One document matched: draft-legg-xed-protocols-01.txt
Differences from draft-legg-xed-protocols-00.txt
INTERNET-DRAFT S. Legg
draft-legg-xed-protocols-01.txt Adacel Technologies
Intended Category: Standards Track D. Prager
Deakin University
October 27, 2003
XED: Protocols
Copyright (C) The Internet Society (2003). All Rights Reserved.
Status of this Memo
This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC2026.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as
Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress".
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
Distribution of this document is unlimited. Technical discussion of
this document should take place on the XED developers mailing list
<xeddev@adacel.com>. Please send editorial comments directly to the
editor <steven.legg@adacel.com.au>.
This Internet-Draft expires on 27 April 2004.
Abstract
This document defines semantically equivalent Extensible Markup
Language (XML) renditions of the Lightweight Directory Access
Protocol (LDAP) and X.500 directory protocols for use by the XML
Enabled Directory (XED).
Legg & Prager Expires 27 April 2004 [Page 1]
INTERNET-DRAFT XED: Protocols October 27, 2003
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Conventions. . . . . . . . . . . . . . . . . . . . . . . . . . 3
3. Uniform LDAP Specification . . . . . . . . . . . . . . . . . . 3
3.1. Remediation of AttributeValue. . . . . . . . . . . . . . 5
3.2. Remediation of AssertionValue. . . . . . . . . . . . . . 5
3.3. Remediation of AttributeDescription. . . . . . . . . . . 6
3.4. Remediation of LDAPString. . . . . . . . . . . . . . . . 6
3.5. Importation of Pre-existing Definitions. . . . . . . . . 7
3.6. Remediation of Controls. . . . . . . . . . . . . . . . . 7
3.7. Remediation of Extended Operations . . . . . . . . . . . 9
4. XLDAP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
4.1. XLDAP Over TCP/IP. . . . . . . . . . . . . . . . . . . . 11
4.2. XLDAP Over SOAP 1.1. . . . . . . . . . . . . . . . . . . 12
4.3. Relationship to DSMLv2 . . . . . . . . . . . . . . . . . 13
5. XIDM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
6. Security Considerations. . . . . . . . . . . . . . . . . . . . 14
7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 15
8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 15
8.1. Normative References . . . . . . . . . . . . . . . . . . 15
8.2. Informative References . . . . . . . . . . . . . . . . . 16
9. Intellectual Property Notice . . . . . . . . . . . . . . . . . 17
10. Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 18
Appendix A. ASN.1 for Uniform LDAP . . . . . . . . . . . . . . . . 18
Appendix B. Supporting Definitions for Uniform LDAP. . . . . . . . 25
Appendix C. ASN.1 Schema for Uniform LDAP. . . . . . . . . . . . . 26
Appendix D. XML Schema for Uniform LDAP. . . . . . . . . . . . . . 49
Appendix E. RELAX NG Grammar for Uniform LDAP. . . . . . . . . . . 63
Full Copyright Statement . . . . . . . . . . . . . . . . . . . . . 64
1. Introduction
This document defines semantically equivalent Extensible Markup
Language (XML) [XML] renditions of the Lightweight Directory Access
Protocol (LDAP) [LDAP] and X.500 [X500] directory protocols for use
by the XML Enabled Directory (XED) [XED].
The Internet Directly Mapped (IDM) protocol [X519] permits X.500
protocol operations to be exchanged between directory agents using
TCP/IP [TCP] with minimal encapsulation, bypassing (and dispensing
with) the ROSE, ACSE, Presentation, Session and Transport layers of
the OSI model [OSI].
Protocol operations in the IDM protocol are encoded according to the
Basic Encoding Rules (BER) [X690] of ASN.1. Section 5 defines a new
exclusively XML-based protocol, the XML Internet Directly Mapped
(XIDM) protocol, which differs from the IDM protocol only in that the
Legg & Prager Expires 27 April 2004 [Page 2]
INTERNET-DRAFT XED: Protocols October 27, 2003
protocol operations are encoded using the Directory XML Encoding
Rules (DXER) [DXER] instead of BER.
Whilst the IDM protocol is amenable to a simple substitution of the
encoding rules to create a uniformly XML formatted protocol
operation, LDAP is not, due to discontinuities in the encoding, i.e.,
places where transfer syntax transitions occur (typically from BER to
LDAP-specific [SYNTAX] and back to BER). The discontinuities are the
result of directory data being conveyed as the content of ASN.1
OCTET STRINGs. A straight application of DXER to an LDAP operation
would inconveniently force attribute values, among other things, to
be represented as hexadecimal strings.
Section 3 describes a transformation of the LDAP ASN.1 specification
[PROT] that creates a new specification without the discontinuities
called Uniform LDAP. Essentially, the bland OCTET STRING [X680]
containers for directory data items in LDAP are replaced by the open
types [X681] and specific types used by X.500.
The XML Lightweight Directory Access Protocol (XLDAP) defined in
Section 4 is the result of applying DXER to instances of the message
data types of Uniform LDAP. Section 4 also defines two transports
for Uniform LDAP messages. Apart from the change in syntax XLDAP is
semantically equivalent to LDAP.
Since the XED protocols are algorithmically generated from the LDAP
and X.500 specifications, all future extensions to LDAP and X.500
automatically acquire a XED protocol representation.
2. Conventions
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in BCP 14, RFC 2119
[BCP14].
This document makes use of definitions from the XML Information Set
(Infoset) [ISET]. In particular, information item property names are
presented per the Infoset, e.g., [local name]. In the sections that
follow, the term "element" shall be taken to mean an Infoset element
information item.
Throughout this document the term "attribute" is taken to mean a
directory attribute.
3. Uniform LDAP Specification
The OCTET STRING fields in the LDAP specification each serve one of
Legg & Prager Expires 27 April 2004 [Page 3]
INTERNET-DRAFT XED: Protocols October 27, 2003
two purposes; to contain the encodings of directory data values of
differing data types (e.g., attribute values, assertion values,
control values), and to contain an LDAP-specific string encoding of a
data value of a fixed data type (e.g., attribute type, distinguished
name).
In both cases the encoding of the directory data values is
disconnected from the encoding of the surrounding protocol message
(the transfer syntax of the directory data values and the transfer
syntax of the surrounding protocol message are typically quite
different) and the relationships that determine which data type to
use (e.g., the data type of an attribute value is determined by its
associated attribute type) are not specified in a way that is machine
processable. As a consequence, off-the-shelf ASN.1 tools are unable
to treat directory data in protocol messages as anything other than
raw octets.
This defect is addressed by transforming the LDAP specification into
a form, called the Uniform LDAP specification, which faciliates the
uniform encoding of protocol message and directory data in a single
syntax (e.g., XML). This is done by replacing the OCTET STRING
fields in the LDAP specification, as detailed in the subsections that
follow.
OCTET STRINGs that contain directory data values of fixed data types
are replaced by the associated fixed data type.
OCTET STRINGs that contain directory data values of differing data
types are replaced by open types. Open types permit the directory
data values to be seamlessly encoded in the same syntax as the
surrounding protocol message. Furthermore, ASN.1 table constraints
[X682] can be applied so that the actual data type of a value of an
open type can be determined programmatically.
Derivative works of the original LDAP specification can also be
remediated for use by XED by making the same transformations. The
final result of applying these transformations is presented in
Appendix A. Supporting definitions for Uniform LDAP are presented in
Appendix B.
The equivalent ASN.1 Schema representation of the Uniform LDAP
specification is presented in Appendix C. A compatible XML Schema
[XSD0] translation [CXSD] of the Uniform LDAP specification is
presented in Appendix D and a compatible RELAX NG grammar [RNG]
translation [CRNG] of the Uniform LDAP specification is presented in
Appendix E.
Since Uniform LDAP protocol messages and the directory data they
Legg & Prager Expires 27 April 2004 [Page 4]
INTERNET-DRAFT XED: Protocols October 27, 2003
contain are encoded in the same syntax throughout, LDAP transfer
encoding options [XFER] are ignored if present.
3.1. Remediation of AttributeValue
The definition of AttributeValue is removed and each reference to
AttributeValue is replaced with the following, where
<AttributeDescription> is replaced with the identifier of the
preceding component of the AttributeDescription ASN.1 type:
ATTRIBUTE.&Type
({SupportedAttributes}{@<AttributeDescription>.type})
In addition, the reference to AttributeDescription in that preceding
component is replaced with:
SEQUENCE {
type ATTRIBUTE.&id({SupportedAttributes}),
options SEQUENCE SIZE (1..MAX) OF
option UTF8String OPTIONAL
}
ATTRIBUTE.&id equates to the OBJECT IDENTIFIER of an attribute type.
ATTRIBUTE.&Type is an open type. The constraint on ATTRIBUTE.&Type
restricts the ASN.1 type in the open type to be the syntax of the
attribute indicated by ATTRIBUTE.&id. ATTRIBUTE and
SupportedAttributes are defined in X.501 [X501].
3.2. Remediation of AssertionValue
The definition of MatchingRuleId is removed and the definition of
MatchingRuleAssertion is replaced with the following definition:
MatchingRuleAssertion ::= SEQUENCE {
matchingRule [1] MATCHING-RULE.&id OPTIONAL,
type [2] AttributeDescription OPTIONAL,
matchValue [3] MATCHING-RULE.&AssertionType,
dnAttributes [4] BOOLEAN DEFAULT FALSE }
MATCHING-RULE.&id equates to the OBJECT IDENTIFIER of a matching
rule. MATCHING-RULE.&AssertionType is an open type. The
relationship between the value of the matchingRule component, the
value of the type component and the ASN.1 type in the open type
(i.e., the syntax of the assertion value) is not expressible in ASN.1
constraint notation. The relationship defined by LDAP applies
[PROT]. MATCHING-RULE is defined in X.501 [X501].
The definition of AssertionValue is removed and each remaining
Legg & Prager Expires 27 April 2004 [Page 5]
INTERNET-DRAFT XED: Protocols October 27, 2003
reference to AssertionValue is replaced with the following, where
<AttributeDescription> is replaced with the identifier of the
preceding component of the AttributeDescription ASN.1 type:
ATTRIBUTE.&equality-match.&AssertionType
({SupportedAttributes}{@<AttributeDescription>.type})
In addition, the reference to AttributeDescription in that preceding
component is replaced with:
SEQUENCE {
type ATTRIBUTE.&id({SupportedAttributes}),
options SEQUENCE SIZE (1..MAX) OF
option UTF8String OPTIONAL
}
ATTRIBUTE.&equality-match.&AssertionType is an open type. The
constraint on ATTRIBUTE.&equality-match.&AssertionType restricts the
ASN.1 type in the open type to be the syntax of the equality matching
rule of the attribute indicated by ATTRIBUTE.&id.
3.3. Remediation of AttributeDescription
To maintain consistency in the structure of attribute descriptions
throughout the Uniform LDAP specification the definition of
AttributeDescription is replaced with the following definition:
AttributeDescription ::= SEQUENCE {
type ATTRIBUTE.&id({SupportedAttributes}),
options SEQUENCE SIZE (1..MAX) OF
option UTF8String OPTIONAL
}
The attribute type in an LDAP AttributeDescription is represented as
the OBJECT IDENTIFIER of that attribute type in the type component of
a Uniform LDAP AttributeDescription. Each attribute option in an
LDAP AttributeDescription is represented as a separate UTF8String
value in a Uniform LDAP AttributeDescription. The semi-colons that
separate attribute options in an LDAP AttributeDescription are not
present in any of the UTF8String values.
3.4. Remediation of LDAPString
Some directory constructs have ASN.1 types but are represented in
LDAP messages as a UTF-8 character string encoding wrapped in an
OCTET STRING, i.e., LDAPString. Uniform LDAP replaces these uses of
LDAPString with the underlying ASN.1 type.
Legg & Prager Expires 27 April 2004 [Page 6]
INTERNET-DRAFT XED: Protocols October 27, 2003
The definition of LDAPOID is replaced with the following definition:
LDAPOID ::= OBJECT IDENTIFIER
The definition of LDAPDN is replaced with the following definition:
LDAPDN ::= DistinguishedName
This change aligns the encoding of distinguished names in the
protocol messages with the DXER encoding of attribute values of
attributes with the DN syntax [SYNTAX].
The definition of RelativeLDAPDN is replaced with the following
definition:
RelativeLDAPDN ::= RelativeDistinguishedName
DistinguishedName and RelativeDistinguishedName are defined in X.501
[X501].
The remaining uses of LDAPString are represented naturally as UTF-8
character strings, therefore the definition of LDAPString is replaced
with the following definition:
LDAPString ::= UTF8String
3.5. Importation of Pre-existing Definitions
ATTRIBUTE, MATCHING-RULE, RelativeDistinguishedName,
DistinguishedName and SupportedAttributes need to be imported from
the X.500 InformationFramework module, therefore the following import
statement is added to the Uniform LDAP specification following the
BEGIN keyword:
IMPORTS
ATTRIBUTE,
MATCHING-RULE
RelativeDistinguishedName,
DistinguishedName,
SupportedAttributes
FROM InformationFramework
{joint-iso-itu-t ds(5) module(1) informationFramework(1) 4}
3.6. Remediation of Controls
LDAP controls contain an OCTET STRING control value whose content is
determined by an associated control type. The control type is an
OBJECT IDENTIFIER represented as a string in LDAP. The data type of
Legg & Prager Expires 27 April 2004 [Page 7]
INTERNET-DRAFT XED: Protocols October 27, 2003
the control value is typically specified as an ASN.1 type, though
this is not a requirement of LDAP.
