home *** CD-ROM | disk | FTP | other *** search
-
- k) outOfScope: No referrals were available within the requested scope;
- l) ditError: The Directory is unable to accomplish the request due to a DIT consistency problem.
-
- 12.9 Update Error
-
- 12.9.1 An UpdateError reports problems related to attempts to add, delete, or modify information in the DIB.
- UpdateError ::= ABSTRACT-ERROR
- PARAMETER SET {
- problem [0] UpdateProblem }
- UpdateProblem ::= INTEGER {
- namingViolation (1),
- objectClassViolation (2),
- notAllowedOnNonLeaf (3),
- notAllowedOnRDN (4),
- entryAlreadyExists (5),
- affectsMultipleDSAs (6),
- objectClassModificationProhibited (7) }
- 12.9.2 The error has a single problem parameter, which reports the particular problem encountered. The following
- problems may be indicated:
- a) namingViolation: The attempted addition or modification would violate the structure rules of the DIT as
- defined in the Directory schema and Recommendation X.501. That is, it would place an entry as the
- subordinate of an alias entry, or in a region of the DIT not permitted to a member of its object class or
- would define an RDN for an entry to include a forbidden attribute type;
- b) objectClassViolation: The attempted update would produce an entry inconsistent with the definition provided
- by its object class or with the definitions of Recommendation X.501 as they pertain to object classes;
- c) notAllowedOnNonLeaf: The attempted operation is only allowed on leaf entries of the DIT;
- d) notAllowedOnRDN: The attempted operation would affect the RDN (e.g. removal of an attribute which is a
- part of the RDN);
- e) entryAlreadyExists: An attempted AddEntry operation names an entry which already exists;
- f) affectsMultipleDSAs: An attempted update would need to operate on multiple DSAs, which is not permitted;
- g) objectClassModificationProhibited: An operation attempted to modify the object class attribute.
- Note - The UpdateError is not used to report problems with attribute types, values or constraint violations
- encountered in an AddEntry, RemoveEntry, ModifyEntry or ModifyRDN operation. Such problems are reported via an
- AttributeError.
-
-
-
-
-
- ANNEX A
-
- (to Recommendation X.511)
-
-
- Abstract service in ASN.1
-
-
- This Annex is part of the standard.
-
- This Annex includes all of the ASN.1 type, value and macro definitions contained in this Recommendation in the
- form of the ASN.1 module DirectoryAbstractService.
-
- DirectoryAbstractService {joint-ISO-CCITT ds(5) modules(1) directoryAbstractService(2)}
- DEFINITIONS ::=
- BEGIN
- EXPORTS
-
-
-
- Fascicle VIII.8 - Rec. X.511 1
-
-
-
- directory, readPort, searchPort, modifyPort,
- DirectoryBind, DirectoryBindArgument,
- DirectoryUnbind,
- Read, ReadArgument, ReadResult,
- Abandon, AbandonArgument, AbandonResult,
- Compare, CompareArgument, CompareResult,
- List, ListArgument, ListResult,
- Search, SearchArgument, SearchResult,
- AddEntry, AddEntryArgument, AddEntryResult,
- RemoveEntry, RemoveEntryArgument, RemoveEntryResult,
- ModifyEntry, ModifyEntryArgument, ModifyEntryResult,
- ModifyRDN, ModifyRDNArgument, ModifyRDNResult,
- Abandoned, AbandonFailed, AttributeError, NameError,
- Referral, SecurityError, ServiceError, UpdateError,
- SecurityParameters;
- IMPORTS
- informationFramework, authenticationFramework,
- distributedOperations, directoryObjectIdentifiers
- FROM UsefulDefinitions {joint-iso-ccitt ds(5) modules(1)
- usefulDefinitions(0)}
- OBJECT, PORT, ABSTRACT-BIND, ABSTRACT-UNBIND,
- ABSTRACT-OPERATION, ABSTRACT-ERROR
- FROM AbstractServiceNotation {joint-iso-ccitt mhs-motis(6)
- asdc(2) modules(0) notation(1) }
- Attribute, AttributeType, AttributeValue, AttributeValueAssertion,
- DistinguishedName, Name, RelativeDistinguishedName
- FROM InformationFramework InformationFramework
- id-ot-directory, id-ot-dua, id-pt-read, id-pt-search, id-pt-modify
- FROM DirectoryObjectIdentifiers directoryObjectIdentifiers
- ContinuationReference, OperationProgress
- FROM DistributedOperations distributedOperations
- Certificate, CertificationPath, SIGNED,
- PROTECTED, AlgorithmIdentifier
- FROM AuthenticationFramework authenticationFramework
- InvokeID,
- FROM Remote-Operations-Notation {joint-iso-ccitt
- remoteOperations(4) notation(0)};
-
- -- macro for representing optional signing --
- OPTIONALLY-SIGNED MACRO ::=
- BEGIN
- TYPE NOTATION ::= type (Type)
- VALUE NOTATION ::= value (VALUE CHOICE { Type, SIGNED Type})
- END
-
- -- objects and ports --
-
- directory
- OBJECT
- PORTS { readPort [S].
