Permalink
Browse files

Update ELDAPv3 RFC 4511

  • Loading branch information...
1 parent 6d6d2f6 commit 1c6d13629c20f1af757412fe88211cacacf5da8a @voluntas voluntas committed Jan 13, 2011
Showing with 207 additions and 246 deletions.
  1. +4 −4 Makefile
  2. +196 −209 asn1/ELDAPv3.asn1
  3. +0 −26 src/Makefile
  4. +3 −3 src/eldap.erl
  5. +4 −4 src/eldap_fsm.erl
View
8 Makefile
@@ -1,7 +1,7 @@
+all: compile
-all:
- (cd src;$(MAKE))
+compile:
+ ./rebar compile
clean:
- (cd src;$(MAKE) clean)
-
+ ./rebar clean
View
405 asn1/ELDAPv3.asn1
@@ -1,254 +1,243 @@
--- LDAPv3 ASN.1 specification, taken from RFC 2251
-
--- Lightweight-Directory-Access-Protocol-V3 DEFINITIONS
+-- Lightweight-Directory-Access-Protocol-V3 {1 3 6 1 1 18}
+-- Copyright (C) The Internet Society (2006). This version of
+-- this ASN.1 module is part of RFC 4511; see the RFC itself
+-- for full legal notices.
ELDAPv3 DEFINITIONS
-IMPLICIT TAGS ::=
+IMPLICIT TAGS
+EXTENSIBILITY IMPLIED ::=
BEGIN
LDAPMessage ::= SEQUENCE {
- messageID MessageID,
- protocolOp CHOICE {
- bindRequest BindRequest,
- bindResponse BindResponse,
- unbindRequest UnbindRequest,
- searchRequest SearchRequest,
- searchResEntry SearchResultEntry,
- searchResDone SearchResultDone,
- searchResRef SearchResultReference,
- modifyRequest ModifyRequest,
- modifyResponse ModifyResponse,
- addRequest AddRequest,
- addResponse AddResponse,
- delRequest DelRequest,
- delResponse DelResponse,
- modDNRequest ModifyDNRequest,
- modDNResponse ModifyDNResponse,
- compareRequest CompareRequest,
- compareResponse CompareResponse,
- abandonRequest AbandonRequest,
- extendedReq ExtendedRequest,
- extendedResp ExtendedResponse },
- controls [0] Controls OPTIONAL }
-
-MessageID ::= INTEGER (0 .. maxInt)
+ messageID MessageID,
+ protocolOp CHOICE {
+ bindRequest BindRequest,
+ bindResponse BindResponse,
+ unbindRequest UnbindRequest,
+ searchRequest SearchRequest,
+ searchResEntry SearchResultEntry,
+ searchResDone SearchResultDone,
+ searchResRef SearchResultReference,
+ modifyRequest ModifyRequest,
+ modifyResponse ModifyResponse,
+ addRequest AddRequest,
+ addResponse AddResponse,
+ delRequest DelRequest,
+ delResponse DelResponse,
+ modDNRequest ModifyDNRequest,
+ modDNResponse ModifyDNResponse,
+ compareRequest CompareRequest,
+ compareResponse CompareResponse,
+ abandonRequest AbandonRequest,
+ extendedReq ExtendedRequest,
+ extendedResp ExtendedResponse,
+ ...,
+ intermediateResponse IntermediateResponse },
+ controls [0] Controls OPTIONAL }
+
+MessageID ::= INTEGER (0 .. maxInt)
maxInt INTEGER ::= 2147483647 -- (2^^31 - 1) --
-LDAPString ::= OCTET STRING
-
-LDAPOID ::= OCTET STRING
+LDAPString ::= OCTET STRING -- UTF-8 encoded,
+ -- [ISO10646] characters
-LDAPDN ::= LDAPString
+LDAPOID ::= OCTET STRING -- Constrained to <numericoid>
+ -- [RFC4512]
-RelativeLDAPDN ::= LDAPString
+LDAPDN ::= LDAPString -- Constrained to <distinguishedName>
+ -- [RFC4514]
-AttributeType ::= LDAPString
+RelativeLDAPDN ::= LDAPString -- Constrained to <name-component>
+ -- [RFC4514]
AttributeDescription ::= LDAPString
-
-
-
-
--- Wahl, et. al. Standards Track [Page 44]