Controls have no counterpart in X.500 therefore the CONTROL
information object class is defined in this document to allow
specific control types to be programmatically linked to specific
control value data types.
CONTROL ::= CLASS {
&type OBJECT IDENTIFIER,
&RequestValue OPTIONAL,
&ResponseValue OPTIONAL
}
SupportedControls CONTROL ::= { ... }
The &type field of a CONTROL object specifies the OBJECT IDENTIFIER
identifying the control (the control type).
The &RequestValue field of a CONTROL object specifies an ASN.1 type
describing the data type of the control value for that control in an
LDAP request message. If the control value is required to be absent
in a request then the &RequestValue field is absent.
The &ResponseValue field of a CONTROL object specifies an ASN.1 type
describing the data type of the control value for that control in an
LDAP response message. If the control value is required to be absent
in a response then the &RequestValue field is absent.
If the data type of a control value is not an ASN.1 type, and cannot
be incorporated into an ASN.1 type definition [GLUE], then the data
type of the control value is taken to be OCTET STRING.
If a control uses different OBJECT IDENTIFIERs in the request and
response then it is necessarily represented by two CONTROL objects.
Definitions of CONTROL objects for controls already defined is out of
scope for this document, however such objects can be readily
synthesized from the specification of a control.
The extensible SupportedControls information object set notionally
contains CONTROL objects for all the controls known to an
implementation.
SupportedControls CONTROL ::= { ... }
In order to allow automated determination of the control value data
type from the control type the definition of the Control ASN.1 type
Legg & Prager Expires 27 April 2004 [Page 8]
INTERNET-DRAFT XED: Protocols October 27, 2003
in LDAP is replaced with the following definition in Uniform LDAP:
Control ::= SEQUENCE {
controlType CONTROL.&type({SupportedControls}),
criticality BOOLEAN DEFAULT FALSE,
controlValue CHOICE {
request [0] CONTROL.&RequestValue
({SupportedControls}{@controlType}),
response [1] CONTROL.&ResponseValue
({SupportedControls}{@controlType})
} OPTIONAL }
3.7. Remediation of Extended Operations
LDAP extended operation requests contain an OCTET STRING request
value whose content is determined by an associated request name. The
request name type is an OBJECT IDENTIFIER represented as a string in
LDAP. LDAP extended operation responses contain an OCTET STRING
response value whose content is determined by an associated response
name. The request name type is an OBJECT IDENTIFIER represented as a
string in LDAP. The data type of the request or response value is
typically specified as an ASN.1 type, though this is not a
requirement of LDAP.
Extended operations have no counterpart in X.500 therefore the
LDAP-EXTENDED-REQUEST and LDAP-EXTENDED-RESPONSE information object
classes are defined in this document to allow specific request names
to be programmatically linked to specific request value data types,
and to allow specific response names to be programmatically linked to
specific response value data types.
LDAP-EXTENDED-REQUEST ::= CLASS {
&name OBJECT IDENTIFIER,
&Value OPTIONAL
}
LDAP-EXTENDED-RESPONSE ::= CLASS {
&name OBJECT IDENTIFIER,
&Value OPTIONAL
}
The &name field of an LDAP-EXTENDED-REQUEST object specifies the
OBJECT IDENTIFIER identifying the extended operation request.
The &Value field of an LDAP-EXTENDED-REQUEST object specifies an
ASN.1 type describing the data type of the request value for that
request. If the request value is required to be absent in a request
then the &Value field is absent.
Legg & Prager Expires 27 April 2004 [Page 9]
INTERNET-DRAFT XED: Protocols October 27, 2003
The &name field of an LDAP-EXTENDED-RESPONSE object specifies the
OBJECT IDENTIFIER identifying the extended operation response.
The &Value field of an LDAP-EXTENDED-RESPONSE object specifies an
ASN.1 type describing the data type of the response value for that
response. If the response value is required to be absent in a
response then the &Value field is absent.
If the data type of a request or response value is not an ASN.1 type,
and cannot be incorporated into an ASN.1 type definition [GLUE], then
the data type of the value is taken to be OCTET STRING.
Definitions of LDAP-EXTENDED-REQUEST and LDAP-EXTENDED-RESPONSE
objects for extended operations already defined is out of scope for
this document, however such objects can be readily synthesized from
the specification of an extended operation.
The extensible SupportedRequests information object set notionally
contains LDAP-EXTENDED-REQUEST objects for all the extended operation
requests known to an implementation. The extensible
SupportedResponses information object set notionally contains
LDAP-EXTENDED-RESPONSE objects for all the extended operation
responses known to an implementation.
SupportedRequests LDAP-EXTENDED-REQUEST ::= { ... }
SupportedResponses LDAP-EXTENDED-RESPONSE ::= { ... }
In order to allow automated determination of the request value data
type from the request name the definition of the ExtendedRequest
ASN.1 type in LDAP is replaced with the following definition in
Uniform LDAP:
ExtendedRequest ::= [APPLICATION 23] SEQUENCE {
requestName [0] LDAP-EXTENDED-REQUEST.&name
({SupportedRequests}),
requestValue [1] LDAP-EXTENDED-REQUEST.&Value
({SupportedRequests}{@requestName})
OPTIONAL }
In order to allow automated determination of the response value data
type from the response name the definition of ExtendedResponse ASN.1
type is replaced with the following definition:
ExtendedResponse ::= [APPLICATION 24] SEQUENCE {
COMPONENTS OF LDAPResult,
responseName [10] LDAP-EXTENDED-RESPONSE.&name
({SupportedResponses}) OPTIONAL,
Legg & Prager Expires 27 April 2004 [Page 10]
INTERNET-DRAFT XED: Protocols October 27, 2003
responseValue [11] LDAP-EXTENDED-RESPONSE.&Value
({SupportedResponses}{@responseName})
OPTIONAL }
The CONTROL, LDAP-EXTENDED-REQUEST and LDAP-EXTENDED-RESPONSE
information object classes and the SupportedControls,
SupportedRequests and SupportedResponses information object sets need
to be imported from the XED-LDAP-Extensibility module, therefore the
following notation is appended to the import statement for
Uniform LDAP:
CONTROL,
LDAP-EXTENDED-REQUEST,
LDAP-EXTENDED-RESPONSE,
SupportedControls,
SupportedRequests,
SupportedResponses
FROM XED-LDAP-Extensibility
{iso(1) 2 36 79672281 xed(3) module(0) ldap-ext(3)} ;
4. XLDAP
Protocol messages of the XML Lightweight Directory Access Protocol
(XLDAP) are instances of the LDAPMessage type from the Uniform LDAP
specification encoded according to DXER [DXER], and exchanged over
either of the transports defined in Sections 4.1 and 4.2.
Implementations of XLDAP MUST support "XLDAP Over TCP/IP" and MAY
support "XLDAP Over SOAP 1.1".
4.1. XLDAP Over TCP/IP
This section defines a simple mapping of XLDAP messages onto TCP/IP
[TCP]. It is the same as the mapping onto TCP/IP used by the IDM
protocol.
The DXER encoding of an LDAPMessage is partitioned into one or more
fragments. Each fragment is placed in a segment to be sent over the
TCP/IP connection. Each segment has a header followed by the octets
of the fragment. The number and size of the fragments resulting from
the partitioning of the encoding of the LDAPMessage are at the
discretion of the sender and carry no significance. All fragments of
a particular LDAPMessage MUST be sent (in order) before another
LDAPMessage is sent.
The format for a segment is as follows:
Legg & Prager Expires 27 April 2004 [Page 11]
INTERNET-DRAFT XED: Protocols October 27, 2003
+-----------+-----------+-------------------+-------------------+
| version | final | length | data |
| (1 octet) | (1 octet) | (4 octets) | (length octets) |
+-----------+-----------+-------------------+-------------------+
The version field indicates the version of the mapping onto TCP/IP.
The version described in this document is indicated by the value 1.
All segments on a TCP/IP connection SHALL have the same value for the
version.
The final field SHALL be 1 if the data field contains the final or
only fragment of the encoding of the LDAPMessage, otherwise the final
field SHALL be 0.
The length field indicates the size of the data field in number of
octets. It is sent in network byte order as a 32 bit unsigned
integer with more significant octets preceding less significant
octets. The minimum permitted value of length is 1.
The data field holds the next fragment of the LDAPMessage being sent,
or the entire encoding of the LDAPMessage if it is being sent as one
fragment.
Being relatively short, the entire encoding of an LDAPMessage
instance will typically be sent in one segment.
4.2. XLDAP Over SOAP 1.1
This section defines a binding of XLDAP to SOAP version 1.1 [SOAP]
using the HTTP binding.
The value of the SOAPAction HTTP request header field SHALL be
"http://xmled.info/ns/XED/1/XED-Uniform-LDAP/01".
No SOAP headers are defined for XLDAP over SOAP 1.1.
Uniform LDAP requests and responses are values of the LDAPMessage
type from the XED-Uniform-LDAP module.
A Uniform LDAP request is mapped onto a SOAP request message. The
SOAP Body element SHALL contain a single child element with the
[local name] "LDAPMessage" and the [namespace name]
"http://xmled.info/ns/XED/1/XED-Uniform-LDAP/01". The content of
this element SHALL be the DXER encoding [DXER] of the Uniform LDAP
request.
A Uniform LDAP response other than a search response is mapped onto a
SOAP response message. The SOAP Body element SHALL contain a single
Legg & Prager Expires 27 April 2004 [Page 12]
INTERNET-DRAFT XED: Protocols October 27, 2003
child element with the [local name] "LDAPMessage" and the
[namespace name] "http://xmled.info/ns/XED/1/XED-Uniform-LDAP/01".
The content of this element SHALL be the DXER encoding [DXER] of the
Uniform LDAP response.
The result of a Uniform LDAP search is mapped onto a SOAP response
message where the SOAP Body element contains a child element for each
Uniform LDAP response making up the result, i.e., the result messages
for a search (containing a value of SearchResultEntry,
SearchResultReference or SearchResultDone) are concatenated into a
single SOAP response. Each child element of the SOAP Body element
has the [local name] "LDAPMessage" and the [namespace name]
"http://xmled.info/ns/XED/1/XED-Uniform-LDAP/01". The content of
each child element SHALL be the DXER encoding [DXER] of one of the
Uniform LDAP responses for the search.
Directory processing errors are reported as Uniform LDAP responses.
SOAP processing errors are reported using the SOAP Fault element.
4.3. Relationship to DSMLv2
The Directory Services Markup Language v2.0 (DSMLv2) [DSML] is an
alternative protocol for accessing an LDAP or X.500 directory.
Attribute values are represented in DSMLv2 as simple content, either
a UTF-8 string (the usual LDAP-specific ad-hoc string encoding), a
base64 [MIME] string or a URI. An attribute value in XML format must
either have its markup escaped with XML character references or CDATA
sections, or else must be placed in a separate URI-referenced
document from which the client needs to fetch the value later.
Attribute values with structure (e.g., schema descriptions) are
normally represented as LDAP-specific string encodings instead of a
more useful markup format. In XLDAP, attribute values with non-
trivial syntaxes, including new attribute syntaxes whose data type is
defined in terms of an XML Schema, a RELAX NG grammar or a DTD, are
naturally represented as markup in the protocol. No escaping or
other indirection is required.
Control values and the request and response values of extended
operations are typically represented in DSMLv2 as the base64
encodings of the BER encodings of the values. In XLDAP the control
values and the request and response values of extended operations are
all directly represented as markup.
5. XIDM
The ASN.1 data types of XIDM Protocol Data Units (PDUs) are exactly
those of the IDM PDUs [X519]. Each XIDM PDU is encoded as a
Legg & Prager Expires 27 April 2004 [Page 13]
INTERNET-DRAFT XED: Protocols October 27, 2003
Standalone DXER Encoding [DXER] (instead of the BER encoding used by
IDM) and then mapped to TCP/IP [TCP] in the manner prescribed in
X.519 [X519] for IDM PDUs (which is the same as the mapping defined
in Section 4.1 for "XLDAP Over TCP/IP").
The mapping of the X.500 protocols into XIDM is identical to the
mapping of these protocols into IDM [X519].
The mapping of the Directory Access Protocol (DAP) onto XIDM is
called the XML Directory Access Protocol over TCP/IP (X-DAP-IP). The
PDUs of X-DAP-IP are instances of the DAP-IDM-PDUs ASN.1 type.
The mapping of the Directory System Protocol (DSP) onto XIDM is
called the XML Directory System Protocol over TCP/IP (X-DSP-IP). The
PDUs of X-DSP-IP are instances of the DSP-IDM-PDUs ASN.1 type.