- searchPort [S],
- modifyPort [S]}
- ::= id-ot-directory
- dua OBJECT
- PORTS { readPort [C],
- searchPort [C]
-
-
-
-
- 2 Fascicle VIII.8 - Rec. X.511
-
- modifyPort [C]}
- ::= id-ot-dua
- readPort
- PORT
- CONSUMER INVOKES {
- Read, Compare, Abandon}
- ::= id-pt-read
- searchPort
- PORT
- CONSUMER INVOKES {
- List, Search }
- ::= id-pt-search
- modifyPort
- PORT
- CONSUMER INVOKES {
- AddEntry, RemoveEntry,
- ModifyEntry, ModifyRDN}
- ::= id-pt-modify
-
- -- bind and unbind --
-
- DirectoryBind ::=ABSTRACT-BIND
- TO { readPort, searchPort, modifyPort }
- BIND
- ARGUMENT DirectoryBindArgument
- RESULT DirectoryBindResult
- BIND-ERROR DirectoryBindError
- DirectoryBindArgument ::= SET {
- credentials[0] Credentials OPTIONAL,
- versions [1] Versions DEFAULT v1988}
- Credentials ::=CHOICE {
- simple [0] SimpleCredentials,
- strong [1] StrongCredentials,
- externalProcedure [2] EXTERNAL }
- SimpleCredentials ::= SEQUENCE {
- name [0] DistinguishedName,
- validity [1] SET {
- time1 [0] UTCTime OPTIONAL,
- time2 [1] UTCTime OPTIONAL,
- random1 [2] BIT STRING OPTIONAL,
- random2 [3] BIT STRING OPTIONAL }
- OPTIONAL,
- password [2] OCTET STRING OPTIONAL }
- StrongCredentials ::= SET {
- certification-path[0] CertificationPath OPTIONAL,
- bind-token [1] Token }
- Token ::= SIGNED SEQUENCE {
- algorithm[0]AlgorithmIdentifier
- name [1] DistinguishedName,
- time [2] UTCTime,
- random [3] BIT STRING }
- Versions ::= BIT STRING (v1988(0)}
- DirectoryBindResult ::= DirectoryBindArgument
- DirectoryBindError ::= SET {
- versions [0] Versions DEFAULT v1988,
- CHOICE {
-
-
-
- Fascicle VIII.8 - Rec. X.511 3
-
-
-
- serviceError[1]ServiceProblem,
- securityError[2]SecurityProblem }}
- DirectoryUnbind ::= ABSTRACT-UNBIND
- FROM {readPort, searchPort, modifyPort }
-
- -- operations, arguments, and results --
-
- Read ::= ABSTRACT-OPERATION
- ARGUMENT ReadArgument
- RESULT ReadResult
- ERRORS {
- AttributeError, NameError,
- ServiceError, Referral, Abandoned,
- SecurityError }
- ReadArgument ::= OPTIONALLY-SIGNED SET {
- object [0] Name,
- selection[1] EntryInformationSelection
- DEFAULT {},
- COMPONENTS OF CommonArguments }
- ReadResult ::= OPTIONALLY-SIGNED SET {
- entry [0] EntryInformation,
- COMPONENTS OF CommonResults }
- Compare ::= ABSTRACT-OPERATION
- ARGUMENT CompareArgument
- RESULT CompareResult
- ERRORS {
- AttributeError, NameError,
- ServiceError, Referral, Abandoned,
- SecurityError }
- CompareArgument ::= OPTIONALLY-SIGNED SET {
- object [0] Name,
- purported[1] AttributeValueAssertion,
- COMPONENTS OF CommonArguments }
- CompareResult ::= OPTIONALLY-SIGNED SET {
- DistinguishedName OPTIONAL,
- matched [0] BOOLEAN,
- fromEntry [1] BOOLEAN DEFAULT TRUE,
- COMPONENTS OF CommonResults }
- Abandon ::= ABSTRACT-OPERATION
- ARGUMENT AbandonArgument
- RESULT AbandonResult
- ERRORS {AbandonFailed}
- AbandonArgument ::= SEQUENCE {
- InvokeID [0] InvokeID}
- AbandonResult ::=NULL
- List ::= ABSTRACT-OPERATION