---
--- RFC 2251 LDAPv3 December 1997
-
-
-AttributeDescriptionList ::= SEQUENCE OF
- AttributeDescription
+ -- Constrained to <attributedescription>
+ -- [RFC4512]
AttributeValue ::= OCTET STRING
AttributeValueAssertion ::= SEQUENCE {
- attributeDesc AttributeDescription,
- assertionValue AssertionValue }
+ attributeDesc AttributeDescription,
+ assertionValue AssertionValue }
AssertionValue ::= OCTET STRING
-Attribute ::= SEQUENCE {
- type AttributeDescription,
- vals SET OF AttributeValue }
+PartialAttribute ::= SEQUENCE {
+ type AttributeDescription,
+ vals SET OF value AttributeValue }
+
+Attribute ::= PartialAttribute(WITH COMPONENTS {
+ ...,
+ vals (SIZE(1..MAX))})
MatchingRuleId ::= LDAPString
LDAPResult ::= SEQUENCE {
- resultCode ENUMERATED {
- success (0),
- operationsError (1),
- protocolError (2),
- timeLimitExceeded (3),
- sizeLimitExceeded (4),
- compareFalse (5),
- compareTrue (6),
- authMethodNotSupported (7),
- strongAuthRequired (8),
- -- 9 reserved --
- referral (10), -- new
- adminLimitExceeded (11), -- new
- unavailableCriticalExtension (12), -- new
- confidentialityRequired (13), -- new
- saslBindInProgress (14), -- new
- noSuchAttribute (16),
- undefinedAttributeType (17),
- inappropriateMatching (18),
- constraintViolation (19),
- attributeOrValueExists (20),
- invalidAttributeSyntax (21),
- -- 22-31 unused --
- noSuchObject (32),
- aliasProblem (33),
- invalidDNSyntax (34),
- -- 35 reserved for undefined isLeaf --
- aliasDereferencingProblem (36),
- -- 37-47 unused --
- inappropriateAuthentication (48),
-
--- Wahl, et. al. Standards Track [Page 45]
---
--- RFC 2251 LDAPv3 December 1997
-
-
- invalidCredentials (49),
- insufficientAccessRights (50),
- busy (51),
- unavailable (52),
- unwillingToPerform (53),
- loopDetect (54),
- -- 55-63 unused --
- namingViolation (64),
- objectClassViolation (65),
- notAllowedOnNonLeaf (66),
- notAllowedOnRDN (67),
- entryAlreadyExists (68),
- objectClassModsProhibited (69),
- -- 70 reserved for CLDAP --
- affectsMultipleDSAs (71), -- new
- -- 72-79 unused --
- other (80) },
- -- 81-90 reserved for APIs --
- matchedDN LDAPDN,
- errorMessage LDAPString,
- referral [3] Referral OPTIONAL }
-
-Referral ::= SEQUENCE OF LDAPURL
-
-LDAPURL ::= LDAPString -- limited to characters permitted in URLs
-
-Controls ::= SEQUENCE OF Control
+ resultCode ENUMERATED {
+ success (0),
+ operationsError (1),
+ protocolError (2),
+ timeLimitExceeded (3),
+ sizeLimitExceeded (4),
+ compareFalse (5),
+ compareTrue (6),
+ authMethodNotSupported (7),
+ strongerAuthRequired (8),
+ -- 9 reserved --
+ referral (10),
+ adminLimitExceeded (11),
+ unavailableCriticalExtension (12),
+ confidentialityRequired (13),
+ saslBindInProgress (14),
+
+ noSuchAttribute (16),
+ undefinedAttributeType (17),
+ inappropriateMatching (18),
+ constraintViolation (19),
+ attributeOrValueExists (20),
+ invalidAttributeSyntax (21),
+ -- 22-31 unused --
+ noSuchObject (32),
+ aliasProblem (33),
+ invalidDNSyntax (34),
+ -- 35 reserved for undefined isLeaf --
+ aliasDereferencingProblem (36),
+ -- 37-47 unused --
+ inappropriateAuthentication (48),
+ invalidCredentials (49),
