[erlang-bugs] asn1ct out of date?
Kenneth Lundin
kenneth.lundin@REDACTED
Fri Dec 4 13:52:53 CET 2009
Hi,
This isa new LDAP ASN.1 spec that I have not seen before.
The previous ones has passed the Erlang ASN.1 compiler without problems.
The Erlang ASN.1 compiler does not support everything in the 2002
standard of ASN.1 and there might also be limitations vs the 1997
standard.
We have implemented the constructs that we have seen need for because
they have occured in specifications used by our customers.
This is the firs time I see use of:
EXSTENSIBILITY IMPLIED, % I will implement that soon, quite easy
SEQUENCE OF NamedType which is equivalent to
SEQUENCE OF identifier Type % I will implement that too,the
identifier is of no real use as I understand it except maybe if the
XML encoding rules and value notation is to be used. And
we don't support them now.
SET OF identifier Type % will implement that too, same as SEQUENCE OF
SEQUENCE SIZE (1..MAX) OF uri URI % I can't see that this is allowed
syntax in any version of ASN.1?
/Kenneth , Erlang/OTP Ericsson
On Sun, Nov 8, 2009 at 4:38 PM, Steve Davis
<steven.charles.davis@REDACTED> wrote:
> While working towards implementing an LDAP server I found that asn1ct does
> not appear to support the current LDAP asn.1 specification format.
>
> http://tools.ietf.org/html/rfc4511#appendix-B
>
> Attached is the modified ASN.1 for LDAP3 with the statements that cause the
> compile time errors commented out as: --##
>
> Of course, the modified asn file defines a protocol that is no longer
> "according to spec"
>
> /s
>
> --## Lightweight-Directory-Access-Protocol-V3 {1 3 6 1 1 18}
> -- Copyright (C) The Internet Society (2006). This version of
> -- this ASN.1 module is part of RFC 4511; see the RFC itself
> -- for full legal notices.
> LDAP3
> DEFINITIONS
> IMPLICIT TAGS
> --## EXTENSIBILITY IMPLIED
>
> ::=
>
> BEGIN
>
> LDAPMessage ::= SEQUENCE {
> messageID MessageID,
> protocolOp CHOICE {
> bindRequest BindRequest,
> bindResponse BindResponse,
> unbindRequest UnbindRequest,
> searchRequest SearchRequest,
> searchResEntry SearchResultEntry,
> searchResDone SearchResultDone,
> searchResRef SearchResultReference,
> modifyRequest ModifyRequest,
> modifyResponse ModifyResponse,
> addRequest AddRequest,
> addResponse AddResponse,
> delRequest DelRequest,
> delResponse DelResponse,
> modDNRequest ModifyDNRequest,
> modDNResponse ModifyDNResponse,
> compareRequest CompareRequest,
> compareResponse CompareResponse,
> abandonRequest AbandonRequest,
> extendedReq ExtendedRequest,
> extendedResp ExtendedResponse,
> ...,
> intermediateResponse IntermediateResponse },
> controls [0] Controls OPTIONAL }
>
> MessageID ::= INTEGER (0 .. maxInt)
>
> maxInt INTEGER ::= 2147483647 -- (2^^31 - 1) --
>
> LDAPString ::= OCTET STRING -- UTF-8 encoded,
> -- [ISO10646] characters
>
> LDAPOID ::= OCTET STRING -- Constrained to <numericoid>
> -- [RFC4512]
>
> LDAPDN ::= LDAPString -- Constrained to <distinguishedName>
> -- [RFC4514]
>
> RelativeLDAPDN ::= LDAPString -- Constrained to <name-component>
> -- [RFC4514]
>
> AttributeDescription ::= LDAPString
> -- Constrained to <attributedescription>
> -- [RFC4512]