- ARGUMENT ListArgument
- RESULT ListResult
- ERRORS {
- AttributeError, NameError,
- ServiceError, Referral, Abandoned,
- SecurityError }
- ListArgument ::= OPTIONALLY-SIGNED SET {
- object [0] Name,
- COMPONENTS OF CommonArguments }
- ListResult ::= OPTIONALLY-SIGNED CHOICE{
- listInfo SET {
-
-
-
- 4 Fascicle VIII.8 - Rec. X.511
-
- DistinguishedName OPTIONAL
- subordinates [1] SET OF SEQUENCE {
- RelativeDistinguishedName,
- aliasEntry[0] BOOLEAN DEFAULT FALSE,
- fromEntry[1] BOOLEAN DEFAULT TRUE },
- partialOutcomeQualifier [2] PartialOutcomeQualifier
- OPTIONAL,
- COMPONENTS OF CommonResults},
- uncorrelatedListInfo [0] SET OF
- ListResult }
- PartialOutcomeQualifier ::= SET {
- limitProblem[0] LimitProblem OPTIONAL,
- unexplored[1] SET OF
- ContinuationReference OPTIONAL,
- unavailableCriticalExtensions [2] BOOLEAN DEFAULT FALSE }
- LimitProblem ::= INTEGER {
- timeLimitExceeded(0),
- sizeLimitExceeded(1),
- administrativeLimitExceeded (2) }
- Search ::= ABSTRACT-OPERATION
- ARGUMENT SearchArgument
- RESULT SearchResult
- ERRORS {
- AttributeError, NameError,
- ServiceError, Referral, Abandoned,
- SecurityError }
- SearchArgument ::=OPTIONALLY-SIGNED SET {
- baseObject[0] Name,
- subset [1] INTEGER {
- baseObject(0),
- oneLevel(1),
- wholeSubtree(2)} DEFAULT baseObject,
- filter [2] Filter DEFAULT and {},
- searchAliases [3] BOOLEAN DEFAULT TRUE,
- selection[4] EntryInformationSelection DEFAULT {},
- COMPONENTS OF CommonArguments }
- SearchResult ::=OPTIONALLY-SIGNED
- CHOICE {
- searchInfo SET {
- DistinguishedName OPTIONAL,
- entries [0] SET OF EntryInformation,
- partialOutcomeQualifier
- [2] partialOutcomeQualifier OPTIONAL,
- COMPONENTS OF CommonResults },
- uncorrelatedSearchInfo [0] SET OF
- SearchResult }
- AddEntry ::= ABSTRACT-OPERATION
- ARGUMENT AddEntryArgument
- RESULT AddEntryResult
- ERRORS {
- AttributeError, NameError,
- ServiceError, Referral, SecurityError
- UpdateError }
- AddEntryArgument ::= OPTIONALLY-SIGNED SET {
- object [0] DistinguishedName,
- entry [1] SET OF Attribute,
- COMPONENTS OF CommonArguments}
- AddEntryResult ::=NULL
-
-
-
- Fascicle VIII.8 - Rec. X.511 5
-
-
-
- RemoveEntry ::= ABSTRACT-OPERATION
- ARGUMENT RemoveEntryArgument
- RESULT RemoveEntryResult
- ERRORS {
- NameError,
- ServiceError, Referral, SecurityError,
- UpdateError}
- RemoveEntryArgument ::= OPTIONALLY-SIGNED SET {
- object [0] DistinguishedName,
- COMPONENTS OF CommonArguments }
- RemoveEntryResult ::= NULL
- ModifyEntry ::= ABSTRACT-OPERATION
- ARGUMENT ModifyEntryArgument
- RESULT ModifyEntryResult
- ERRORS {
- AttributeError, NameError,
- ServiceError, Referral, SecurityError,
- UpdateError}
- ModifyEntryArgument ::= OPTIONALLY-SIGNED SET {
- object [0]DistinguishedName,
- changes[1]SEQUENCE OF EntryModification,
- COMPONENTS OF CommonArguments }
- ModifyEntryResult ::= NULL
- EntryModification ::= CHOICE {
- addAttribute [0]Attribute,
- removeAttribute[1]AttributeType,
- addValues [2]Attribute,