+ insufficientAccessRights (50),
+ busy (51),
+ unavailable (52),
+ unwillingToPerform (53),
+ loopDetect (54),
+ -- 55-63 unused --
+ namingViolation (64),
+ objectClassViolation (65),
+ notAllowedOnNonLeaf (66),
+ notAllowedOnRDN (67),
+ entryAlreadyExists (68),
+ objectClassModsProhibited (69),
+ -- 70 reserved for CLDAP --
+ affectsMultipleDSAs (71),
+ -- 72-79 unused --
+ other (80),
+ ... },
+ matchedDN LDAPDN,
+ diagnosticMessage LDAPString,
+ referral [3] Referral OPTIONAL }
+
+Referral ::= SEQUENCE SIZE (1..MAX) OF uri URI
+
+URI ::= LDAPString -- limited to characters permitted in
+ -- URIs
+
+Controls ::= SEQUENCE OF control Control
Control ::= SEQUENCE {
- controlType LDAPOID,
- criticality BOOLEAN DEFAULT FALSE,
- controlValue OCTET STRING OPTIONAL }
+ controlType LDAPOID,
+ criticality BOOLEAN DEFAULT FALSE,
+ controlValue OCTET STRING OPTIONAL }
BindRequest ::= [APPLICATION 0] SEQUENCE {
- version INTEGER (1 .. 127),
- name LDAPDN,
- authentication AuthenticationChoice }
+ version INTEGER (1 .. 127),
+ name LDAPDN,
+ authentication AuthenticationChoice }
AuthenticationChoice ::= CHOICE {
- simple [0] OCTET STRING,
- -- 1 and 2 reserved
- sasl [3] SaslCredentials }
+ simple [0] OCTET STRING,
+ -- 1 and 2 reserved
+ sasl [3] SaslCredentials,
+ ... }
SaslCredentials ::= SEQUENCE {
- mechanism LDAPString,
- credentials OCTET STRING OPTIONAL }
+ mechanism LDAPString,
+ credentials OCTET STRING OPTIONAL }
BindResponse ::= [APPLICATION 1] SEQUENCE {
-
--- Wahl, et. al. Standards Track [Page 46]
---
--- RFC 2251 LDAPv3 December 1997
-
-
COMPONENTS OF LDAPResult,
serverSaslCreds [7] OCTET STRING OPTIONAL }
UnbindRequest ::= [APPLICATION 2] NULL
SearchRequest ::= [APPLICATION 3] SEQUENCE {
- baseObject LDAPDN,
- scope ENUMERATED {
- baseObject (0),
- singleLevel (1),
- wholeSubtree (2) },
- derefAliases ENUMERATED {
- neverDerefAliases (0),
- derefInSearching (1),
- derefFindingBaseObj (2),
- derefAlways (3) },
- sizeLimit INTEGER (0 .. maxInt),
- timeLimit INTEGER (0 .. maxInt),
- typesOnly BOOLEAN,
- filter Filter,
- attributes AttributeDescriptionList }
+ baseObject LDAPDN,
+ scope ENUMERATED {
+ baseObject (0),
+ singleLevel (1),
+ wholeSubtree (2),
+ ... },
+ derefAliases ENUMERATED {
+ neverDerefAliases (0),
+ derefInSearching (1),
+ derefFindingBaseObj (2),
+ derefAlways (3) },
+ sizeLimit INTEGER (0 .. maxInt),
+ timeLimit INTEGER (0 .. maxInt),
+ typesOnly BOOLEAN,
+ filter Filter,
+ attributes AttributeSelection }
+
+AttributeSelection ::= SEQUENCE OF selector LDAPString
+ -- The LDAPString is constrained to
+ -- <attributeSelector> in Section 4.5.1.8
Filter ::= CHOICE {
- and [0] SET OF Filter,
- or [1] SET OF Filter,
- not [2] Filter,
- equalityMatch [3] AttributeValueAssertion,
- substrings [4] SubstringFilter,
- greaterOrEqual [5] AttributeValueAssertion,
- lessOrEqual [6] AttributeValueAssertion,
- present [7] AttributeDescription,
- approxMatch [8] AttributeValueAssertion,
- extensibleMatch [9] MatchingRuleAssertion }
+ and [0] SET SIZE (1..MAX) OF filter Filter,
+ or [1] SET SIZE (1..MAX) OF filter Filter,
+ not [2] Filter,