The mapping of the Directory Information Shadowing Protocol (DISP)
onto XIDM is called the XML Directory Information Shadowing Protocol
over TCP/IP (X-DISP-IP). The PDUs of X-DISP-IP are instances of the
DISP-IDM-PDUs ASN.1 type.
The mapping of the Directory Operational Binding Protocol (DOP) onto
XIDM is called the XML Directory Operational Binding Protocol over
TCP/IP (X-DOP-IP). The PDUs of X-DOP-IP are instances of the
DOP-IDM-PDUs ASN.1 type.
Note that the registered [XEDNS] namespace name of the
DirectoryIDMProtocols module [X519] from the fourth edition of X.500,
which defines the DAP-IDM-PDUs, DSP-IDM-PDUs, DISP-IDM-PDUs and
DOP-IDM-PDUs ASN.1 types, is
"http://xmled.info/ns/X.500/4/DirectoryIDMProtocols/00". The
DirectoryIDMProtocols module first appears in the fourth edition of
X.500.
Since the IDM protocol does not itself support any form of
negotiation of the transfer syntax, communication end points for the
XIDM protocol must be distinct, with different ports and/or different
IP addresses. XIDM end point address formats are for further study.
6. Security Considerations
Since XLDAP is derived from LDAP the security considerations that
apply to LDAP apply equally to XLDAP.
XLDAP encodes all attribute values using DXER, which does not
necessarily enable an original BER encoding of an attribute value to
be recovered. Such recovery is needed for the verification of
digital signatures. XLDAP MUST NOT be used by applications requiring
Legg & Prager Expires 27 April 2004 [Page 14]
INTERNET-DRAFT XED: Protocols October 27, 2003
such recovery.
When interpreting security-sensitive fields, and in particular fields
used to grant or deny access, implementations MUST ensure that any
comparisons are done on the underlying abstract value, regardless of
the particular encoding used.
7. Acknowledgements
This document and the technology it describes are a product of a
joint research project between Adacel Technologies Limited and Deakin
University on leveraging existing directory technology to produce an
XML-based directory service.
8. References
8.1. Normative References
[TCP] Postel, J., "TRANSMISSION CONTROL PROTOCOL", RFC 793,
September 1981.
[BCP14] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
[LDAP] Zeilenga, K., "LDAP: Technical Specification Road Map",
draft-ietf-ldapbis-roadmap-xx.txt, a work in progress, June
2003.
[PROT] Sermersheim, J., "LDAP: The Protocol", draft-ietf-ldapbis-
protocol-xx.txt, a work in progress, September 2003.
[XED] Legg, S. and D. Prager, "The XML Enabled Directory",
draft-legg-xed-roadmap-xx.txt, a work in progress,
September 2003.
[DXER] Legg, S. and D. Prager, "Directory XML Encoding Rules for
ASN.1 Types", draft-legg-xed-dxer-xx.txt, a work in
progress, August 2003.
[GLUE] Legg, S. and D. Prager, "XED: Schema Language Integration",
draft-legg-xed-glue-xx.txt, a work in progress, August
2003.
[XEDNS] Legg, S. and D. Prager, "XED: IANA Considerations",
draft-legg-xed-iana-xx.txt, a work in progress, August
2003.
[XFER] Legg, S., "LDAP: Transfer Encoding Options",
Legg & Prager Expires 27 April 2004 [Page 15]
INTERNET-DRAFT XED: Protocols October 27, 2003
draft-legg-ldap-transfer-xx.txt, a work in progress, August
2003.
[X500] ITU-T Recommendation X.500 (02/01) | ISO/IEC 9594-1:2001,
Information technology - Open Systems Interconnection - The
Directory: Overview of concepts, models and services
[X501] ITU-T Recommendation X.501 (02/01) | ISO/IEC 9594-2:2001,
Information technology - Open Systems Interconnection - The
Directory: Models
[X519] ITU-T Recommendation X.519 (02/01) | ISO/IEC 9594-5:2001,
Information technology - Open Systems Interconnection - The
Directory: Protocol specifications
[X680] ITU-T Recommendation X.680 (07/02) | ISO/IEC 8824-1:2002,
Information technology - Abstract Syntax Notation One
(ASN.1): Specification of basic notation.
[X681] ITU-T Recommendation X.681 (07/02) | ISO/IEC 8824-2,
Information technology - Abstract Syntax Notation One
(ASN.1): Information object specification.
[X682] ITU-T Recommendation X.682 (07/02) | ISO/IEC 8824-3,
Information technology - Abstract Syntax Notation One
(ASN.1): Constraint specification.
[XML] Bray, T., Paoli, J., Sperberg-McQueen, M. and E. Maler,
"Extensible Markup Language (XML) 1.0 (Second Edition)",
W3C Recommendation, http://www.w3.org/TR/2000/REC-
xml-20001006, October 2000.
[ISET] Cowan, J. and R. Tobin, "XML Information Set", W3C
Recommendation, http://www.w3.org/TR/2001/REC-xml-
infoset-20011024, October 2001.
[SOAP] Box, D., et al, "Simple Object Access Protocol (SOAP) 1.1",
W3C Note, http://www.w3.org/TR/2000/NOTE-SOAP-20000508, May
2000.
8.2. Informative References
[MIME] Freed, N. and N. Borenstein, "Multipurpose Internet Mail
Extensions (MIME) Part One: Format of Internet Message
Bodies", RFC 2045, November 1996.
[BEEP] Rose, M., "The Blocks Extensible Exchange Protocol Core",
RFC 3080, March 2001.
Legg & Prager Expires 27 April 2004 [Page 16]
INTERNET-DRAFT XED: Protocols October 27, 2003
[SYNTAX] Legg, S. and K. Dally, "LDAP: Syntaxes and Matching Rules",
draft-ietf-ldapbis-syntaxes-xx.txt, a work in progress,
June 2003.
[ASD] Legg, S. and D. Prager, "ASN.1 Schema: An XML
Representation for ASN.1 Specifications",
draft-legg-xed-asd-xx.txt, a work in progress, August 2003.
[CXSD] Legg, S. and D. Prager, "Translation of ASN.1
Specifications into XML Schema", draft-legg-xed-xsd-xx.txt,
a work in progress, August 2003.
[CRNG] Legg, S. and D. Prager, "Translation of ASN.1
Specifications into RELAX NG", draft-legg-xed-rng-xx.txt, a
work in progress, August 2003.
[OSI] ITU-T Recommendation X.200 (1994) | ISO/IEC 7498-1:1994,
Information technology - Open Systems Interconnection -
Basic Reference Model: The Basic Model.
[X690] ITU-T Recommendation X.690 (07/02) | ISO/IEC 8825-1:2002,
Information technology - ASN.1 encoding rules:
Specification of Basic Encoding Rules (BER), Canonical
Encoding Rules (CER) and Distinguished Encoding Rules
(DER).
[XSD0] Fallside, D., "XML Schema Part 0: Primer", W3C
Recommendation, http://www.w3.org/TR/2001/REC-
xmlschema-0-20010502, May 2001.
[RNG] Clark, J. and M. Makoto, "RELAX NG Tutorial", OASIS
Committee Specification, http://www.oasis-
open.org/committees/relax-ng/tutorial-20011203.html,
December 2001.
[DSML] "Directory Services Markup Language v2.0", OASIS Standard,
http://www.oasis-open.org/committees/dsml/docs/DSMLv2.doc,
December 2001.
9. Intellectual Property Notice
The IETF takes no position regarding the validity or scope of any
intellectual property or other rights that might be claimed to
pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights
might or might not be available; neither does it represent that it
has made any effort to identify any such rights. Information on the
IETF's procedures with respect to rights in standards-track and
Legg & Prager Expires 27 April 2004 [Page 17]
INTERNET-DRAFT XED: Protocols October 27, 2003
standards-related documentation can be found in BCP-11. Copies of
claims of rights made available for publication and any assurances of
licenses to be made available, or the result of an attempt made to
obtain a general license or permission for the use of such
proprietary rights by implementors or users of this specification can
be obtained from the IETF Secretariat.
The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
rights which may cover technology that may be required to practice
this standard. Please address the information to the IETF Executive
Director.
10. Authors' Addresses
Dr. Steven Legg
Adacel Technologies Ltd.
250 Bay Street
Brighton, Victoria 3186
AUSTRALIA
Phone: +61 3 8530 7710
Fax: +61 3 8530 7888
EMail: steven.legg@adacel.com.au
Dr. Daniel Prager
C/o Professor Lynn Batten
Department of Computing and Mathematics
Deakin University
Geelong, Victoria 3217
AUSTRALIA
EMail: dan@layabout.net
EMail: lmbatten@deakin.edu.au
Appendix A. ASN.1 for Uniform LDAP
The ASN.1 module in this appendix is the result of applying the
transformation described in this document to the original LDAP ASN.1
specification.
This appendix is normative.
XED-Uniform-LDAP
-- Copyright (C) The Internet Society (2003). This version of
-- this ASN.1 module is part of RFC XXXX; see the RFC itself
-- for full legal notices.
Legg & Prager Expires 27 April 2004 [Page 18]
INTERNET-DRAFT XED: Protocols October 27, 2003
-- The namespace name for this module is:
-- http://xmled.info/ns/XED/1/XED-Uniform-LDAP/01
-- The SchemaIdentity for this module is:
-- http://xmled.info/id/XED/1/XED-Uniform-LDAP/01
DEFINITIONS
IMPLICIT TAGS
EXTENSIBILITY IMPLIED ::=
BEGIN
IMPORTS
ATTRIBUTE,
MATCHING-RULE,
RelativeDistinguishedName,
DistinguishedName,
SupportedAttributes
FROM InformationFramework
{joint-iso-itu-t ds(5) module(1) informationFramework(1) 4}
CONTROL,
LDAP-EXTENDED-REQUEST,
LDAP-EXTENDED-RESPONSE,
SupportedControls,
SupportedRequests,
SupportedResponses
FROM XED-LDAP-Extensibility
{iso(1) 2 36 79672281 xed(3) module(0) ldap-ext(3)} ;
LDAPMessage ::= SEQUENCE {
messageID MessageID,
protocolOp CHOICE {
bindRequest BindRequest,
bindResponse BindResponse,
unbindRequest UnbindRequest,
searchRequest SearchRequest,
searchResEntry SearchResultEntry,
searchResDone SearchResultDone,
searchResRef SearchResultReference,
modifyRequest ModifyRequest,
modifyResponse ModifyResponse,
addRequest AddRequest,
addResponse AddResponse,
delRequest DelRequest,
delResponse DelResponse,
modDNRequest ModifyDNRequest,
modDNResponse ModifyDNResponse,
compareRequest CompareRequest,
compareResponse CompareResponse,
Legg & Prager Expires 27 April 2004 [Page 19]
INTERNET-DRAFT XED: Protocols October 27, 2003
abandonRequest AbandonRequest,
extendedReq ExtendedRequest,
extendedResp ExtendedResponse,
... },
controls [0] Controls OPTIONAL }
MessageID ::= INTEGER (0 .. maxInt)
maxInt INTEGER ::= 2147483647 -- (2^^31 - 1) --
LDAPString ::= UTF8String
LDAPOID ::= OBJECT IDENTIFIER
LDAPDN ::= DistinguishedName
RelativeLDAPDN ::= RelativeDistinguishedName
AttributeDescription ::= SEQUENCE {
type ATTRIBUTE.&id({SupportedAttributes}),
options SEQUENCE SIZE (1..MAX) OF
option UTF8String OPTIONAL
}
AttributeSelection ::= SEQUENCE OF AttributeDescription
AttributeValueAssertion ::= SEQUENCE {
attributeDesc SEQUENCE {
type ATTRIBUTE.&id({SupportedAttributes}),
options SEQUENCE SIZE (1..MAX) OF
option UTF8String OPTIONAL },
assertionValue ATTRIBUTE.&equality-match.&AssertionType
({SupportedAttributes}{@attributeDesc.type}) }
Attribute ::= SEQUENCE {
type SEQUENCE {
type ATTRIBUTE.&id({SupportedAttributes}),
options SEQUENCE SIZE (1..MAX) OF
option UTF8String OPTIONAL },
vals SET OF ATTRIBUTE.&Type
({SupportedAttributes}{@type.type}) }
LDAPResult ::= SEQUENCE {
