rfc1487.txt
来自「中、英文RFC文档大全打包下载完全版 .」· 文本 代码 · 共 1,179 行 · 第 1/3 页
TXT
1,179 行
RFC 1487 X.500 LDAP July 19935. Protocol Element Encodings The protocol elements of LDAP are encoded for exchange using the Basic Encoding Rules (BER) [11] of ASN.1 [10]. However, due to the high overhead involved in using certain elements of the BER, the following additional restrictions are placed on BER-encodings of LDAP protocol elements: (1) Only the definite form of length encoding will be used. (2) Bitstrings and octet strings will be encoded in the primitive form only.6. Security Considerations This version of the protocol provides facilities only for simple authentication using a cleartext password, and for kerberos version 4 authentication. Future versions of LDAP will likely include support for other authentication methods.7. Bibliography [1] The Directory: Overview of Concepts, Models and Service. CCITT Recommendation X.500, 1988. [2] Information Processing Systems -- Open Systems Interconnection -- The Directory: Overview of Concepts, Models and Service. ISO/IEC JTC 1/SC21; International Standard 9594-1, 1988. [3] Rose, M., "Directory Assistance Service", RFC 1202, Performance Systems International, Inc., February 1991. [4] Howes, R., Smith, M., and B. Beecher, "DIXIE Protocol Specification", RFC 1249, University of Michigan, August 1991. [5] Kille, S., "A String Representation of Distinguished Names", RFC 1485, ISODE Consortium, July 1993. [6] Howes, T., Kille, S., Yeong, W., and C. Robbins, "The String Representation of Standard Attribute Syntaxes", RFC 1488, University of Michigan, ISODE Consortium, Performance Systems International, NeXor Ltd., July 1993. [7] Kerberos Authentication and Authorization System. S.P. Miller, B.C. Neuman, J.I. Schiller, J.H. Saltzer; MIT Project Athena Documentation Section E.2.1, December 1987.Yeong, Howes & Kille [Page 15]
RFC 1487 X.500 LDAP July 1993 [8] The Directory: Models. CCITT Recommendation X.501 ISO/IEC JTC 1/SC21; International Standard 9594-2, 1988. [9] The Directory: Abstract Service Definition. CCITT Recommendation X.511, ISO/IEC JTC 1/SC21; International Standard 9594-3, 1988. [10] Specification of Abstract Syntax Notation One (ASN.1). CCITT Recommendation X.208, 1988. [11] Specification of Basic Encoding Rules for Abstract Syntax Notation One (ASN.1). CCITT Recommendation X.209, 1988.9. Security Considerations Security issues are not discussed in this memo.9. Authors' Addresses Wengyik Yeong PSI, Inc. 510 Huntmar Park Drive Herndon, VA 22070 USA Phone: +1 703-450-8001 EMail: yeongw@psilink.com Tim Howes University of Michigan ITD Research Systems 535 W William St. Ann Arbor, MI 48103-4943 USA Phone: +1 313 747-4454 EMail: tim@umich.edu Steve Kille ISODE Consortium PO Box 505 London SW11 1DX UK Phone: +44-71-223-4062 EMail: S.Kille@isode.comYeong, Howes & Kille [Page 16]
RFC 1487 X.500 LDAP July 1993Appendix A Complete ASN.1 DefinitionLightweight-Directory-Access-Protocol DEFINITIONS ::=IMPLICIT TAGSBEGINLDAPMessage ::= SEQUENCE { messageID MessageID, -- unique id in request, -- to be echoed in response(s) protocolOp CHOICE { searchRequest SearchRequest, searchResponse SearchResponse, modifyRequest ModifyRequest, modifyResponse ModifyResponse, addRequest AddRequest, addResponse AddResponse, delRequest DelRequest, delResponse DelResponse, modifyDNRequest ModifyDNRequest, modifyDNResponse ModifyDNResponse, compareDNRequest CompareRequest, compareDNResponse CompareResponse, bindRequest BindRequest, bindResponse BindResponse, abandonRequest AbandonRequest, unbindRequest UnbindRequest } }BindRequest ::= [APPLICATION 0] SEQUENCE { version INTEGER (1 .. 127), -- current version is 2 name LDAPDN, -- null name implies an anonymous bind authentication CHOICE { simple [0] OCTET STRING, -- a zero length octet string -- implies an unauthenticated -- bind. krbv42LDAP [1] OCTET STRING, krbv42DSA [2] OCTET STRINGYeong, Howes & Kille [Page 17]
