[erlang-bugs] asn1ct out of date?

Kenneth Lundin <>
Fri Dec 4 13:52:53 CET 2009


Hi,

This isa new LDAP ASN.1 spec that I have not seen before.
The previous ones has passed the Erlang ASN.1 compiler without problems.

The Erlang ASN.1 compiler does not support everything in the 2002
standard of ASN.1 and there might also be limitations vs the 1997
standard.

We have implemented the constructs that we have seen need for because
they have occured in specifications used by our customers.

This is the firs time I see use of:

EXSTENSIBILITY IMPLIED, % I will implement that  soon, quite easy
SEQUENCE OF NamedType which is equivalent to
SEQUENCE OF identifier Type % I will implement that too,the
identifier is of no real use as I understand it except maybe if the
XML encoding rules and value notation is to be used. And
we don't support them now.

SET OF identifier Type % will implement that too, same as SEQUENCE OF

SEQUENCE SIZE (1..MAX) OF uri URI % I can't see that this is allowed
syntax in any version of ASN.1?

/Kenneth , Erlang/OTP Ericsson

On Sun, Nov 8, 2009 at 4:38 PM, Steve Davis
<> wrote:
> While working towards implementing an LDAP server I found that asn1ct does
> not appear to support the current LDAP asn.1 specification format.
>
> http://tools.ietf.org/html/rfc4511#appendix-B
>
> Attached is the modified ASN.1 for LDAP3 with the statements that cause the
> compile time errors commented out as: --##
>
> Of course, the modified asn file defines a protocol that is no longer
> "according to spec"
>
> /s
>
> --## Lightweight-Directory-Access-Protocol-V3 {1 3 6 1 1 18}
> -- Copyright (C) The Internet Society (2006).  This version of
> -- this ASN.1 module is part of RFC 4511; see the RFC itself
> -- for full legal notices.
> LDAP3
> DEFINITIONS
> IMPLICIT TAGS
> --## EXTENSIBILITY IMPLIED
>
> ::=
>
> BEGIN
>
> LDAPMessage ::= SEQUENCE {
>     messageID       MessageID,
>     protocolOp      CHOICE {
>          bindRequest           BindRequest,
>          bindResponse          BindResponse,
>          unbindRequest         UnbindRequest,
>          searchRequest         SearchRequest,
>          searchResEntry        SearchResultEntry,
>          searchResDone         SearchResultDone,
>          searchResRef          SearchResultReference,
>          modifyRequest         ModifyRequest,
>          modifyResponse        ModifyResponse,
>          addRequest            AddRequest,
>          addResponse           AddResponse,
>          delRequest            DelRequest,
>          delResponse           DelResponse,
>          modDNRequest          ModifyDNRequest,
>          modDNResponse         ModifyDNResponse,
>          compareRequest        CompareRequest,
>          compareResponse       CompareResponse,
>          abandonRequest        AbandonRequest,
>          extendedReq           ExtendedRequest,
>          extendedResp          ExtendedResponse,
>          ...,
>          intermediateResponse  IntermediateResponse },
>     controls       [0] Controls OPTIONAL }
>
> MessageID ::= INTEGER (0 ..  maxInt)
>
> maxInt INTEGER ::= 2147483647 -- (2^^31 - 1) --
>
> LDAPString ::= OCTET STRING -- UTF-8 encoded,
>                            -- [ISO10646] characters
>
> LDAPOID ::= OCTET STRING -- Constrained to <numericoid>
>                         -- [RFC4512]
>
> LDAPDN ::= LDAPString -- Constrained to <distinguishedName>
>                      -- [RFC4514]
>
> RelativeLDAPDN ::= LDAPString -- Constrained to <name-component>
>                              -- [RFC4514]
>
> AttributeDescription ::= LDAPString
>                        -- Constrained to <attributedescription>
>                        -- [RFC4512]
>
> AttributeValue ::= OCTET STRING
>
> AttributeValueAssertion ::= SEQUENCE {
>     attributeDesc   AttributeDescription,
>     assertionValue  AssertionValue }
>
> AssertionValue ::= OCTET STRING
>
> PartialAttribute ::= SEQUENCE {
>     type       AttributeDescription,
> --##     vals       SET OF value AttributeValue }
>     vals       SET OF AttributeValue }