>
> AttributeValue ::= OCTET STRING
>
> AttributeValueAssertion ::= SEQUENCE {
> attributeDesc AttributeDescription,
> assertionValue AssertionValue }
>
> AssertionValue ::= OCTET STRING
>
> PartialAttribute ::= SEQUENCE {
> type AttributeDescription,
> --## vals SET OF value AttributeValue }
> vals SET OF AttributeValue }
>
> Attribute ::= PartialAttribute(WITH COMPONENTS {
> ...,
> vals (SIZE(1..MAX))})
>
> MatchingRuleId ::= LDAPString
>
> LDAPResult ::= SEQUENCE {
> resultCode ENUMERATED {
> success (0),
> operationsError (1),
> protocolError (2),
> timeLimitExceeded (3),
> sizeLimitExceeded (4),
> compareFalse (5),
> compareTrue (6),
> authMethodNotSupported (7),
> strongerAuthRequired (8),
> -- 9 reserved --
> referral (10),
> adminLimitExceeded (11),
> unavailableCriticalExtension (12),
> confidentialityRequired (13),
> saslBindInProgress (14),
> -- 15??? --
> noSuchAttribute (16),
> undefinedAttributeType (17),
> inappropriateMatching (18),
> constraintViolation (19),
> attributeOrValueExists (20),
> invalidAttributeSyntax (21),
> -- 22-31 unused --
> noSuchObject (32),
> aliasProblem (33),
> invalidDNSyntax (34),
> -- 35 reserved for undefined isLeaf --
> aliasDereferencingProblem (36),
> -- 37-47 unused --
> inappropriateAuthentication (48),
> invalidCredentials (49),
> insufficientAccessRights (50),
> busy (51),
> unavailable (52),
> unwillingToPerform (53),
> loopDetect (54),
> -- 55-63 unused --
> namingViolation (64),
> objectClassViolation (65),
> notAllowedOnNonLeaf (66),
> notAllowedOnRDN (67),
> entryAlreadyExists (68),
> objectClassModsProhibited (69),
> -- 70 reserved for CLDAP --
> affectsMultipleDSAs (71),
> -- 72-79 unused --
> other (80)
> --## ...
> },
> matchedDN LDAPDN,
> diagnosticMessage LDAPString,
> referral [3] Referral OPTIONAL }
>
> --## Referral ::= SEQUENCE SIZE (1..MAX) OF uri URI
> Referral ::= SEQUENCE OF URI
>
> URI ::= LDAPString -- limited to characters permitted in
> -- URIs
>
> --## Controls ::= SEQUENCE OF control Control
> Controls ::= SEQUENCE OF Control
>
> Control ::= SEQUENCE {
> controlType LDAPOID,
> criticality BOOLEAN DEFAULT FALSE,
> controlValue OCTET STRING OPTIONAL }
>
> BindRequest ::= [APPLICATION 0] SEQUENCE {
> version INTEGER (1 .. 127),
> name LDAPDN,
> authentication AuthenticationChoice }
>
> AuthenticationChoice ::= CHOICE {
> simple [0] OCTET STRING,
> -- 1 and 2 reserved
> sasl [3] SaslCredentials,
> ... }
>
> SaslCredentials ::= SEQUENCE {
> mechanism LDAPString,
> credentials OCTET STRING OPTIONAL }
>
> BindResponse ::= [APPLICATION 1] SEQUENCE {
> COMPONENTS OF LDAPResult,
> serverSaslCreds [7] OCTET STRING OPTIONAL }
>
> UnbindRequest ::= [APPLICATION 2] NULL
>
> SearchRequest ::= [APPLICATION 3] SEQUENCE {
> baseObject LDAPDN,
> scope ENUMERATED {
> baseObject (0),
> singleLevel (1),
> wholeSubtree (2),
> ... },
> derefAliases ENUMERATED {
> neverDerefAliases (0),
> derefInSearching (1),
> derefFindingBaseObj (2),
> derefAlways (3) },
> sizeLimit INTEGER (0 .. maxInt),
> timeLimit INTEGER (0 .. maxInt),
> typesOnly BOOLEAN,
> filter Filter,
> attributes AttributeSelection }
>
> --## AttributeSelection ::= SEQUENCE OF selector LDAPString