RFC 1487 X.500 LDAP July 1993 -- values as returned by -- krb_mk_req() -- Other values in later -- versions of this protocol. } }BindResponse ::= [APPLICATION 1] LDAPResultUnbindRequest ::= [APPLICATION 2] NULLSearchRequest ::= [APPLICATION 3] SEQUENCE { baseObject LDAPDN, scope ENUMERATED { baseObject (0), singleLevel (1), wholeSubtree (2) }, derefAliases ENUMERATED { neverDerefAliases (0), derefInSearching (1), derefFindingBaseObj (2), alwaysDerefAliases (3) }, sizeLimit INTEGER (0 .. MaxInt), -- value of 0 implies no sizelimit timeLimit INTEGER (0 .. MaxInt), -- value of 0 implies no timelimit attrsOnly BOOLEAN, -- TRUE, if only attributes (without values) -- to be returned. filter Filter, attributes SEQUENCE OF AttributeType }SearchResponse ::= CHOICE { entry [APPLICATION 4] SEQUENCE { objectName LDAPDN, attributes SEQUENCE OF SEQUENCE { AttributeType, SET OF AttributeValue } }, resultCode [APPLICATION 5] LDAPResult }Yeong, Howes & Kille [Page 18]
RFC 1487 X.500 LDAP July 1993ModifyRequest ::= [APPLICATION 6] SEQUENCE { object LDAPDN, modifications SEQUENCE OF SEQUENCE { operation ENUMERATED { add (0), delete (1), replace (2) }, modification SEQUENCE { type AttributeType, values SET OF AttributeValue } } }ModifyResponse ::= [APPLICATION 7] LDAPResultAddRequest ::= [APPLICATION 8] SEQUENCE { entry LDAPDN, attrs SEQUENCE OF SEQUENCE { type AttributeType, values SET OF AttributeValue } }AddResponse ::= [APPLICATION 9] LDAPResultDelRequest ::= [APPLICATION 10] LDAPDNDelResponse ::= [APPLICATION 11] LDAPResultModifyRDNRequest ::= [APPLICATION 12] SEQUENCE { entry LDAPDN, newrdn RelativeLDAPDN -- old RDN always deleted }ModifyRDNResponse ::= [APPLICATION 13] LDAPResultCompareRequest ::= [APPLICATION 14] SEQUENCE { entry LDAPDN, ava AttributeValueAssertion }Yeong, Howes & Kille [Page 19]
RFC 1487 X.500 LDAP July 1993CompareResponse ::= [APPLICATION 15] LDAPResultAbandonRequest ::= [APPLICATION 16] MessageIDMessageID ::= INTEGER (0 .. MaxInt)LDAPDN ::= IA5StringRelativeLDAPDN ::= IA5StringFilter ::= CHOICE { and [0] SET OF Filter, or [1] SET OF Filter, not [2] Filter, equalityMatch [3] AttributeValueAssertion, substrings [4] SubstringFilter, greaterOrEqual [5] AttributeValueAssertion, lessOrEqual [6] AttributeValueAssertion, present [7] AttributeType, approxMatch [8] AttributeValueAssertion }LDAPResult ::= SEQUENCE { resultCode ENUMERATED { success (0), operationsError (1), protocolError (2), timeLimitExceeded (3), sizeLimitExceeded (4), compareFalse (5), compareTrue (6), authMethodNotSupported (7), strongAuthRequired (8), noSuchAttribute (16), undefinedAttributeType (17), inappropriateMatching (18), constraintViolation (19), attributeOrValueExists (20), invalidAttributeSyntax (21), noSuchObject (32), aliasProblem (33), invalidDNSyntax (34), isLeaf (35), aliasDereferencingProblem (36), inappropriateAuthentication (48), invalidCredentials (49),Yeong, Howes & Kille [Page 20]
RFC 1487 X.500 LDAP July 1993 insufficientAccessRights (50), busy (51), unavailable (52), unwillingToPerform (53), loopDetect (54), namingViolation (64), objectClassViolation (65), notAllowedOnNonLeaf (66), notAllowedOnRDN (67), entryAlreadyExists (68), objectClassModsProhibited (69), other (80) }, matchedDN LDAPDN, errorMessage IA5String }AttributeType ::= IA5String -- text name of the attribute, or dotted -- OID representationAttributeValue ::= OCTET STRINGAttributeValueAssertion ::= SEQUENCE { attributeType AttributeType, attributeValue AttributeValue }SubstringFilter SEQUENCE { type AttributeType, SEQUENCE OF CHOICE { initial [0] IA5String, any [1] IA5String, final [2] IA5String } }IA5String ::= OCTET STRINGMaxInt ::= 65535ENDYeong, Howes & Kille [Page 21]
⌨️ 快捷键说明
复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?