>
> Attribute ::= PartialAttribute(WITH COMPONENTS {
>     ...,
>     vals (SIZE(1..MAX))})
>
> MatchingRuleId ::= LDAPString
>
> LDAPResult ::= SEQUENCE {
>     resultCode         ENUMERATED {
>          success                      (0),
>          operationsError              (1),
>          protocolError                (2),
>          timeLimitExceeded            (3),
>          sizeLimitExceeded            (4),
>          compareFalse                 (5),
>          compareTrue                  (6),
>          authMethodNotSupported       (7),
>          strongerAuthRequired         (8),
>               -- 9 reserved --
>          referral                     (10),
>          adminLimitExceeded           (11),
>          unavailableCriticalExtension (12),
>          confidentialityRequired      (13),
>          saslBindInProgress           (14),
>               -- 15??? --
>          noSuchAttribute              (16),
>          undefinedAttributeType       (17),
>          inappropriateMatching        (18),
>          constraintViolation          (19),
>          attributeOrValueExists       (20),
>          invalidAttributeSyntax       (21),
>               -- 22-31 unused --
>          noSuchObject                 (32),
>          aliasProblem                 (33),
>          invalidDNSyntax              (34),
>               -- 35 reserved for undefined isLeaf --
>          aliasDereferencingProblem    (36),
>               -- 37-47 unused --
>          inappropriateAuthentication  (48),
>          invalidCredentials           (49),
>          insufficientAccessRights     (50),
>          busy                         (51),
>          unavailable                  (52),
>          unwillingToPerform           (53),
>          loopDetect                   (54),
>               -- 55-63 unused --
>          namingViolation              (64),
>          objectClassViolation         (65),
>          notAllowedOnNonLeaf          (66),
>          notAllowedOnRDN              (67),
>          entryAlreadyExists           (68),
>          objectClassModsProhibited    (69),
>               -- 70 reserved for CLDAP --
>          affectsMultipleDSAs          (71),
>               -- 72-79 unused --
>          other                        (80)
> --##         ...
>          },
>     matchedDN          LDAPDN,
>     diagnosticMessage  LDAPString,
>     referral           [3] Referral OPTIONAL }
>
> --## Referral ::= SEQUENCE SIZE (1..MAX) OF uri URI
> Referral ::= SEQUENCE OF URI
>
> URI ::= LDAPString     -- limited to characters permitted in
>                       -- URIs
>
> --## Controls ::= SEQUENCE OF control Control
> Controls ::= SEQUENCE OF Control
>
> Control ::= SEQUENCE {
>     controlType             LDAPOID,
>     criticality             BOOLEAN DEFAULT FALSE,
>     controlValue            OCTET STRING OPTIONAL }
>
> BindRequest ::= [APPLICATION 0] SEQUENCE {
>     version                 INTEGER (1 ..  127),
>     name                    LDAPDN,
>     authentication          AuthenticationChoice }
>
> AuthenticationChoice ::= CHOICE {
>     simple                  [0] OCTET STRING,
>                             -- 1 and 2 reserved
>     sasl                    [3] SaslCredentials,
>     ...  }
>
> SaslCredentials ::= SEQUENCE {
>     mechanism               LDAPString,
>     credentials             OCTET STRING OPTIONAL }
>
> BindResponse ::= [APPLICATION 1] SEQUENCE {
>     COMPONENTS OF LDAPResult,
>     serverSaslCreds    [7] OCTET STRING OPTIONAL }
>
> UnbindRequest ::= [APPLICATION 2] NULL
>
> SearchRequest ::= [APPLICATION 3] SEQUENCE {
>     baseObject      LDAPDN,
>     scope           ENUMERATED {
>          baseObject              (0),
>          singleLevel             (1),
>          wholeSubtree            (2),
>          ...  },
>     derefAliases    ENUMERATED {
>          neverDerefAliases       (0),
>          derefInSearching        (1),
>          derefFindingBaseObj     (2),
>          derefAlways             (3) },