> AttributeSelection ::= SEQUENCE OF LDAPString
> -- The LDAPString is constrained to
> -- <attributeSelector> in Section 4.5.1.8
>
> Filter ::= CHOICE {
> --## and [0] SET SIZE (1..MAX) OF filter Filter,
> --## or [1] SET SIZE (1..MAX) OF filter Filter,
> and [0] SET OF Filter,
> or [1] SET OF Filter,
> not [2] Filter,
> equalityMatch [3] AttributeValueAssertion,
> substrings [4] SubstringFilter,
> greaterOrEqual [5] AttributeValueAssertion,
> lessOrEqual [6] AttributeValueAssertion,
> present [7] AttributeDescription,
> approxMatch [8] AttributeValueAssertion,
> extensibleMatch [9] MatchingRuleAssertion,
> ... }
>
> SubstringFilter ::= SEQUENCE {
> type AttributeDescription,
> --## substrings SEQUENCE SIZE (1..MAX) OF substring CHOICE {
> substrings SEQUENCE OF CHOICE {
> initial [0] AssertionValue, -- can occur at most once
> any [1] AssertionValue,
> final [2] AssertionValue } -- can occur at most once
> }
>
> MatchingRuleAssertion ::= SEQUENCE {
> matchingRule [1] MatchingRuleId OPTIONAL,
> type [2] AttributeDescription OPTIONAL,
> matchValue [3] AssertionValue,
> dnAttributes [4] BOOLEAN DEFAULT FALSE }
>
> SearchResultEntry ::= [APPLICATION 4] SEQUENCE {
> objectName LDAPDN,
> attributes PartialAttributeList }
>
> PartialAttributeList ::= SEQUENCE OF PartialAttribute
> --## partialAttribute PartialAttribute
>
> SearchResultReference ::= [APPLICATION 19] SEQUENCE OF URI
> --## SIZE (1..MAX) OF uri URI
>
> SearchResultDone ::= [APPLICATION 5] LDAPResult
>
> ModifyRequest ::= [APPLICATION 6] SEQUENCE {
> object LDAPDN,
> --## changes SEQUENCE OF change SEQUENCE {
> changes SEQUENCE OF SEQUENCE {
> operation ENUMERATED {
> add (0),
> delete (1),
> replace (2),
> ... },
> modification PartialAttribute } }
>
> ModifyResponse ::= [APPLICATION 7] LDAPResult
>
> AddRequest ::= [APPLICATION 8] SEQUENCE {
> entry LDAPDN,
> attributes AttributeList }
>
> --## AttributeList ::= SEQUENCE OF attribute Attribute
> AttributeList ::= SEQUENCE OF Attribute
>
> AddResponse ::= [APPLICATION 9] LDAPResult
>
> DelRequest ::= [APPLICATION 10] LDAPDN
>
> DelResponse ::= [APPLICATION 11] LDAPResult
>
> ModifyDNRequest ::= [APPLICATION 12] SEQUENCE {
> entry LDAPDN,
> newrdn RelativeLDAPDN,
> deleteoldrdn BOOLEAN,
> newSuperior [0] LDAPDN OPTIONAL }
>
> ModifyDNResponse ::= [APPLICATION 13] LDAPResult
>
> CompareRequest ::= [APPLICATION 14] SEQUENCE {
> entry LDAPDN,
> ava AttributeValueAssertion }
>
> CompareResponse ::= [APPLICATION 15] LDAPResult
>
> AbandonRequest ::= [APPLICATION 16] MessageID
>
> ExtendedRequest ::= [APPLICATION 23] SEQUENCE {
> requestName [0] LDAPOID,
> requestValue [1] OCTET STRING OPTIONAL }
>
> ExtendedResponse ::= [APPLICATION 24] SEQUENCE {
> COMPONENTS OF LDAPResult,
> responseName [10] LDAPOID OPTIONAL,
> responseValue [11] OCTET STRING OPTIONAL }
>
> IntermediateResponse ::= [APPLICATION 25] SEQUENCE {
> responseName [0] LDAPOID OPTIONAL,
> responseValue [1] OCTET STRING OPTIONAL }
>
> END
>
>
> ________________________________________________________________
> erlang-bugs mailing list. See http://www.erlang.org/faq.html
> erlang-bugs (at) erlang.org
>
More information about the erlang-bugs
mailing list