resultCode ENUMERATED {
success (0),
operationsError (1),
protocolError (2),
timeLimitExceeded (3),
Legg & Prager Expires 27 April 2004 [Page 20]
INTERNET-DRAFT XED: Protocols October 27, 2003
sizeLimitExceeded (4),
compareFalse (5),
compareTrue (6),
authMethodNotSupported (7),
strongAuthRequired (8),
-- 9 reserved --
referral (10),
adminLimitExceeded (11),
unavailableCriticalExtension (12),
confidentialityRequired (13),
saslBindInProgress (14),
noSuchAttribute (16),
undefinedAttributeType (17),
inappropriateMatching (18),
constraintViolation (19),
attributeOrValueExists (20),
invalidAttributeSyntax (21),
-- 22-31 unused --
noSuchObject (32),
aliasProblem (33),
invalidDNSyntax (34),
-- 35 reserved for undefined isLeaf --
aliasDereferencingProblem (36),
-- 37-47 unused --
inappropriateAuthentication (48),
invalidCredentials (49),
insufficientAccessRights (50),
busy (51),
unavailable (52),
unwillingToPerform (53),
loopDetect (54),
-- 55-63 unused --
namingViolation (64),
objectClassViolation (65),
notAllowedOnNonLeaf (66),
notAllowedOnRDN (67),
entryAlreadyExists (68),
objectClassModsProhibited (69),
-- 70 reserved for CLDAP --
affectsMultipleDSAs (71),
-- 72-79 unused --
other (80),
... },
-- 81-90 reserved for APIs --
matchedDN LDAPDN,
diagnosticMessage LDAPString,
referral [3] Referral OPTIONAL }
Legg & Prager Expires 27 April 2004 [Page 21]
INTERNET-DRAFT XED: Protocols October 27, 2003
Referral ::= SEQUENCE OF URL
URL ::= LDAPString -- limited to characters permitted in
-- URLs
Controls ::= SEQUENCE OF Control
Control ::= SEQUENCE {
controlType CONTROL.&type({SupportedControls}),
criticality BOOLEAN DEFAULT FALSE,
controlValue CHOICE {
request [0] CONTROL.&RequestValue
({SupportedControls}{@controlType}),
response [1] CONTROL.&ResponseValue
({SupportedControls}{@controlType})
} OPTIONAL }
BindRequest ::= [APPLICATION 0] SEQUENCE {
version INTEGER (1 .. 127),
name LDAPDN,
authentication AuthenticationChoice }
AuthenticationChoice ::= CHOICE {
simple [0] OCTET STRING,
-- 1 and 2 reserved
sasl [3] SaslCredentials,
... }
SaslCredentials ::= SEQUENCE {
mechanism LDAPString,
credentials OCTET STRING OPTIONAL }
BindResponse ::= [APPLICATION 1] SEQUENCE {
COMPONENTS OF LDAPResult,
serverSaslCreds [7] OCTET STRING OPTIONAL }
UnbindRequest ::= [APPLICATION 2] NULL
SearchRequest ::= [APPLICATION 3] SEQUENCE {
baseObject LDAPDN,
scope ENUMERATED {
baseObject (0),
singleLevel (1),
wholeSubtree (2) },
derefAliases ENUMERATED {
neverDerefAliases (0),
derefInSearching (1),
derefFindingBaseObj (2),
Legg & Prager Expires 27 April 2004 [Page 22]
INTERNET-DRAFT XED: Protocols October 27, 2003
derefAlways (3) },
sizeLimit INTEGER (0 .. maxInt),
timeLimit INTEGER (0 .. maxInt),
typesOnly BOOLEAN,
filter Filter,
attributes AttributeSelection }
Filter ::= CHOICE {
and [0] SET SIZE (1..MAX) OF Filter,
or [1] SET SIZE (1..MAX) OF Filter,
not [2] Filter,
equalityMatch [3] AttributeValueAssertion,
substrings [4] SubstringFilter,
greaterOrEqual [5] AttributeValueAssertion,
lessOrEqual [6] AttributeValueAssertion,
present [7] AttributeDescription,
approxMatch [8] AttributeValueAssertion,
extensibleMatch [9] MatchingRuleAssertion }
SubstringFilter ::= SEQUENCE {
type SEQUENCE {
type ATTRIBUTE.&id({SupportedAttributes}),
options SEQUENCE SIZE (1..MAX) OF
option UTF8String OPTIONAL },
-- at least one must be present,
-- initial and final can occur at most once
substrings SEQUENCE OF CHOICE {
initial [0] ATTRIBUTE.&equality-match.&AssertionType
({SupportedAttributes}{@type.type}),
any [1] ATTRIBUTE.&equality-match.&AssertionType
({SupportedAttributes}{@type.type}),
final [2] ATTRIBUTE.&equality-match.&AssertionType
({SupportedAttributes}{@type.type}) } }
MatchingRuleAssertion ::= SEQUENCE {
matchingRule [1] MATCHING-RULE.&id OPTIONAL,
type [2] AttributeDescription OPTIONAL,
matchValue [3] MATCHING-RULE.&AssertionType,
dnAttributes [4] BOOLEAN DEFAULT FALSE }
SearchResultEntry ::= [APPLICATION 4] SEQUENCE {
objectName LDAPDN,
attributes PartialAttributeList }
PartialAttributeList ::= SEQUENCE OF SEQUENCE {
type SEQUENCE {
type ATTRIBUTE.&id({SupportedAttributes}),
options SEQUENCE SIZE (1..MAX) OF
Legg & Prager Expires 27 April 2004 [Page 23]
INTERNET-DRAFT XED: Protocols October 27, 2003
option UTF8String OPTIONAL },
vals SET OF ATTRIBUTE.&Type
({SupportedAttributes}{@type.type}) }
SearchResultReference ::= [APPLICATION 19] SEQUENCE OF URL
SearchResultDone ::= [APPLICATION 5] LDAPResult
ModifyRequest ::= [APPLICATION 6] SEQUENCE {
object LDAPDN,
modification SEQUENCE OF SEQUENCE {
operation ENUMERATED {
add (0),
delete (1),
replace (2) },
modification Attribute } }
ModifyResponse ::= [APPLICATION 7] LDAPResult
AddRequest ::= [APPLICATION 8] SEQUENCE {
entry LDAPDN,
attributes AttributeList }
AttributeList ::= SEQUENCE OF SEQUENCE {
type SEQUENCE {
type ATTRIBUTE.&id({SupportedAttributes}),
options SEQUENCE SIZE (1..MAX) OF
option UTF8String OPTIONAL },
vals SET OF ATTRIBUTE.&Type
({SupportedAttributes}{@type.type}) }
AddResponse ::= [APPLICATION 9] LDAPResult
DelRequest ::= [APPLICATION 10] LDAPDN
DelResponse ::= [APPLICATION 11] LDAPResult
ModifyDNRequest ::= [APPLICATION 12] SEQUENCE {
entry LDAPDN,
newrdn RelativeLDAPDN,
deleteoldrdn BOOLEAN,
newSuperior [0] LDAPDN OPTIONAL }
ModifyDNResponse ::= [APPLICATION 13] LDAPResult
CompareRequest ::= [APPLICATION 14] SEQUENCE {
entry LDAPDN,
ava AttributeValueAssertion }
Legg & Prager Expires 27 April 2004 [Page 24]
INTERNET-DRAFT XED: Protocols October 27, 2003
CompareResponse ::= [APPLICATION 15] LDAPResult
AbandonRequest ::= [APPLICATION 16] MessageID
ExtendedRequest ::= [APPLICATION 23] SEQUENCE {
requestName [0] LDAP-EXTENDED-REQUEST.&name
({SupportedRequests}),
requestValue [1] LDAP-EXTENDED-REQUEST.&Value
({SupportedRequests}{@requestName})
OPTIONAL }
ExtendedResponse ::= [APPLICATION 24] SEQUENCE {
COMPONENTS OF LDAPResult,
responseName [10] LDAP-EXTENDED-RESPONSE.&name
({SupportedResponses}) OPTIONAL,
responseValue [11] LDAP-EXTENDED-RESPONSE.&Value
({SupportedResponses}{@responseName})
OPTIONAL }
END
Appendix B. Supporting Definitions for Uniform LDAP
This appendix is normative.
XED-LDAP-Extensibility
{iso(1) 2 36 79672281 xed(3) module(0) ldap-ext(3)}
-- Copyright (C) The Internet Society (2003). This version of
-- this ASN.1 module is part of RFC XXXX; see the RFC itself
-- for full legal notices.
-- The namespace name for this module is:
-- http://xmled.info/ns/XED/1/XED-LDAP-Extensibility/00
-- The SchemaIdentity for this module is:
-- http://xmled.info/id/XED/1/XED-LDAP-Extensibility/00
DEFINITIONS
AUTOMATIC TAGS EXTENSIBILITY IMPLIED ::= BEGIN
CONTROL ::= CLASS {
&type OBJECT IDENTIFIER,
&RequestValue OPTIONAL,
&ResponseValue OPTIONAL
}
SupportedControls CONTROL ::= { ... }
Legg & Prager Expires 27 April 2004 [Page 25]
INTERNET-DRAFT XED: Protocols October 27, 2003
LDAP-EXTENDED-REQUEST ::= CLASS {
&name OBJECT IDENTIFIER,
&Value OPTIONAL
}
SupportedRequests LDAP-EXTENDED-REQUEST ::= { ... }
LDAP-EXTENDED-RESPONSE ::= CLASS {
&name OBJECT IDENTIFIER,
&Value OPTIONAL
}
SupportedResponses LDAP-EXTENDED-RESPONSE ::= { ... }
END
Appendix C. ASN.1 Schema for Uniform LDAP
This appendix contains the ASN.1 Schema [ASD] translations of the
XED-Uniform-LDAP and XED-LDAP-Extensibility modules.
This appendix is non-normative.
<?xml version="1.0"?>
<asn1:schema xmlns:asn1="http://xmled.info/ns/ASN.1/0702/00"
xmlns:if="http://xmled.info/ns/X.500/4/InformationFramework/00"
xmlns:ext="http://xmled.info/ns/XED/1/XED-LDAP-Extensibility/00"
xmlns:tns="http://xmled.info/ns/XED/1/XED-Uniform-LDAP/01"
targetNamespace="http://xmled.info/ns/XED/1/XED-Uniform-LDAP/01"
name="XED-Uniform-LDAP"
tagDefault="IMPLICIT"
extensibilityImplied="true">
<import name="InformationFramework"
namespace="http://xmled.info/ns/X.500/4/InformationFramework/00"
schemaLocation=
"http://xmled.info/id/X.500/4/InformationFramework/00"/>
<import name="XED-LDAP-Extensibility"
namespace="http://xmled.info/ns/XED/1/XED-LDAP-Extensibility/00"
schemaLocation=
"http://xmled.info/id/XED/1/XED-LDAP-Extensibility/00"/>
<namedType name="LDAPMessage">
<type>
<sequence>
<element name="messageID" type="tns:MessageID"/>
<element name="protocolOp">
Legg & Prager Expires 27 April 2004 [Page 26]
INTERNET-DRAFT XED: Protocols October 27, 2003
<type>
<choice>
<element name="bindRequest" type="tns:BindRequest"/>
<element name="bindResponse" type="tns:BindResponse"/>
<element name="unbindRequest" type="tns:UnbindRequest"/>
<element name="searchRequest" type="tns:SearchRequest"/>
<element name="searchResEntry" type="tns:SearchResultEntry"/>
<element name="searchResDone" type="tns:SearchResultDone"/>
<element name="searchResRef"
type="tns:SearchResultReference"/>
<element name="modifyRequest" type="tns:ModifyRequest"/>
<element name="modifyResponse" type="tns:ModifyResponse"/>
<element name="addRequest" type="tns:AddRequest"/>
<element name="addResponse" type="tns:AddResponse"/>
<element name="delRequest" type="tns:DelRequest"/>
<element name="delResponse" type="tns:DelResponse"/>
<element name="modDNRequest" type="tns:ModifyDNRequest"/>
<element name="modDNResponse" type="tns:ModifyDNResponse"/>
<element name="compareRequest" type="tns:CompareRequest"/>
<element name="compareResponse" type="tns:CompareResponse"/>
<element name="abandonRequest" type="tns:AbandonRequest"/>
<element name="extendedReq" type="tns:ExtendedRequest"/>
<element name="extendedResp" type="tns:ExtendedResponse"/>
</choice>
</type>
</element>
<optional>
<element name="controls">
<type>
<tagged number="0" type="tns:Controls"/>
</type>
</element>
</optional>
</sequence>
</type>
</namedType>
<namedType name="MessageID">
<type>
<constrained type="asn1:INTEGER">
<range>
<minInclusive literal="0"/>
<maxInclusive value="tns:maxInt"/>
</range>
</constrained>
</type>
</namedType>
Legg & Prager Expires 27 April 2004 [Page 27]
INTERNET-DRAFT XED: Protocols October 27, 2003
<namedValue name="maxInt" type="asn1:INTEGER" literal="2147483647"/>
<namedType name="LDAPString" type="asn1:UTF8String"/>
<namedType name="LDAPOID" type="asn1:OBJECT-IDENTIFIER"/>
<namedType name="LDAPDN" type="if:DistinguishedName"/>
<namedType name="RelativeLDAPDN"
type="if:RelativeDistinguishedName"/>
<namedType name="AttributeDescription">
<type>
<sequence>
<element name="type">
<type>
<constrained>
<type>
<fromClass class="if:ATTRIBUTE" fieldName="id"/>
</type>
<table objectSet="if:SupportedAttributes"/>
</constrained>
</type>
</element>
<optional>
<element name="options">
<type>
<sequenceOf minSize="1">
<element name="option" type="asn1:UTF8String"/>
</sequenceOf>
</type>
</element>
</optional>
</sequence>
</type>
</namedType>
<namedType name="AttributeSelection">
<type>
<sequenceOf>
