0] SET OF EntryInformation,
+ partialOutcomeQualifier
+ [2] PartialOutcomeQualifier OPTIONAL,
+ altMatching [3] BOOLEAN DEFAULT FALSE,
+ COMPONENTS OF CommonResults},
+ uncorrelatedSearchInfo [0] SET OF SearchResult}}
+
+addEntry OPERATION ::= {
+ ARGUMENT AddEntryArgument
+ RESULT AddEntryResult
+ ERRORS
+ {attributeError | nameError | serviceError | referral | securityError |
+ updateError}
+ CODE id-opcode-addEntry
+}
+
+AddEntryArgument ::=
+ OPTIONALLY-PROTECTED
+ {SET {object [0] Name,
+ entry [1] SET OF Attribute,
+ targetSystem [2] AccessPoint OPTIONAL,
+ COMPONENTS OF CommonArguments}}
+
+AddEntryResult ::= CHOICE {
+ null NULL,
+ information
+ OPTIONALLY-PROTECTED-SEQ{SEQUENCE {COMPONENTS OF CommonResultsSeq}}
+}
+
+removeEntry OPERATION ::= {
+ ARGUMENT RemoveEntryArgument
+ RESULT RemoveEntryResult
+ ERRORS {nameError | serviceError | referral | securityError | updateError}
+ CODE id-opcode-removeEntry
+}
+
+RemoveEntryArgument ::=
+ OPTIONALLY-PROTECTED{SET {object [0] Name,
+ COMPONENTS OF CommonArguments}}
+
+RemoveEntryResult ::= CHOICE {
+ null NULL,
+ information
+ OPTIONALLY-PROTECTED-SEQ{SEQUENCE {COMPONENTS OF CommonResultsSeq}}
+}
+
+modifyEntry OPERATION ::= {
+ ARGUMENT ModifyEntryArgument
+ RESULT ModifyEntryResult
+ ERRORS
+ {attributeError | nameError | serviceError | referral | securityError |
+ updateError}
+ CODE id-opcode-modifyEntry
+}
+
+ModifyEntryArgument ::=
+ OPTIONALLY-PROTECTED
+ {SET {object [0] Name,
+ changes [1] SEQUENCE OF EntryModification,
+ selection [2] EntryInformationSelection OPTIONAL,
+ COMPONENTS OF CommonArguments}}
+
+ModifyEntryResult ::= CHOICE {
+ null NULL,
+ information
+ OPTIONALLY-PROTECTED-SEQ{SEQUENCE {entry [0] EntryInformation OPTIONAL,
+ COMPONENTS OF CommonResultsSeq
+ }}
+}
+
+EntryModification ::= CHOICE {
+ addAttribute [0] Attribute,
+ removeAttribute [1] AttributeType,
+ addValues [2] Attribute,
+ removeValues [3] Attribute,
+ alterValues [4] AttributeTypeAndValue,
+ resetValue [5] AttributeType
+}
+
+modifyDN OPERATION ::= {
+ ARGUMENT ModifyDNArgument
+ RESULT ModifyDNResult
+ ERRORS {nameError | serviceError | referral | securityError | updateError}
+ CODE id-opcode-modifyDN
+}
+
+ModifyDNArgument ::=
+ OPTIONALLY-PROTECTED
+ {SET {object [0] DistinguishedName,
+ newRDN [1] RelativeDistinguishedName,
+ deleteOldRDN [2] BOOLEAN DEFAULT FALSE,
+ newSuperior [3] DistinguishedName OPTIONAL,
+ COMPONENTS OF CommonArguments}}
+
+ModifyDNResult ::= CHOICE {
+ null NULL,
+ information
+ OPTIONALLY-PROTECTED-SEQ{SEQUENCE {newRDN RelativeDistinguishedName,
+ COMPONENTS OF CommonResultsSeq
+ }}
+}
+
+-- Errors and parameters
+abandoned ERROR ::= { -- not literally an "error"
+ PARAMETER OPTIONALLY-PROTECTED {SET {COMPONENTS OF CommonResults}}
+ CODE id-errcode-abandoned
+}
+
+abandonFailed ERROR ::= {
+ PARAMETER OPTIONALLY-PROTECTED
+ {SET {problem [0] AbandonProblem,
+ operation [1] InvokeId,
+ COMPONENTS OF CommonResults}}