- removeValues [3] Attribute}
- ModifyRDN ::= ABSTRACT-OPERATION
- ARGUMENT ModifyRDNArgument
- RESULT ModifyRDNResult
- ERRORS {
- NameError,
- ServiceError, Referral, SecurityError,
- UpdateError }
- ModifyRDNArgument ::= OPTIONALLY-SIGNED SET {
- object [0] DistinguishedName,
- newRDN [1] RelativeDistinguishedName,
- deleteoldRDN [2] BOOLEAN DEFAULT FALSE,
- COMPONENTS OF CommonArguments }
- ModifyRDNResult ::= NULL
-
- -- errors and parameters --
-
- Abandoned ::= ABSTRACT-ERROR -- not literally an "error"
- AbandonFailed ::= ABSTRACT-ERROR
- PARAMETER SET {
- problem [0] AbandonProblem,
- operation [1] InvokeID}
- AbandonProblem ::= INTEGER {
- noSuchOperation (1),
- tooLate (2),
- cannotAbandon (3)}
- AttributeError ::=ABSTRACT-ERROR
- PARAMETER SET {
- object[0] Name,
-
-
-
- 6 Fascicle VIII.8 - Rec. X.511
-
- problems [1] SET OF SEQUENCE {
- problem [0] AttributeProblem,
- type [1] AttributeType,
- value [2] AttributeValue OPTIONAL }}
- AttributeProblem ::=
- INTEGER {
- noSuchAttributeOrValue (1),
- invalidAttributeSyntax (2),
- undefinedAttributeType (3),
- inappropriateMatching (4),
- constraintViolation (5),
- attributeOrValueAlreadyExists (6) }
-
- NameError ::= ABSTRACT-ERROR
- PARAMETER SET {
- problem [0] NameProblem,
- matched [1] Name}
- NameProblem ::=INTEGER {
- noSuchObject (1),
- aliasProblem (2),
- invalidAttributeSyntax (3),
- aliasDereferencingProblem (4)}
-
- Referral ::= ABSTRACT-ERROR -- not literally an "error"
- PARAMETER SET {
- candidate [0] ContinuationReference}
-
- SecurityError ::=ABSTRACT-ERROR
- PARAMETER SET {
- problem [0] SecurityProblem }
- SecurityProblem ::= INTEGER {
- inappropriateAuthentication (1),
- invalidCredentials (2),
- insufficientAccessRights (3),
- invalidSignature (4),
- protectionRequired (5),
- noInformation (6) }
-
- ServiceError ::= ABSTRACT-ERROR
- PARAMETER SET {
- problem [0] ServiceProblem }
-
- ServiceProblem ::=INTEGER {
- busy (1),
- unavailable (2),
- unwillingToPerform (3),
- chainingRequired (4),
- unableToProceed (5),
- invalidReference (6),
- timeLimitExceeded (7),
- administrativeLimitExceeded (8),
- loopDetected (9),
- unavailableCriticalExtension (10),
- outOfScope (11),
- ditError (12) }
-
- UpdateError ::= ABSTRACT-ERROR
- PARAMETER SET {
- problem [0] UpdateProblem }
- UpdateProblem ::= INTEGER {
- namingViolation (1),
-
-
-
- Fascicle VIII.8 - Rec. X.511 7
-
-
-
- objectClassViolation (2),
- notAllowedOnNonLeaf (3),
- notAllowedOnRDN (4),
- entryAlreadyExists (5),
- affectsMultipleDSAs (6),
- objectClassModificationProhibited (7)}
-
- -- common arguments/results --
-
- CommonArguments ::= SET {
- [30] ServiceControls DEFAULT {}
- [29] SecurityParameters DEFAULT {},
- requestor [28] DistinguishedName OPTIONAL,
- [27] OperationProgress DEFAULT notStarted,
- aliasedRDNs [26] INTEGER OPTIONAL,
- extensions [25] SET OF Extension OPTIONAL }
- Extension ::=SET {
- identifier[0] INTEGER,
- critical [1] BOOLEAN DEFAULT FALSE,