<element assumedName="item" type="tns:AttributeDescription"/>
</sequenceOf>
</type>
</namedType>
<namedType name="AttributeValueAssertion">
<type>
<sequence>
Legg & Prager Expires 27 April 2004 [Page 28]
INTERNET-DRAFT XED: Protocols October 27, 2003
<element name="attributeDesc">
<type>
<sequence>
<element name="type">
<type>
<constrained>
<type>
<fromClass class="if:ATTRIBUTE" fieldName="id"/>
</type>
<table objectSet="if:SupportedAttributes"/>
</constrained>
</type>
</element>
<optional>
<element name="options">
<type>
<sequenceOf minSize="1">
<element name="option" type="asn1:UTF8String"/>
</sequenceOf>
</type>
</element>
</optional>
</sequence>
</type>
</element>
<element name="assertionValue">
<type>
<constrained>
<type>
<fromClass class="if:ATTRIBUTE"
fieldName="equality-match/AssertionType"/>
</type>
<table objectSet="if:SupportedAttributes">
<restrictBy component="attributeDesc/type"/>
</table>
</constrained>
</type>
</element>
</sequence>
</type>
</namedType>
<namedType name="Attribute">
<type>
<sequence>
<element name="type">
<type>
<sequence>
Legg & Prager Expires 27 April 2004 [Page 29]
INTERNET-DRAFT XED: Protocols October 27, 2003
<element name="type">
<type>
<constrained>
<type>
<fromClass class="if:ATTRIBUTE" fieldName="id"/>
</type>
<table objectSet="if:SupportedAttributes"/>
</constrained>
</type>
</element>
<optional>
<element name="options">
<type>
<sequenceOf minSize="1">
<element name="option" type="asn1:UTF8String"/>
</sequenceOf>
</type>
</element>
</optional>
</sequence>
</type>
</element>
<element name="vals">
<type>
<setOf>
<element assumedName="item">
<type>
<constrained>
<type>
<fromClass class="if:ATTRIBUTE" fieldName="Type"/>
</type>
<table objectSet="if:SupportedAttributes">
<restrictBy component="type/type"/>
</table>
</constrained>
</type>
</element>
</setOf>
</type>
</element>
</sequence>
</type>
</namedType>
<namedType name="LDAPResult">
<type>
<sequence>
<element name="resultCode">
Legg & Prager Expires 27 April 2004 [Page 30]
INTERNET-DRAFT XED: Protocols October 27, 2003
<type>
<enumerated>
<enumeration name="success" number="0"/>
<enumeration name="operationsError" number="1"/>
<enumeration name="protocolError" number="2"/>
<enumeration name="timeLimitExceeded" number="3"/>
<enumeration name="sizeLimitExceeded" number="4"/>
<enumeration name="compareFalse" number="5"/>
<enumeration name="compareTrue" number="6"/>
<enumeration name="authMethodNotSupported" number="7"/>
<enumeration name="strongAuthRequired" number="8"/>
<enumeration name="referral" number="10"/>
<enumeration name="adminLimitExceeded" number="11"/>
<enumeration name="unavailableCriticalExtension" number="12"/>
<enumeration name="confidentialityRequired" number="13"/>
<enumeration name="saslBindInProgress" number="14"/>
<enumeration name="noSuchAttribute" number="16"/>
<enumeration name="undefinedAttributeType" number="17"/>
<enumeration name="inappropriateMatching" number="18"/>
<enumeration name="constraintViolation" number="19"/>
<enumeration name="attributeOrValueExists" number="20"/>
<enumeration name="invalidAttributeSyntax" number="21"/>
<enumeration name="noSuchObject" number="32"/>
<enumeration name="aliasProblem" number="33"/>
<enumeration name="invalidDNSyntax" number="34"/>
<enumeration name="aliasDereferencingProblem" number="36"/>
<enumeration name="inappropriateAuthentication" number="48"/>
<enumeration name="invalidCredentials" number="49"/>
<enumeration name="insufficientAccessRights" number="50"/>
<enumeration name="busy" number="51"/>
<enumeration name="unavailable" number="52"/>
<enumeration name="unwillingToPerform" number="53"/>
<enumeration name="loopDetect" number="54"/>
<enumeration name="namingViolation" number="64"/>
<enumeration name="objectClassViolation" number="65"/>
<enumeration name="notAllowedOnNonLeaf" number="66"/>
<enumeration name="notAllowedOnRDN" number="67"/>
<enumeration name="entryAlreadyExists" number="68"/>
<enumeration name="objectClassModsProhibited" number="69"/>
<enumeration name="affectsMultipleDSAs" number="71"/>
<enumeration name="other" number="80"/>
</enumerated>
</type>
</element>
<element name="matchedDN" type="tns:LDAPDN"/>
<element name="diagnosticMessage" type="tns:LDAPString"/>
<optional>
<element name="referral">
Legg & Prager Expires 27 April 2004 [Page 31]
INTERNET-DRAFT XED: Protocols October 27, 2003
<type>
<tagged number="3" type="tns:Referral"/>
</type>
</element>
</optional>
</sequence>
</type>
</namedType>
<namedType name="Referral">
<type>
<sequenceOf>
<element assumedName="item" type="tns:URL"/>
</sequenceOf>
</type>
</namedType>
<namedType name="URL" type="tns:LDAPString"/>
<namedType name="Controls">
<type>
<sequenceOf>
<element assumedName="item" type="tns:Control"/>
</sequenceOf>
</type>
</namedType>
<namedType name="Control">
<type>
<sequence>
<element name="controlType">
<type>
<constrained>
<type>
<fromClass class="ext:CONTROL" fieldName="type"/>
</type>
<table objectSet="ext:SupportedControls"/>
</constrained>
</type>
</element>
<optional>
<element name="criticality" type="asn1:BOOLEAN"/>
<default literal="false"/>
</optional>
<optional>
<element name="controlValue">
<type>
<choice>
Legg & Prager Expires 27 April 2004 [Page 32]
INTERNET-DRAFT XED: Protocols October 27, 2003
<element name="request">
<type>
<tagged number="0">
<type>
<constrained>
<type>
<fromClass class="ext:CONTROL"
fieldName="RequestValue"/>
</type>
<table objectSet="ext:SupportedControls">
<restrictBy component="controlType"/>
</table>
</constrained>
</type>
</tagged>
</type>
</element>
<element name="response">
<type>
<tagged number="1">
<type>
<constrained>
<type>
<fromClass class="ext:CONTROL"
fieldName="ResponseValue"/>
</type>
<table objectSet="ext:SupportedControls">
<restrictBy component="controlType"/>
</table>
</constrained>
</type>
</tagged>
</type>
</element>
</choice>
</type>
</element>
</optional>
</sequence>
</type>
</namedType>
<namedType name="BindRequest">
<type>
<tagged tagClass="APPLICATION" number="0">
<type>
<sequence>
<element name="version">
Legg & Prager Expires 27 April 2004 [Page 33]
INTERNET-DRAFT XED: Protocols October 27, 2003
<type>
<constrained type="asn1:INTEGER">
<range>
<minInclusive literal="1"/>
<maxInclusive literal="127"/>
</range>
</constrained>
</type>
</element>
<element name="name" type="tns:LDAPDN"/>
<element name="authentication"
type="tns:AuthenticationChoice"/>
</sequence>
</type>
</tagged>
</type>
</namedType>
<namedType name="AuthenticationChoice">
<type>
<choice>
<element name="simple">
<type>
<tagged number="0" type="asn1:OCTET-STRING"/>
</type>
</element>
<element name="sasl">
<type>
<tagged number="3" type="tns:SaslCredentials"/>
</type>
</element>
</choice>
</type>
</namedType>
<namedType name="SaslCredentials">
<type>
<sequence>
<element name="mechanism" type="tns:LDAPString"/>
<optional>
<element name="credentials" type="asn1:OCTET-STRING"/>
</optional>
</sequence>
</type>
</namedType>
<namedType name="BindResponse">
<type>
Legg & Prager Expires 27 April 2004 [Page 34]
INTERNET-DRAFT XED: Protocols October 27, 2003
<tagged tagClass="APPLICATION" number="1">
<type>
<sequence>
<componentsOf type="tns:LDAPResult"/>
<optional>
<element name="serverSaslCreds">
<type>
<tagged number="7" type="asn1:OCTET-STRING"/>
</type>
</element>
</optional>
</sequence>
</type>
</tagged>
</type>
</namedType>
<namedType name="UnbindRequest">
<type>
<tagged tagClass="APPLICATION" number="2" type="asn1:NULL"/>
</type>
</namedType>
<namedType name="SearchRequest">
<type>
<tagged tagClass="APPLICATION" number="3">
<type>
<sequence>
<element name="baseObject" type="tns:LDAPDN"/>
<element name="scope">
<type>
<enumerated>
<enumeration name="baseObject" number="0"/>
<enumeration name="singleLevel" number="1"/>
<enumeration name="wholeSubtree" number="2"/>
</enumerated>
</type>
</element>
<element name="derefAliases">
<type>
<enumerated>
<enumeration name="neverDerefAliases" number="0"/>
<enumeration name="derefInSearching" number="1"/>
<enumeration name="derefFindingBaseObj" number="2"/>
<enumeration name="derefAlways" number="3"/>
</enumerated>
</type>
</element>
Legg & Prager Expires 27 April 2004 [Page 35]
INTERNET-DRAFT XED: Protocols October 27, 2003
<element name="sizeLimit">
<type>
<constrained type="asn1:INTEGER">
<range>
<minInclusive literal="0"/>
<maxInclusive value="tns:maxInt"/>
</range>
</constrained>
</type>
</element>
<element name="timeLimit">
<type>
<constrained type="asn1:INTEGER">
<range>
<minInclusive literal="0"/>
<maxInclusive value="tns:maxInt"/>
</range>
</constrained>
</type>
</element>
<element name="typesOnly" type="asn1:BOOLEAN"/>
<element name="filter" type="tns:Filter"/>
<element name="attributes" type="tns:AttributeSelection"/>
</sequence>
</type>
</tagged>
</type>
</namedType>
<namedType name="Filter">
<type>
<choice>
<element name="and">
<type>
<tagged number="0">
<type>
<setOf minSize="1">
<element assumedName="item" type="tns:Filter"/>
</setOf>
</type>
</tagged>
</type>
</element>
<element name="or">
<type>
<tagged number="1">
<type>
<setOf minSize="1">
Legg & Prager Expires 27 April 2004 [Page 36]
INTERNET-DRAFT XED: Protocols October 27, 2003
<element assumedName="item" type="tns:Filter"/>
</setOf>
</type>
</tagged>
</type>
</element>
<element name="not">
<type>
<tagged number="2" type="tns:Filter"/>
</type>
</element>
<element name="equalityMatch">
<type>
<tagged number="3" type="tns:AttributeValueAssertion"/>
</type>
</element>
<element name="substrings">
<type>
<tagged number="4" type="tns:SubstringFilter"/>
</type>
</element>
<element name="greaterOrEqual">
<type>
<tagged number="5" type="tns:AttributeValueAssertion"/>
</type>
</element>
<element name="lessOrEqual">
<type>
<tagged number="6" type="tns:AttributeValueAssertion"/>
</type>
</element>
<element name="present">
<type>
<tagged number="7" type="tns:AttributeDescription"/>
</type>
</element>
<element name="approxMatch">
<type>
<tagged number="8" type="tns:AttributeValueAssertion"/>
</type>
</element>
<element name="extensibleMatch">
<type>
<tagged number="9" type="tns:MatchingRuleAssertion"/>
</type>
</element>
</choice>
</type>
Legg & Prager Expires 27 April 2004 [Page 37]
INTERNET-DRAFT XED: Protocols October 27, 2003
</namedType>
<namedType name="SubstringFilter">
<type>
<sequence>
<element name="type">
<type>
<sequence>
<element name="type">
<type>
<constrained>
<type>
<fromClass class="if:ATTRIBUTE" fieldName="id"/>
</type>
<table objectSet="if:SupportedAttributes"/>
</constrained>
</type>
</element>
<optional>
<element name="options">
<type>
<sequenceOf minSize="1">
<element name="option" type="asn1:UTF8String"/>
</sequenceOf>
</type>
</element>
</optional>
</sequence>
</type>
</element>