+ CODE id-errcode-abandonFailed
+}
+
+AbandonProblem ::= INTEGER {noSuchOperation(1), tooLate(2), cannotAbandon(3)}
+
+attributeError ERROR ::= {
+ PARAMETER OPTIONALLY-PROTECTED
+ {SET {object [0] Name,
+ problems
+ [1] SET OF
+ SEQUENCE {problem [0] AttributeProblem,
+ type [1] AttributeType,
+ value [2] AttributeValue OPTIONAL},
+ COMPONENTS OF CommonResults}}
+ CODE id-errcode-attributeError
+}
+
+AttributeProblem ::= INTEGER {
+ noSuchAttributeOrValue(1), invalidAttributeSyntax(2),
+ undefinedAttributeType(3), inappropriateMatching(4), constraintViolation(5),
+ attributeOrValueAlreadyExists(6), contextViolation(7)}
+
+nameError ERROR ::= {
+ PARAMETER OPTIONALLY-PROTECTED
+ {SET {problem [0] NameProblem,
+ matched [1] Name,
+ COMPONENTS OF CommonResults}}
+ CODE id-errcode-nameError
+}
+
+NameProblem ::= INTEGER {
+ noSuchObject(1), aliasProblem(2), invalidAttributeSyntax(3),
+ aliasDereferencingProblem(4), contextProblem(5)}
+
+referral ERROR ::= { -- not literally an "error"
+ PARAMETER OPTIONALLY-PROTECTED
+ {SET {candidate [0] ContinuationReference,
+ COMPONENTS OF CommonResults}}
+ CODE id-errcode-referral
+}
+
+securityError ERROR ::= {
+ PARAMETER OPTIONALLY-PROTECTED
+ {SET {problem [0] SecurityProblem,
+ spkmInfo [1] SPKM-ERROR,
+ COMPONENTS OF CommonResults}}
+ CODE id-errcode-securityError
+}
+
+SecurityProblem ::= INTEGER {
+ inappropriateAuthentication(1), invalidCredentials(2),
+ insufficientAccessRights(3), invalidSignature(4), protectionRequired(5),
+ noInformation(6), blockedCredentials(7), invalidQOPMatch(8), spkmError(9)
+}
+
+serviceError ERROR ::= {
+ PARAMETER OPTIONALLY-PROTECTED
+ {SET {problem [0] ServiceProblem,
+ COMPONENTS OF CommonResults}}
+ CODE id-errcode-serviceError
+}
+
+ServiceProblem ::= INTEGER {
+ busy(1), unavailable(2), unwillingToPerform(3), chainingRequired(4),
+ unableToProceed(5), invalidReference(6), timeLimitExceeded(7),
+ administrativeLimitExceeded(8), loopDetected(9),
+ unavailableCriticalExtension(10), outOfScope(11), ditError(12),
+ invalidQueryReference(13), requestedServiceNotAvailable(14),
+ relaxationNotSupported(15), unsupportedMatchingUse(16)}
+
+updateError ERROR ::= {
+ PARAMETER OPTIONALLY-PROTECTED
+ {SET {problem [0] UpdateProblem,
+ attributeInfo
+ [1] SET SIZE (1..MAX) OF
+ CHOICE {attributeType AttributeType,
+ attribute Attribute} OPTIONAL,
+ COMPONENTS OF CommonResults}}
+ CODE id-errcode-updateError
+}
+
+UpdateProblem ::= INTEGER {
+ namingViolation(1), objectClassViolation(2), notAllowedOnNonLeaf(3),
+ notAllowedOnRDN(4), entryAlreadyExists(5), affectsMultipleDSAs(6),
+ objectClassModificationProhibited(7), noSuchSuperior(8), notAncestor(9),
+ parentNotAncestor(10), hierarchyRuleViolation(11), familyRuleViolation(12)
+}
+
+-- attribute types
+id-at-family-information OBJECT IDENTIFIER ::= {id-at 64}
+
+END -- DirectoryAbstractService
+
+-- Generated by Asnp, the ASN.1 pretty-printer of France Telecom R&D
+