>     sizeLimit       INTEGER (0 ..  maxInt),
>     timeLimit       INTEGER (0 ..  maxInt),
>     typesOnly       BOOLEAN,
>     filter          Filter,
>     attributes      AttributeSelection }
>
> --## AttributeSelection ::= SEQUENCE OF selector LDAPString
> AttributeSelection ::= SEQUENCE OF LDAPString
>               -- The LDAPString is constrained to
>               -- <attributeSelector> in Section 4.5.1.8
>
> Filter ::= CHOICE {
> --##     and             [0] SET SIZE (1..MAX) OF filter Filter,
> --##     or              [1] SET SIZE (1..MAX) OF filter Filter,
>     and             [0] SET OF Filter,
>     or              [1] SET OF Filter,
>     not             [2] Filter,
>     equalityMatch   [3] AttributeValueAssertion,
>     substrings      [4] SubstringFilter,
>     greaterOrEqual  [5] AttributeValueAssertion,
>     lessOrEqual     [6] AttributeValueAssertion,
>     present         [7] AttributeDescription,
>     approxMatch     [8] AttributeValueAssertion,
>     extensibleMatch [9] MatchingRuleAssertion,
>     ...  }
>
> SubstringFilter ::= SEQUENCE {
>     type           AttributeDescription,
> --##     substrings     SEQUENCE SIZE (1..MAX) OF substring CHOICE {
>     substrings     SEQUENCE OF CHOICE {
>          initial [0] AssertionValue,  -- can occur at most once
>          any     [1] AssertionValue,
>          final   [2] AssertionValue } -- can occur at most once
>     }
>
> MatchingRuleAssertion ::= SEQUENCE {
>     matchingRule    [1] MatchingRuleId OPTIONAL,
>     type            [2] AttributeDescription OPTIONAL,
>     matchValue      [3] AssertionValue,
>     dnAttributes    [4] BOOLEAN DEFAULT FALSE }
>
> SearchResultEntry ::= [APPLICATION 4] SEQUENCE {
>     objectName      LDAPDN,
>     attributes      PartialAttributeList }
>
> PartialAttributeList ::= SEQUENCE OF PartialAttribute
> --##                     partialAttribute PartialAttribute
>
> SearchResultReference ::= [APPLICATION 19] SEQUENCE OF URI
> --##                          SIZE (1..MAX) OF uri URI
>
> SearchResultDone ::= [APPLICATION 5] LDAPResult
>
> ModifyRequest ::= [APPLICATION 6] SEQUENCE {
>     object          LDAPDN,
> --##     changes         SEQUENCE OF change SEQUENCE {
>     changes         SEQUENCE OF SEQUENCE {
>          operation       ENUMERATED {
>               add     (0),
>               delete  (1),
>               replace (2),
>               ...  },
>          modification    PartialAttribute } }
>
> ModifyResponse ::= [APPLICATION 7] LDAPResult
>
> AddRequest ::= [APPLICATION 8] SEQUENCE {
>     entry           LDAPDN,
>     attributes      AttributeList }
>
> --## AttributeList ::= SEQUENCE OF attribute Attribute
> AttributeList ::= SEQUENCE OF Attribute
>
> AddResponse ::= [APPLICATION 9] LDAPResult
>
> DelRequest ::= [APPLICATION 10] LDAPDN
>
> DelResponse ::= [APPLICATION 11] LDAPResult
>
> ModifyDNRequest ::= [APPLICATION 12] SEQUENCE {
>     entry           LDAPDN,
>     newrdn          RelativeLDAPDN,
>     deleteoldrdn    BOOLEAN,
>     newSuperior     [0] LDAPDN OPTIONAL }
>
> ModifyDNResponse ::= [APPLICATION 13] LDAPResult
>
> CompareRequest ::= [APPLICATION 14] SEQUENCE {
>     entry           LDAPDN,
>     ava             AttributeValueAssertion }
>
> CompareResponse ::= [APPLICATION 15] LDAPResult
>
> AbandonRequest ::= [APPLICATION 16] MessageID
>
> ExtendedRequest ::= [APPLICATION 23] SEQUENCE {
>     requestName      [0] LDAPOID,
>     requestValue     [1] OCTET STRING OPTIONAL }
>
> ExtendedResponse ::= [APPLICATION 24] SEQUENCE {
>     COMPONENTS OF LDAPResult,
>     responseName     [10] LDAPOID OPTIONAL,
>     responseValue    [11] OCTET STRING OPTIONAL }
>
> IntermediateResponse ::= [APPLICATION 25] SEQUENCE {
>     responseName     [0] LDAPOID OPTIONAL,
>     responseValue    [1] OCTET STRING OPTIONAL }
>
> END
>
>
> ________________________________________________________________
> erlang-bugs mailing list. See http://www.erlang.org/faq.html
> erlang-bugs (at) erlang.org
>


More information about the erlang-bugs mailing list