<element name="substrings">
<type>
<sequenceOf>
<element assumedName="item">
<type>
<choice>
<element name="initial">
<type>
<tagged number="0">
<type>
<constrained>
<type>
<fromClass class="if:ATTRIBUTE"
fieldName="equality-match/AssertionType"/>
</type>
<table objectSet="if:SupportedAttributes">
<restrictBy component="type/type"/>
</table>
Legg & Prager Expires 27 April 2004 [Page 38]
INTERNET-DRAFT XED: Protocols October 27, 2003
</constrained>
</type>
</tagged>
</type>
</element>
<element name="any">
<type>
<tagged number="1">
<type>
<constrained>
<type>
<fromClass class="if:ATTRIBUTE"
fieldName="equality-match/AssertionType"/>
</type>
<table objectSet="if:SupportedAttributes">
<restrictBy component="type/type"/>
</table>
</constrained>
</type>
</tagged>
</type>
</element>
<element name="final">
<type>
<tagged number="2">
<type>
<constrained>
<type>
<fromClass class="if:ATTRIBUTE"
fieldName="equality-match/AssertionType"/>
</type>
<table objectSet="if:SupportedAttributes">
<restrictBy component="type/type"/>
</table>
</constrained>
</type>
</tagged>
</type>
</element>
</choice>
</type>
</element>
</sequenceOf>
</type>
</element>
</sequence>
</type>
</namedType>
Legg & Prager Expires 27 April 2004 [Page 39]
INTERNET-DRAFT XED: Protocols October 27, 2003
<namedType name="MatchingRuleAssertion">
<type>
<sequence>
<optional>
<element name="matchingRule">
<type>
<tagged number="1">
<type>
<fromClass class="if:MATCHING-RULE" fieldName="id"/>
</type>
</tagged>
</type>
</element>
</optional>
<optional>
<element name="type">
<type>
<tagged number="2" type="tns:AttributeDescription"/>
</type>
</element>
</optional>
<element name="matchValue">
<type>
<tagged number="3">
<type>
<fromClass class="if:MATCHING-RULE"
fieldName="AssertionType"/>
</type>
</tagged>
</type>
</element>
<optional>
<element name="dnAttributes">
<type>
<tagged number="4" type="asn1:BOOLEAN"/>
</type>
</element>
<default literal="false"/>
</optional>
</sequence>
</type>
</namedType>
<namedType name="SearchResultEntry">
<type>
<tagged tagClass="APPLICATION" number="4">
<type>
<sequence>
Legg & Prager Expires 27 April 2004 [Page 40]
INTERNET-DRAFT XED: Protocols October 27, 2003
<element name="objectName" type="tns:LDAPDN"/>
<element name="attributes" type="tns:PartialAttributeList"/>
</sequence>
</type>
</tagged>
</type>
</namedType>
<namedType name="PartialAttributeList">
<type>
<sequenceOf>
<element assumedName="item">
<type>
<sequence>
<element name="type">
<type>
<sequence>
<element name="type">
<type>
<constrained>
<type>
<fromClass class="if:ATTRIBUTE" fieldName="id"/>
</type>
<table objectSet="if:SupportedAttributes"/>
</constrained>
</type>
</element>
<optional>
<element name="options">
<type>
<sequenceOf minSize="1">
<element name="option" type="asn1:UTF8String"/>
</sequenceOf>
</type>
</element>
</optional>
</sequence>
</type>
</element>
<element name="vals">
<type>
<setOf>
<element assumedName="item">
<type>
<constrained>
<type>
<fromClass class="if:ATTRIBUTE" fieldName="Type"/>
</type>
Legg & Prager Expires 27 April 2004 [Page 41]
INTERNET-DRAFT XED: Protocols October 27, 2003
<table objectSet="if:SupportedAttributes">
<restrictBy component="type/type"/>
</table>
</constrained>
</type>
</element>
</setOf>
</type>
</element>
</sequence>
</type>
</element>
</sequenceOf>
</type>
</namedType>
<namedType name="SearchResultReference">
<type>
<tagged tagClass="APPLICATION" number="19">
<type>
<sequenceOf>
<element assumedName="item" type="tns:URL"/>
</sequenceOf>
</type>
</tagged>
</type>
</namedType>
<namedType name="SearchResultDone">
<type>
<tagged tagClass="APPLICATION" number="5" type="tns:LDAPResult"/>
</type>
</namedType>
<namedType name="ModifyRequest">
<type>
<tagged tagClass="APPLICATION" number="6">
<type>
<sequence>
<element name="object" type="tns:LDAPDN"/>
<element name="modification">
<type>
<sequenceOf>
<element assumedName="item">
<type>
<sequence>
<element name="operation">
<type>
Legg & Prager Expires 27 April 2004 [Page 42]
INTERNET-DRAFT XED: Protocols October 27, 2003
<enumerated>
<enumeration name="add" number="0"/>
<enumeration name="delete" number="1"/>
<enumeration name="replace" number="2"/>
</enumerated>
</type>
</element>
<element name="modification" type="tns:Attribute"/>
</sequence>
</type>
</element>
</sequenceOf>
</type>
</element>
</sequence>
</type>
</tagged>
</type>
</namedType>
<namedType name="ModifyResponse">
<type>
<tagged tagClass="APPLICATION" number="7" type="tns:LDAPResult"/>
</type>
</namedType>
<namedType name="AddRequest">
<type>
<tagged tagClass="APPLICATION" number="8">
<type>
<sequence>
<element name="entry" type="tns:LDAPDN"/>
<element name="attributes" type="tns:AttributeList"/>
</sequence>
</type>
</tagged>
</type>
</namedType>
<namedType name="AttributeList">
<type>
<sequenceOf>
<element assumedName="item">
<type>
<sequence>
<element name="type">
<type>
<sequence>
Legg & Prager Expires 27 April 2004 [Page 43]
INTERNET-DRAFT XED: Protocols October 27, 2003
<element name="type">
<type>
<constrained>
<type>
<fromClass class="if:ATTRIBUTE" fieldName="id"/>
</type>
<table objectSet="if:SupportedAttributes"/>
</constrained>
</type>
</element>
<optional>
<element name="options">
<type>
<sequenceOf minSize="1">
<element name="option" type="asn1:UTF8String"/>
</sequenceOf>
</type>
</element>
</optional>
</sequence>
</type>
</element>
<element name="vals">
<type>
<setOf>
<element assumedName="item">
<type>
<constrained>
<type>
<fromClass class="if:ATTRIBUTE" fieldName="Type"/>
</type>
<table objectSet="if:SupportedAttributes">
<restrictBy component="type/type"/>
</table>
</constrained>
</type>
</element>
</setOf>
</type>
</element>
</sequence>
</type>
</element>
</sequenceOf>
</type>
</namedType>
<namedType name="AddResponse">
Legg & Prager Expires 27 April 2004 [Page 44]
INTERNET-DRAFT XED: Protocols October 27, 2003
<type>
<tagged tagClass="APPLICATION" number="9" type="tns:LDAPResult"/>
</type>
</namedType>
<namedType name="DelRequest">
<type>
<tagged tagClass="APPLICATION" number="10" type="tns:LDAPDN"/>
</type>
</namedType>
<namedType name="DelResponse">
<type>
<tagged tagClass="APPLICATION" number="11" type="tns:LDAPResult"/>
</type>
</namedType>
<namedType name="ModifyDNRequest">
<type>
<tagged tagClass="APPLICATION" number="12">
<type>
<sequence>
<element name="entry" type="tns:LDAPDN"/>
<element name="newrdn" type="tns:RelativeLDAPDN"/>
<element name="deleteoldrdn" type="asn1:BOOLEAN"/>
<optional>
<element name="newSuperior">
<type>
<tagged number="0" type="tns:LDAPDN"/>
</type>
</element>
</optional>
</sequence>
</type>
</tagged>
</type>
</namedType>
<namedType name="ModifyDNResponse">
<type>
<tagged tagClass="APPLICATION" number="13" type="tns:LDAPResult"/>
</type>
</namedType>
<namedType name="CompareRequest">
<type>
<tagged tagClass="APPLICATION" number="14">
<type>
Legg & Prager Expires 27 April 2004 [Page 45]
INTERNET-DRAFT XED: Protocols October 27, 2003
<sequence>
<element name="entry" type="tns:LDAPDN"/>
<element name="ava" type="tns:AttributeValueAssertion"/>
</sequence>
</type>
</tagged>
</type>
</namedType>
<namedType name="CompareResponse">
<type>
<tagged tagClass="APPLICATION" number="15" type="tns:LDAPResult"/>
</type>
</namedType>
<namedType name="AbandonRequest">
<type>
<tagged tagClass="APPLICATION" number="16" type="tns:MessageID"/>
</type>
</namedType>
<namedType name="ExtendedRequest">
<type>
<tagged tagClass="APPLICATION" number="23">
<type>
<sequence>
<element name="requestName">
<type>
<tagged number="0">
<type>
<constrained>
<type>
<fromClass class="ext:LDAP-EXTENDED-REQUEST"
fieldName="name"/>
</type>
<table objectSet="ext:SupportedRequests"/>
</constrained>
</type>
</tagged>
</type>
</element>
<optional>
<element name="requestValue">
<type>
<tagged number="1">
<type>
<constrained>
<type>
Legg & Prager Expires 27 April 2004 [Page 46]
INTERNET-DRAFT XED: Protocols October 27, 2003
<fromClass class="ext:LDAP-EXTENDED-REQUEST"
fieldName="Value"/>
</type>
<table objectSet="ext:SupportedRequests">
<restrictBy component="requestName"/>
</table>
</constrained>
</type>
</tagged>
</type>
</element>
</optional>
</sequence>
</type>
</tagged>
</type>
</namedType>
<namedType name="ExtendedResponse">
<type>
<tagged tagClass="APPLICATION" number="24">
<type>
<sequence>
<componentsOf type="tns:LDAPResult"/>
<optional>
<element name="responseName">
<type>
<tagged number="10">
<type>
<constrained>
<type>
<fromClass class="ext:LDAP-EXTENDED-RESPONSE"
fieldName="name"/>
</type>
<table objectSet="ext:SupportedResponses"/>
</constrained>
</type>
</tagged>
</type>
</element>
</optional>
<optional>
<element name="responseValue">
<type>
<tagged number="11">
<type>
<constrained>
<type>
Legg & Prager Expires 27 April 2004 [Page 47]
INTERNET-DRAFT XED: Protocols October 27, 2003
<fromClass class="ext:LDAP-EXTENDED-RESPONSE"
fieldName="Value"/>
</type>
<table objectSet="ext:SupportedResponses">
<restrictBy component="responseName"/>
</table>
</constrained>
</type>
</tagged>
</type>
</element>
</optional>
</sequence>
</type>
</tagged>
</type>
</namedType>
</asn1:schema>
<?xml version="1.0"?>
<asn1:schema
xmlns:asn1="http://xmled.info/ns/ASN.1/0702/00"
xmlns:tns="http://xmled.info/ns/XED/1/XED-LDAP-Extensibility/00"
targetNamespace=
"http://xmled.info/ns/XED/1/XED-LDAP-Extensibility/00"
name="XED-LDAP-Extensibility"
extensibilityImplied="true">
<namedClass name="CONTROL">
<class>
<valueField name="type" type="asn1:OBJECT-IDENTIFIER"/>
<optional>
<typeField name="RequestValue"/>
</optional>
<optional>
<typeField name="ResponseValue"/>
</optional>
</class>
</namedClass>
<namedObjectSet name="SupportedControls" class="tns:CONTROL">
<objectSet>
<extension/>
</objectSet>
</namedObjectSet>
Legg & Prager Expires 27 April 2004 [Page 48]
INTERNET-DRAFT XED: Protocols October 27, 2003
<namedClass name="LDAP-EXTENDED-REQUEST">
<class>
<valueField name="name" type="asn1:OBJECT-IDENTIFIER"/>
<optional>
<typeField name="Value"/>
</optional>
</class>
</namedClass>
<namedObjectSet name="SupportedRequests"
class="tns:LDAP-EXTENDED-REQUEST">
<objectSet>
<extension/>
</objectSet>
</namedObjectSet>
<namedClass name="LDAP-EXTENDED-RESPONSE">
<class>
<valueField name="name" type="asn1:OBJECT-IDENTIFIER"/>
<optional>
<typeField name="Value"/>
</optional>
</class>
</namedClass>
<namedObjectSet name="SupportedResponses"
class="tns:LDAP-EXTENDED-RESPONSE">
<objectSet>
<extension/>
</objectSet>
</namedObjectSet>
</asn1:schema>
Appendix D. XML Schema for Uniform LDAP
This appendix contains a compatible XML Schema [CXSD] translation of
the XED-Uniform-LDAP module. The XML Schema translation of the
XED-LDAP-Extensibility module contains no XML Schema definitions.
This appendix is non-normative.