+ equalityMatch [3] AttributeValueAssertion,
+ substrings [4] SubstringFilter,
+ greaterOrEqual [5] AttributeValueAssertion,
+ lessOrEqual [6] AttributeValueAssertion,
+ present [7] AttributeDescription,
+ approxMatch [8] AttributeValueAssertion,
+ extensibleMatch [9] MatchingRuleAssertion,
+ ... }
SubstringFilter ::= SEQUENCE {
- type AttributeDescription,
- -- at least one must be present
- substrings SEQUENCE OF CHOICE {
- initial [0] LDAPString,
- any [1] LDAPString,
- final [2] LDAPString } }
+ type AttributeDescription,
+ substrings SEQUENCE SIZE (1..MAX) OF substring CHOICE {
+ initial [0] AssertionValue, -- can occur at most once
+ any [1] AssertionValue,
+ final [2] AssertionValue } -- can occur at most once
+ }
MatchingRuleAssertion ::= SEQUENCE {
- matchingRule [1] MatchingRuleId OPTIONAL,
- type [2] AttributeDescription OPTIONAL,
- matchValue [3] AssertionValue,
- dnAttributes [4] BOOLEAN DEFAULT FALSE }
-
--- Wahl, et. al. Standards Track [Page 47]
---
--- RFC 2251 LDAPv3 December 1997
+ matchingRule [1] MatchingRuleId OPTIONAL,
+ type [2] AttributeDescription OPTIONAL,
+ matchValue [3] AssertionValue,
+ dnAttributes [4] BOOLEAN DEFAULT FALSE }
SearchResultEntry ::= [APPLICATION 4] SEQUENCE {
- objectName LDAPDN,
- attributes PartialAttributeList }
+ objectName LDAPDN,
+ attributes PartialAttributeList }
-PartialAttributeList ::= SEQUENCE OF SEQUENCE {
- type AttributeDescription,
- vals SET OF AttributeValue }
+PartialAttributeList ::= SEQUENCE OF
+ partialAttribute PartialAttribute
-SearchResultReference ::= [APPLICATION 19] SEQUENCE OF LDAPURL
+SearchResultReference ::= [APPLICATION 19] SEQUENCE
+ SIZE (1..MAX) OF uri URI
SearchResultDone ::= [APPLICATION 5] LDAPResult
ModifyRequest ::= [APPLICATION 6] SEQUENCE {
- object LDAPDN,
- modification SEQUENCE OF SEQUENCE {
- operation ENUMERATED {
- add (0),
- delete (1),
- replace (2) },
- modification AttributeTypeAndValues } }
-
-AttributeTypeAndValues ::= SEQUENCE {
- type AttributeDescription,
- vals SET OF AttributeValue }
+ object LDAPDN,
+ changes SEQUENCE OF change SEQUENCE {
+ operation ENUMERATED {
+ add (0),
+ delete (1),
+ replace (2),
+ ... },
+ modification PartialAttribute } }
ModifyResponse ::= [APPLICATION 7] LDAPResult
AddRequest ::= [APPLICATION 8] SEQUENCE {
- entry LDAPDN,
- attributes AttributeList }
+ entry LDAPDN,
+ attributes AttributeList }
-AttributeList ::= SEQUENCE OF SEQUENCE {
- type AttributeDescription,
- vals SET OF AttributeValue }
+AttributeList ::= SEQUENCE OF attribute Attribute
AddResponse ::= [APPLICATION 9] LDAPResult
@@ -257,35 +246,33 @@ DelRequest ::= [APPLICATION 10] LDAPDN
DelResponse ::= [APPLICATION 11] LDAPResult
ModifyDNRequest ::= [APPLICATION 12] SEQUENCE {
- entry LDAPDN,
- newrdn RelativeLDAPDN,
- deleteoldrdn BOOLEAN,
- newSuperior [0] LDAPDN OPTIONAL }
+ entry LDAPDN,
+ newrdn RelativeLDAPDN,
+ deleteoldrdn BOOLEAN,
+ newSuperior [0] LDAPDN OPTIONAL }
ModifyDNResponse ::= [APPLICATION 13] LDAPResult
--- Wahl, et. al. Standards Track [Page 48]
---
--- RFC 2251 LDAPv3 December 1997
-
-
CompareRequest ::= [APPLICATION 14] SEQUENCE {
- entry LDAPDN,
- ava AttributeValueAssertion }
