1 LDAP DEFINITIONS IMPLICIT TAGS ::=
3 PREFIXES encode decode print
10 -- unique id in request,
11 -- to be echoed in response(s)
13 searchRequest SearchRequest,
14 searchResponse SearchResponse,
15 modifyRequest ModifyRequest,
16 modifyResponse ModifyResponse,
17 addRequest AddRequest,
18 addResponse AddResponse,
19 delRequest DelRequest,
20 delResponse DelResponse,
21 modifyDNRequest ModifyRDNRequest,
22 modifyDNResponse ModifyRDNResponse,
23 compareDNRequest CompareRequest,
24 compareDNResponse CompareResponse,
25 bindRequest BindRequest,
26 bindResponse BindResponse,
27 abandonRequest AbandonRequest,
28 unbindRequest UnbindRequest
33 [APPLICATION 0] SEQUENCE {
34 version INTEGER (1 .. 127),
35 -- current version is 2
37 -- null name implies an anonymous bind
38 authentication CHOICE {
39 simple [0] OCTET STRING,
40 -- a zero length octet string
41 -- implies an unauthenticated
43 krbv42LDAP [1] OCTET STRING,
44 krbv42DSA [2] OCTET STRING
45 -- values as returned by
47 -- Other values in later
48 -- versions of this protocol.
52 BindResponse ::= [APPLICATION 1] LDAPResult
54 UnbindRequest ::= [APPLICATION 2] NULL
57 [APPLICATION 3] SEQUENCE {
64 derefAliases ENUMERATED {
65 neverDerefAliases (0),
67 derefFindingBaseObj (2),
68 alwaysDerefAliases (3)
70 sizeLimit INTEGER (0 .. maxInt),
71 -- value of 0 implies no sizelimit
72 timeLimit INTEGER (0 .. maxInt),
73 -- value of 0 implies no timelimit
75 -- TRUE, if only attributes (without values)
78 attributes SEQUENCE OF AttributeType
83 entry [APPLICATION 4] SEQUENCE {
85 attributes SEQUENCE OF SEQUENCE {
91 resultCode [APPLICATION 5] LDAPResult
95 [APPLICATION 6] SEQUENCE {
97 modifications SEQUENCE OF SEQUENCE {
98 operation ENUMERATED {
103 modification SEQUENCE {
112 ModifyResponse ::= [APPLICATION 7] LDAPResult
115 [APPLICATION 8] SEQUENCE {
117 attrs SEQUENCE OF SEQUENCE {
119 values SET OF AttributeValue
123 AddResponse ::= [APPLICATION 9] LDAPResult
125 DelRequest ::= [APPLICATION 10] LDAPDN
127 DelResponse ::= [APPLICATION 11] LDAPResult
130 [APPLICATION 12] SEQUENCE {
132 newrdn RelativeLDAPDN -- old RDN always deleted
135 ModifyRDNResponse ::= [APPLICATION 13] LDAPResult
138 [APPLICATION 14] SEQUENCE {
140 ava AttributeValueAssertion
143 CompareResponse ::= [APPLICATION 15] LDAPResult
145 AbandonRequest ::= [APPLICATION 16] MessageID
147 MessageID ::= INTEGER (0 .. maxInt)
149 LDAPDN ::= OCTET STRING
151 RelativeLDAPDN ::= OCTET STRING
155 and [0] SET OF Filter,
156 or [1] SET OF Filter,
158 equalityMatch [3] AttributeValueAssertion,
159 substrings [4] SubstringFilter,
160 greaterOrEqual [5] AttributeValueAssertion,
161 lessOrEqual [6] AttributeValueAssertion,
162 present [7] AttributeType,
163 approxMatch [8] AttributeValueAssertion
168 resultCode ENUMERATED {
172 timeLimitExceeded (3),
173 sizeLimitExceeded (4),
176 authMethodNotSupported (7),
177 strongAuthRequired (8),
178 noSuchAttribute (16),
179 undefinedAttributeType (17),
180 inappropriateMatching (18),
181 constraintViolation (19),
182 attributeOrValueExists (20),
183 invalidAttributeSyntax (21),
186 invalidDNSyntax (34),
188 aliasDereferencingProblem (36),
189 inappropriateAuthentication (48),
190 invalidCredentials (49),
191 insufficientAccessRights (50),
194 unwillingToPerform (53),
196 namingViolation (64),
197 objectClassViolation (65),
198 notAllowedOnNonLeaf (66),
199 notAllowedOnRDN (67),
200 entryAlreadyExists (68),
201 objectClassModsProhibited (69),
205 errorMessage OCTET STRING
208 AttributeType ::= OCTET STRING
209 -- text name of the attribute, or dotted
210 -- OID representation
212 AttributeValue ::= OCTET STRING
214 AttributeValueAssertion ::=
216 attributeType AttributeType,
217 attributeValue AttributeValue
224 initial [0] OCTET STRING,
225 any [1] OCTET STRING,
226 final [2] OCTET STRING
230 maxInt INTEGER ::= 65535