<?xml version="1.0"?>
<xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:asn1="http://xmled.info/ns/ASN.1/0702/00"
xmlns:if="http://xmled.info/ns/X.500/4/InformationFramework/00"
xmlns:tns="http://xmled.info/ns/XED/1/XED-Uniform-LDAP/01"
targetNamespace="http://xmled.info/ns/XED/1/XED-Uniform-LDAP/01">
Legg & Prager Expires 27 April 2004 [Page 49]
INTERNET-DRAFT XED: Protocols October 27, 2003
<xsd:import namespace="http://xmled.info/ns/ASN.1/0702/00"
schemaLocation="builtInTypes.xsd"/>
<xsd:import
namespace="http://xmled.info/ns/X.500/4/InformationFramework/00"
schemaLocation="InformationFramework.xsd"/>
<xsd:complexType name="LDAPMessage">
<xsd:sequence>
<xsd:element name="messageID" type="tns:MessageID"/>
<xsd:element name="protocolOp">
<xsd:complexType>
<xsd:choice>
<xsd:element name="bindRequest" type="tns:BindRequest"/>
<xsd:element name="bindResponse" type="tns:BindResponse"/>
<xsd:element name="unbindRequest" type="tns:UnbindRequest"/>
<xsd:element name="searchRequest" type="tns:SearchRequest"/>
<xsd:element name="searchResEntry"
type="tns:SearchResultEntry"/>
<xsd:element name="searchResDone" type="tns:SearchResultDone"/>
<xsd:element name="searchResRef"
type="tns:SearchResultReference"/>
<xsd:element name="modifyRequest" type="tns:ModifyRequest"/>
<xsd:element name="modifyResponse" type="tns:ModifyResponse"/>
<xsd:element name="addRequest" type="tns:AddRequest"/>
<xsd:element name="addResponse" type="tns:AddResponse"/>
<xsd:element name="delRequest" type="tns:DelRequest"/>
<xsd:element name="delResponse" type="tns:DelResponse"/>
<xsd:element name="modDNRequest" type="tns:ModifyDNRequest"/>
<xsd:element name="modDNResponse" type="tns:ModifyDNResponse"/>
<xsd:element name="compareRequest" type="tns:CompareRequest"/>
<xsd:element name="compareResponse"
type="tns:CompareResponse"/>
<xsd:element name="abandonRequest" type="tns:AbandonRequest"/>
<xsd:element name="extendedReq" type="tns:ExtendedRequest"/>
<xsd:element name="extendedResp" type="tns:ExtendedResponse"/>
</xsd:choice>
</xsd:complexType>
</xsd:element>
<xsd:element name="controls" type="tns:Controls" minOccurs="0"/>
</xsd:sequence>
</xsd:complexType>
<xsd:simpleType name="MessageID">
<xsd:restriction base="asn1:INTEGER"/>
</xsd:simpleType>
<xsd:simpleType name="LDAPString">
Legg & Prager Expires 27 April 2004 [Page 50]
INTERNET-DRAFT XED: Protocols October 27, 2003
<xsd:restriction base="asn1:UTF8String"/>
</xsd:simpleType>
<xsd:simpleType name="LDAPOID">
<xsd:restriction base="asn1:OBJECT-IDENTIFIER"/>
</xsd:simpleType>
<xsd:complexType name="LDAPDN">
<xsd:complexContent>
<xsd:extension base="if:DistinguishedName"/>
</xsd:complexContent>
</xsd:complexType>
<xsd:complexType name="RelativeLDAPDN">
<xsd:complexContent>
<xsd:extension base="if:RelativeDistinguishedName"/>
</xsd:complexContent>
</xsd:complexType>
<xsd:complexType name="AttributeDescription">
<xsd:sequence>
<xsd:element name="type" type="asn1:OBJECT-IDENTIFIER"/>
<xsd:element name="options" minOccurs="0">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="option" type="asn1:UTF8String"
maxOccurs="unbounded"/>
</xsd:sequence>
</xsd:complexType>
</xsd:element>
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="AttributeSelection">
<xsd:sequence>
<xsd:element name="item" type="tns:AttributeDescription"
minOccurs="0" maxOccurs="unbounded"/>
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="AttributeValueAssertion">
<xsd:sequence>
<xsd:element name="attributeDesc">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="type" type="asn1:OBJECT-IDENTIFIER"/>
<xsd:element name="options" minOccurs="0">
<xsd:complexType>
Legg & Prager Expires 27 April 2004 [Page 51]
INTERNET-DRAFT XED: Protocols October 27, 2003
<xsd:sequence>
<xsd:element name="option" type="asn1:UTF8String"
maxOccurs="unbounded"/>
</xsd:sequence>
</xsd:complexType>
</xsd:element>
</xsd:sequence>
</xsd:complexType>
</xsd:element>
<xsd:element name="assertionValue" type="xsd:anyType"/>
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="Attribute">
<xsd:sequence>
<xsd:element name="type">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="type" type="asn1:OBJECT-IDENTIFIER"/>
<xsd:element name="options" minOccurs="0">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="option" type="asn1:UTF8String"
maxOccurs="unbounded"/>
</xsd:sequence>
</xsd:complexType>
</xsd:element>
</xsd:sequence>
</xsd:complexType>
</xsd:element>
<xsd:element name="vals">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="item" type="xsd:anyType"
minOccurs="0" maxOccurs="unbounded"/>
</xsd:sequence>
</xsd:complexType>
</xsd:element>
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="LDAPResult">
<xsd:sequence>
<xsd:element name="resultCode">
<xsd:simpleType>
<xsd:restriction base="xsd:string">
<xsd:enumeration value="success"/>
<xsd:enumeration value="operationsError"/>
Legg & Prager Expires 27 April 2004 [Page 52]
INTERNET-DRAFT XED: Protocols October 27, 2003
<xsd:enumeration value="protocolError"/>
<xsd:enumeration value="timeLimitExceeded"/>
<xsd:enumeration value="sizeLimitExceeded"/>
<xsd:enumeration value="compareFalse"/>
<xsd:enumeration value="compareTrue"/>
<xsd:enumeration value="authMethodNotSupported"/>
<xsd:enumeration value="strongAuthRequired"/>
<xsd:enumeration value="referral"/>
<xsd:enumeration value="adminLimitExceeded"/>
<xsd:enumeration value="unavailableCriticalExtension"/>
<xsd:enumeration value="confidentialityRequired"/>
<xsd:enumeration value="saslBindInProgress"/>
<xsd:enumeration value="noSuchAttribute"/>
<xsd:enumeration value="undefinedAttributeType"/>
<xsd:enumeration value="inappropriateMatching"/>
<xsd:enumeration value="constraintViolation"/>
<xsd:enumeration value="attributeOrValueExists"/>
<xsd:enumeration value="invalidAttributeSyntax"/>
<xsd:enumeration value="noSuchObject"/>
<xsd:enumeration value="aliasProblem"/>
<xsd:enumeration value="invalidDNSyntax"/>
<xsd:enumeration value="aliasDereferencingProblem"/>
<xsd:enumeration value="inappropriateAuthentication"/>
<xsd:enumeration value="invalidCredentials"/>
<xsd:enumeration value="insufficientAccessRights"/>
<xsd:enumeration value="busy"/>
<xsd:enumeration value="unavailable"/>
<xsd:enumeration value="unwillingToPerform"/>
<xsd:enumeration value="loopDetect"/>
<xsd:enumeration value="namingViolation"/>
<xsd:enumeration value="objectClassViolation"/>
<xsd:enumeration value="notAllowedOnNonLeaf"/>
<xsd:enumeration value="notAllowedOnRDN"/>
<xsd:enumeration value="entryAlreadyExists"/>
<xsd:enumeration value="objectClassModsProhibited"/>
<xsd:enumeration value="affectsMultipleDSAs"/>
<xsd:enumeration value="other"/>
</xsd:restriction>
</xsd:simpleType>
</xsd:element>
<xsd:element name="matchedDN" type="tns:LDAPDN"/>
<xsd:element name="diagnosticMessage" type="tns:LDAPString"/>
<xsd:element name="referral" type="tns:Referral" minOccurs="0"/>
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="Referral">
<xsd:sequence>
Legg & Prager Expires 27 April 2004 [Page 53]
INTERNET-DRAFT XED: Protocols October 27, 2003
<xsd:element name="item" type="tns:URL"
minOccurs="0" maxOccurs="unbounded"/>
</xsd:sequence>
</xsd:complexType>
<xsd:simpleType name="URL">
<xsd:restriction base="tns:LDAPString"/>
</xsd:simpleType>
<xsd:complexType name="Controls">
<xsd:sequence>
<xsd:element name="item" type="tns:Control"
minOccurs="0" maxOccurs="unbounded"/>
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="Control">
<xsd:sequence>
<xsd:element name="controlType" type="asn1:OBJECT-IDENTIFIER"/>
<xsd:element name="criticality" type="asn1:BOOLEAN"
minOccurs="0"/>
<xsd:element name="controlValue" minOccurs="0">
<xsd:complexType>
<xsd:choice>
<xsd:element name="request" type="xsd:anyType"/>
<xsd:element name="response" type="xsd:anyType"/>
</xsd:choice>
</xsd:complexType>
</xsd:element>
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="BindRequest">
<xsd:sequence>
<xsd:element name="version" type="asn1:INTEGER"/>
<xsd:element name="name" type="tns:LDAPDN"/>
<xsd:element name="authentication"
type="tns:AuthenticationChoice"/>
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="AuthenticationChoice">
<xsd:choice>
<xsd:element name="simple" type="asn1:OCTET-STRING"/>
<xsd:element name="sasl" type="tns:SaslCredentials"/>
</xsd:choice>
</xsd:complexType>
Legg & Prager Expires 27 April 2004 [Page 54]
INTERNET-DRAFT XED: Protocols October 27, 2003
<xsd:complexType name="SaslCredentials">
<xsd:sequence>
<xsd:element name="mechanism" type="tns:LDAPString"/>
<xsd:element name="credentials" type="asn1:OCTET-STRING"
minOccurs="0"/>
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="BindResponse">
<xsd:sequence>
<xsd:element name="resultCode">
<xsd:simpleType>
<xsd:restriction base="xsd:string">
<xsd:enumeration value="success"/>
<xsd:enumeration value="operationsError"/>
<xsd:enumeration value="protocolError"/>
<xsd:enumeration value="timeLimitExceeded"/>
<xsd:enumeration value="sizeLimitExceeded"/>
<xsd:enumeration value="compareFalse"/>
<xsd:enumeration value="compareTrue"/>
<xsd:enumeration value="authMethodNotSupported"/>
<xsd:enumeration value="strongAuthRequired"/>
<xsd:enumeration value="referral"/>
<xsd:enumeration value="adminLimitExceeded"/>
<xsd:enumeration value="unavailableCriticalExtension"/>
<xsd:enumeration value="confidentialityRequired"/>
<xsd:enumeration value="saslBindInProgress"/>
<xsd:enumeration value="noSuchAttribute"/>
<xsd:enumeration value="undefinedAttributeType"/>
<xsd:enumeration value="inappropriateMatching"/>
<xsd:enumeration value="constraintViolation"/>
<xsd:enumeration value="attributeOrValueExists"/>
<xsd:enumeration value="invalidAttributeSyntax"/>
<xsd:enumeration value="noSuchObject"/>
<xsd:enumeration value="aliasProblem"/>
<xsd:enumeration value="invalidDNSyntax"/>
<xsd:enumeration value="aliasDereferencingProblem"/>
<xsd:enumeration value="inappropriateAuthentication"/>
<xsd:enumeration value="invalidCredentials"/>
<xsd:enumeration value="insufficientAccessRights"/>
<xsd:enumeration value="busy"/>
<xsd:enumeration value="unavailable"/>
<xsd:enumeration value="unwillingToPerform"/>
<xsd:enumeration value="loopDetect"/>
<xsd:enumeration value="namingViolation"/>
<xsd:enumeration value="objectClassViolation"/>
<xsd:enumeration value="notAllowedOnNonLeaf"/>
<xsd:enumeration value="notAllowedOnRDN"/>
Legg & Prager Expires 27 April 2004 [Page 55]
INTERNET-DRAFT XED: Protocols October 27, 2003
<xsd:enumeration value="entryAlreadyExists"/>
<xsd:enumeration value="objectClassModsProhibited"/>
<xsd:enumeration value="affectsMultipleDSAs"/>
<xsd:enumeration value="other"/>
</xsd:restriction>
</xsd:simpleType>
</xsd:element>
<xsd:element name="matchedDN" type="tns:LDAPDN"/>
<xsd:element name="diagnosticMessage" type="tns:LDAPString"/>
<xsd:element name="referral" type="tns:Referral" minOccurs="0"/>
<xsd:element name="serverSaslCreds" type="asn1:OCTET-STRING"
minOccurs="0"/>
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="UnbindRequest">
<xsd:complexContent>
<xsd:extension base="asn1:NULL"/>
</xsd:complexContent>
</xsd:complexType>
<xsd:complexType name="SearchRequest">
<xsd:sequence>
<xsd:element name="baseObject" type="tns:LDAPDN"/>
<xsd:element name="scope">
<xsd:simpleType>
<xsd:restriction base="xsd:string">
<xsd:enumeration value="baseObject"/>
<xsd:enumeration value="singleLevel"/>
<xsd:enumeration value="wholeSubtree"/>
</xsd:restriction>
</xsd:simpleType>
</xsd:element>
<xsd:element name="derefAliases">
<xsd:simpleType>
<xsd:restriction base="xsd:string">
<xsd:enumeration value="neverDerefAliases"/>
<xsd:enumeration value="derefInSearching"/>
<xsd:enumeration value="derefFindingBaseObj"/>
<xsd:enumeration value="derefAlways"/>
</xsd:restriction>
</xsd:simpleType>
</xsd:element>
<xsd:element name="sizeLimit" type="asn1:INTEGER"/>
<xsd:element name="timeLimit" type="asn1:INTEGER"/>
<xsd:element name="typesOnly" type="asn1:BOOLEAN"/>
<xsd:element name="filter" type="tns:Filter"/>