+ entry LDAPDN,
+ ava AttributeValueAssertion }
CompareResponse ::= [APPLICATION 15] LDAPResult
AbandonRequest ::= [APPLICATION 16] MessageID
ExtendedRequest ::= [APPLICATION 23] SEQUENCE {
- requestName [0] LDAPOID,
- requestValue [1] OCTET STRING OPTIONAL }
+ requestName [0] LDAPOID,
+ requestValue [1] OCTET STRING OPTIONAL }
ExtendedResponse ::= [APPLICATION 24] SEQUENCE {
- COMPONENTS OF LDAPResult,
- responseName [10] LDAPOID OPTIONAL,
- response [11] OCTET STRING OPTIONAL }
+ COMPONENTS OF LDAPResult,
+ responseName [10] LDAPOID OPTIONAL,
+ responseValue [11] OCTET STRING OPTIONAL }
-END
+IntermediateResponse ::= [APPLICATION 25] SEQUENCE {
+ responseName [0] LDAPOID OPTIONAL,
+ responseValue [1] OCTET STRING OPTIONAL }
+END
View
26 src/Makefile
@@ -1,26 +0,0 @@
-
-ERLC = erlc
-EBIN_DIR = ../ebin
-ERLC_FLAGS += -I ./src -I ../include +debug_info
-ERL_OBJECTS := ${EBIN_DIR}/eldap.beam ${EBIN_DIR}/ELDAPv3.beam ${EBIN_DIR}/eldap_fsm.beam
-
-.SUFFIXES: .asn .erl .beam
-
-$(EBIN_DIR)/%.beam: %.erl
- $(ERLC) $(ERLC_FLAGS) -o $(EBIN_DIR) $<
-
-.PHONY: all
-all: asn $(ERL_OBJECTS)
-
-.PHONY: asn
-asn: ELDAPv3.erl ../ebin/ELDAPv3.beam
-
-ELDAPv3.erl: ELDAPv3.asn
- ${ERLC} ELDAPv3.asn
- mv ELDAPv3.beam ${EBIN_DIR}
-
-.PHONY: clean
-clean:
- -rm $(ERL_OBJECTS) ELDAPv3.erl ELDAPv3.asn1db ELDAPv3.hrl
-
-
View
6 src/eldap.erl
@@ -164,9 +164,9 @@ mod_delete(Type, Values) when list(Type), list(Values) -> m(delete, Type, Value
mod_replace(Type, Values) when list(Type), list(Values) -> m(replace, Type, Values).
m(Operation, Type, Values) ->
- #'ModifyRequest_modification_SEQOF'{
+ #'ModifyRequest_changes_SEQOF'{
operation = Operation,
- modification = #'AttributeTypeAndValues'{
+ modification = #'PartialAttribute'{
type = Type,
vals = Values}}.
@@ -611,7 +611,7 @@ do_modify(Data, Obj, Mod) ->
do_modify_0(Data, Obj, Mod) ->
v_modifications(Mod),
Req = #'ModifyRequest'{object = Obj,
- modification = Mod},
+ changes = Mod},
S = Data#eldap.fd,
Id = bump_id(Data),
log2(Data, "modify request = ~p~n", [Req]),
View
8 src/eldap_fsm.erl
@@ -5,7 +5,7 @@
%%% The interface is based on RFC 1823, and
%%% draft-ietf-asid-ldap-c-api-00.txt
%%%
-%%% Copyright (C) 2000 Torbjörn Törnkvist
+%%% Copyright (C) 2000 Torbjn Tnkvist
%%% Copyright (c) 2010 Torbjorn Tornkvist <tobbe@tornkvist.org>
%%% See MIT-LICENSE at the top dir for licensing information.
%%%
@@ -178,9 +178,9 @@ mod_delete(Type, Values) when list(Type), list(Values) -> m(delete, Type, Value
mod_replace(Type, Values) when list(Type), list(Values) -> m(replace, Type, Values).
m(Operation, Type, Values) ->
- #'ModifyRequest_modification_SEQOF'{
+ #'ModifyRequest_changes_SEQOF'{
operation = Operation,
- modification = #'AttributeTypeAndValues'{
+ modification = #'PartialAttribute'{
type = Type,
vals = Values}}.
@@ -554,7 +554,7 @@ gen_req({modify, Obj, Mod}) ->
v_modifications(Mod),
{modifyRequest,
#'ModifyRequest'{object = Obj,
- modification = Mod}};
+ changes = Mod}};
gen_req({modify_dn, Entry, NewRDN, DelOldRDN, NewSup}) ->
{modDNRequest,
#'ModifyDNRequest'{entry = Entry,

0 comments on commit 1c6d136

Please sign in to comment.