- item [2] ANY DEFINED BY identifier }
- CommonResults ::=SET {
- [30]SecurityParameters OPTIONAL,
- performer [29] DistinguishedName OPTIONAL,
- aliasDereferenced [28] BOOLEAN DEFAULT FALSE}
-
- -- common data types --
-
- ServiceControls ::= SET {
- options [0]BIT STRING {
- preferChaining (0),
- chainingProhibited (1),
- localScope (2),
- dontUseCopy (3),
- dontDereferenceAliases(4)}
- DEFAULT{},
- priority [1] INTEGER {
- low (0),
- medium (1),
- high (2) } DEFAULT medium,
- timeLimit [2]INTEGER OPTIONAL,
- sizeLimit [3]INTEGER OPTIONAL,
- scopeOfReferral [4]INTEGER {
- dmd(0), country(1)}
- OPTIONAL }
- EntryInformationSelection ::= SET {
- attributeTypes
- CHOICE {
- allAttributes [0] NULL,
- select [1] SET OF AttributeType
- -- empty set implies no attributes
- -- are requested --}
- DEFAULT allAttributes NULL,
- infoTypes [2] INTEGER {
- attributeTypesOnly (0),
- attributeTypesAndValues (1) } DEFAULT
- attributeTypesandValues }
- EntryInformation ::= SEQUENCE {
- DistinguishedName,
-
-
-
- 8 Fascicle VIII.8 - Rec. X.511
-
- fromEntry BOOLEAN DEFAULT TRUE,
- SET OF CHOICE {
- AttributeType,
- Attribute} OPTIONAL }
- Filter ::=CHOICE {
- item[0]FilterItem,
- and [1]SET OF Filter,
- or [2]SET OF Filter,
- not [3]Filter }
- FilterItem::= CHOICE {
- equality [0] AttributeValueAssertion,
- substrings[1] SEQUENCE {
- type AttributeType,
- stringsSEQUENCE OF CHOICE {
- initial[0]AttributeValue,
- any [1] AttributeValue,
- final [2] AttributeValue}},
- greaterOrEqual [2]AttributeValueAssertion,
- lessOrEqual[3] AttributeValueAssertion,
- present [4] AttributeType,
- approximateMatch [5] AttributeValueAssertion }
- SecurityParameters ::= SET {
- certification-Path [0] CertificationPath OPTIONAL,
- name [1]DistinguishedName OPTIONAL,
- time [2]UTCTime OPTIONAL,
- random [3]BIT STRING OPTIONAL,
- target [4]ProtectionRequest OPTIONAL }
- ProtectionRequest ::= INTEGER {
- none(0),
- signed (1)}
-
-
-
-
-
- ANNEX B
-
- (to Recommendation X.511)
-
- Directory object identifiers
-
-
- This Annex is part of the standard.
-
- This Annex includes all of the ASN.1 object identifiers contained in this Recommendation in the form of the ASN.1
- module "DirectoryObjectIdentifiers".
-
-
- DirectoryObjectIdentifiers {joint-ISO-CCITT ds(5) modules(1)
- directoryObjectIdentifiers(9)}
- DEFINITIONS ::=
- BEGIN
- EXPORTS
- id-ot-directory, id-ot-dua, id-pt-read, id-pt-search, id-pt-modify;
- IMPORTS
- id-ot, id-pt
- FROM UsefulDefinitions {joint-iso-ccitt ds(5) modules(1),
- usefulDefinitions(0)};
-
-
-
- Fascicle VIII.8 - Rec. X.511 9
-
-
-
- -- Objects --
-
- id-ot-directoryOBJECT IDENTIFIER ::= {id-ot 1}
-
- id-ot-dua OBJECT IDENTIFIER ::= {id-ot 2}
-
- -- Port Types --
-
- id-pt-read OBJECT IDENTIFIER ::= {id-pt 1}
-
- id-pt-search OBJECT IDENTIFIER ::= {id-pt 2}
-
- id-pt-modify OBJECT IDENTIFIER ::= {id-pt 3}
-
- END
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- 10 Fascicle VIII.8 - Rec. X.518
-
-