<xsd:element name="attributes" type="tns:AttributeSelection"/>
Legg & Prager Expires 27 April 2004 [Page 56]
INTERNET-DRAFT XED: Protocols October 27, 2003
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="Filter">
<xsd:choice>
<xsd:element name="and">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="item" type="tns:Filter"
maxOccurs="unbounded"/>
</xsd:sequence>
</xsd:complexType>
</xsd:element>
<xsd:element name="or">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="item" type="tns:Filter"
maxOccurs="unbounded"/>
</xsd:sequence>
</xsd:complexType>
</xsd:element>
<xsd:element name="not" type="tns:Filter"/>
<xsd:element name="equalityMatch"
type="tns:AttributeValueAssertion"/>
<xsd:element name="substrings" type="tns:SubstringFilter"/>
<xsd:element name="greaterOrEqual"
type="tns:AttributeValueAssertion"/>
<xsd:element name="lessOrEqual"
type="tns:AttributeValueAssertion"/>
<xsd:element name="present" type="tns:AttributeDescription"/>
<xsd:element name="approxMatch"
type="tns:AttributeValueAssertion"/>
<xsd:element name="extensibleMatch"
type="tns:MatchingRuleAssertion"/>
</xsd:choice>
</xsd:complexType>
<xsd:complexType name="SubstringFilter">
<xsd:sequence>
<xsd:element name="type">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="type" type="asn1:OBJECT-IDENTIFIER"/>
<xsd:element name="options" minOccurs="0">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="option" type="asn1:UTF8String"
maxOccurs="unbounded"/>
Legg & Prager Expires 27 April 2004 [Page 57]
INTERNET-DRAFT XED: Protocols October 27, 2003
</xsd:sequence>
</xsd:complexType>
</xsd:element>
</xsd:sequence>
</xsd:complexType>
</xsd:element>
<xsd:element name="substrings">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="item" minOccurs="0" maxOccurs="unbounded">
<xsd:complexType>
<xsd:choice>
<xsd:element name="initial" type="xsd:anyType"/>
<xsd:element name="any" type="xsd:anyType"/>
<xsd:element name="final" type="xsd:anyType"/>
</xsd:choice>
</xsd:complexType>
</xsd:element>
</xsd:sequence>
</xsd:complexType>
</xsd:element>
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="MatchingRuleAssertion">
<xsd:sequence>
<xsd:element name="matchingRule" type="asn1:OBJECT-IDENTIFIER"
minOccurs="0"/>
<xsd:element name="type" type="tns:AttributeDescription"
minOccurs="0"/>
<xsd:element name="matchValue" type="xsd:anyType"/>
<xsd:element name="dnAttributes" type="asn1:BOOLEAN"
minOccurs="0"/>
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="SearchResultEntry">
<xsd:sequence>
<xsd:element name="objectName" type="tns:LDAPDN"/>
<xsd:element name="attributes" type="tns:PartialAttributeList"/>
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="PartialAttributeList">
<xsd:sequence>
<xsd:element name="item" minOccurs="0" maxOccurs="unbounded">
<xsd:complexType>
<xsd:sequence>
Legg & Prager Expires 27 April 2004 [Page 58]
INTERNET-DRAFT XED: Protocols October 27, 2003
<xsd:element name="type">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="type" type="asn1:OBJECT-IDENTIFIER"/>
<xsd:element name="options" minOccurs="0">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="option" type="asn1:UTF8String"
maxOccurs="unbounded"/>
</xsd:sequence>
</xsd:complexType>
</xsd:element>
</xsd:sequence>
</xsd:complexType>
</xsd:element>
<xsd:element name="vals">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="item" type="xsd:anyType"
minOccurs="0" maxOccurs="unbounded"/>
</xsd:sequence>
</xsd:complexType>
</xsd:element>
</xsd:sequence>
</xsd:complexType>
</xsd:element>
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="SearchResultReference">
<xsd:sequence>
<xsd:element name="item" type="tns:URL"
minOccurs="0" maxOccurs="unbounded"/>
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="SearchResultDone">
<xsd:complexContent>
<xsd:extension base="tns:LDAPResult"/>
</xsd:complexContent>
</xsd:complexType>
<xsd:complexType name="ModifyRequest">
<xsd:sequence>
<xsd:element name="object" type="tns:LDAPDN"/>
<xsd:element name="modification">
<xsd:complexType>
<xsd:sequence>
Legg & Prager Expires 27 April 2004 [Page 59]
INTERNET-DRAFT XED: Protocols October 27, 2003
<xsd:element name="item" minOccurs="0" maxOccurs="unbounded">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="operation">
<xsd:simpleType>
<xsd:restriction base="xsd:string">
<xsd:enumeration value="add"/>
<xsd:enumeration value="delete"/>
<xsd:enumeration value="replace"/>
</xsd:restriction>
</xsd:simpleType>
</xsd:element>
<xsd:element name="modification" type="tns:Attribute"/>
</xsd:sequence>
</xsd:complexType>
</xsd:element>
</xsd:sequence>
</xsd:complexType>
</xsd:element>
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="ModifyResponse">
<xsd:complexContent>
<xsd:extension base="tns:LDAPResult"/>
</xsd:complexContent>
</xsd:complexType>
<xsd:complexType name="AddRequest">
<xsd:sequence>
<xsd:element name="entry" type="tns:LDAPDN"/>
<xsd:element name="attributes" type="tns:AttributeList"/>
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="AttributeList">
<xsd:sequence>
<xsd:element name="item" minOccurs="0" maxOccurs="unbounded">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="type">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="type" type="asn1:OBJECT-IDENTIFIER"/>
<xsd:element name="options" minOccurs="0">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="option" type="asn1:UTF8String"
Legg & Prager Expires 27 April 2004 [Page 60]
INTERNET-DRAFT XED: Protocols October 27, 2003
maxOccurs="unbounded"/>
</xsd:sequence>
</xsd:complexType>
</xsd:element>
</xsd:sequence>
</xsd:complexType>
</xsd:element>
<xsd:element name="vals">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="item" type="xsd:anyType"
minOccurs="0" maxOccurs="unbounded"/>
</xsd:sequence>
</xsd:complexType>
</xsd:element>
</xsd:sequence>
</xsd:complexType>
</xsd:element>
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="AddResponse">
<xsd:complexContent>
<xsd:extension base="tns:LDAPResult"/>
</xsd:complexContent>
</xsd:complexType>
<xsd:complexType name="DelRequest">
<xsd:complexContent>
<xsd:extension base="tns:LDAPDN"/>
</xsd:complexContent>
</xsd:complexType>
<xsd:complexType name="DelResponse">
<xsd:complexContent>
<xsd:extension base="tns:LDAPResult"/>
</xsd:complexContent>
</xsd:complexType>
<xsd:complexType name="ModifyDNRequest">
<xsd:sequence>
<xsd:element name="entry" type="tns:LDAPDN"/>
<xsd:element name="newrdn" type="tns:RelativeLDAPDN"/>
<xsd:element name="deleteoldrdn" type="asn1:BOOLEAN"/>
<xsd:element name="newSuperior" type="tns:LDAPDN" minOccurs="0"/>
</xsd:sequence>
</xsd:complexType>
Legg & Prager Expires 27 April 2004 [Page 61]
INTERNET-DRAFT XED: Protocols October 27, 2003
<xsd:complexType name="ModifyDNResponse">
<xsd:complexContent>
<xsd:extension base="tns:LDAPResult"/>
</xsd:complexContent>
</xsd:complexType>
<xsd:complexType name="CompareRequest">
<xsd:sequence>
<xsd:element name="entry" type="tns:LDAPDN"/>
<xsd:element name="ava" type="tns:AttributeValueAssertion"/>
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="CompareResponse">
<xsd:complexContent>
<xsd:extension base="tns:LDAPResult"/>
</xsd:complexContent>
</xsd:complexType>
<xsd:simpleType name="AbandonRequest">
<xsd:restriction base="tns:MessageID"/>
</xsd:simpleType>
<xsd:complexType name="ExtendedRequest">
<xsd:sequence>
<xsd:element name="requestName" type="asn1:OBJECT-IDENTIFIER"/>
<xsd:element name="requestValue" type="xsd:anyType"
minOccurs="0"/>
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="ExtendedResponse">
<xsd:sequence>
<xsd:element name="resultCode">
<xsd:simpleType>
<xsd:restriction base="xsd:string">
<xsd:enumeration value="success"/>
<xsd:enumeration value="operationsError"/>
<xsd:enumeration value="protocolError"/>
<xsd:enumeration value="timeLimitExceeded"/>
<xsd:enumeration value="sizeLimitExceeded"/>
<xsd:enumeration value="compareFalse"/>
<xsd:enumeration value="compareTrue"/>
<xsd:enumeration value="authMethodNotSupported"/>
<xsd:enumeration value="strongAuthRequired"/>
<xsd:enumeration value="referral"/>
<xsd:enumeration value="adminLimitExceeded"/>
<xsd:enumeration value="unavailableCriticalExtension"/>
Legg & Prager Expires 27 April 2004 [Page 62]
INTERNET-DRAFT XED: Protocols October 27, 2003
<xsd:enumeration value="confidentialityRequired"/>
<xsd:enumeration value="saslBindInProgress"/>
<xsd:enumeration value="noSuchAttribute"/>
<xsd:enumeration value="undefinedAttributeType"/>
<xsd:enumeration value="inappropriateMatching"/>
<xsd:enumeration value="constraintViolation"/>
<xsd:enumeration value="attributeOrValueExists"/>
<xsd:enumeration value="invalidAttributeSyntax"/>
<xsd:enumeration value="noSuchObject"/>
<xsd:enumeration value="aliasProblem"/>
<xsd:enumeration value="invalidDNSyntax"/>
<xsd:enumeration value="aliasDereferencingProblem"/>
<xsd:enumeration value="inappropriateAuthentication"/>
<xsd:enumeration value="invalidCredentials"/>
<xsd:enumeration value="insufficientAccessRights"/>
<xsd:enumeration value="busy"/>
<xsd:enumeration value="unavailable"/>
<xsd:enumeration value="unwillingToPerform"/>
<xsd:enumeration value="loopDetect"/>
<xsd:enumeration value="namingViolation"/>
<xsd:enumeration value="objectClassViolation"/>
<xsd:enumeration value="notAllowedOnNonLeaf"/>
<xsd:enumeration value="notAllowedOnRDN"/>
<xsd:enumeration value="entryAlreadyExists"/>
<xsd:enumeration value="objectClassModsProhibited"/>
<xsd:enumeration value="affectsMultipleDSAs"/>
<xsd:enumeration value="other"/>
</xsd:restriction>
</xsd:simpleType>
</xsd:element>
<xsd:element name="matchedDN" type="tns:LDAPDN"/>
<xsd:element name="diagnosticMessage" type="tns:LDAPString"/>
<xsd:element name="referral" type="tns:Referral" minOccurs="0"/>
<xsd:element name="responseName" type="asn1:OBJECT-IDENTIFIER"
minOccurs="0"/>
<xsd:element name="responseValue" type="xsd:anyType"
minOccurs="0"/>
</xsd:sequence>
</xsd:complexType>
</xsd:schema>
Appendix E. RELAX NG Grammar for Uniform LDAP
This appendix contains a compatible RELAX NG grammar [CRNG]
translation of the XED-Uniform-LDAP module. The RELAX NG translation
of the XED-LDAP-Extensibility module contains no RELAX NG
definitions.
Legg & Prager Expires 27 April 2004 [Page 63]
INTERNET-DRAFT XED: Protocols October 27, 2003
This appendix is non-normative.
To be supplied.
Full Copyright Statement
Copyright (C) The Internet Society (2003). All Rights Reserved.
This document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain it
or assist in its implementation may be prepared, copied, published
and distributed, in whole or in part, without restriction of any
kind, provided that the above copyright notice and this paragraph are
included on all such copies and derivative works. However, this
document itself may not be modified in any way, such as by removing
the copyright notice or references to the Internet Society or other
Internet organizations, except as needed for the purpose of
developing Internet standards in which case the procedures for
copyrights defined in the Internet Standards process must be
followed, or as required to translate it into languages other than
English.
The limited permissions granted above are perpetual and will not be
revoked by the Internet Society or its successors or assignees.
This document and the information contained herein is provided on an
"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Changes in Draft 01
A simple TCP/IP transport for XLDAP has been defined. The new
transport uses the TCP/IP framing of IDM and is functionally
equivalent to the way LDAP is mapped to TCP/IP.
A section comparing XLDAP to DSMLv2 has been added.
The ASN.1, ASN.1 Schema and XML Schema in the appendices has been
revised to take account of the latest draft for the LDAP protocol
(draft-ietf-ldapbis-protocol-17.txt).
Legg & Prager Expires 27 April 2004 [Page 64]
| PAFTECH AB 2003-2026 | 2026-04-24 05:43:31 |