Fix tshark doc (ip.src==1.2.3.4) is not a valid filter for ICMPv6 trafic ;)

[obnox/wireshark/wip.git] / asn1 / dap / dap.asn

-- Module DirectoryAbstractService (X.511:08/2005)
DirectoryAbstractService {joint-iso-itu-t ds(5) module(1)
  directoryAbstractService(2) 4} DEFINITIONS ::=
BEGIN

-- EXPORTS All 
-- The types and values defined in this module are exported for use in the other ASN.1 modules contained 
-- within the Directory Specifications, and for the use of other applications which will use them to access 
-- Directory services. Other applications may use them for their own purposes, but this will not constrain
-- extensions and modifications needed to maintain or improve the Directory service.
IMPORTS
  -- from ITU-T Rec. X.501 | ISO/IEC 9594-2
  attributeCertificateDefinitions, authenticationFramework, basicAccessControl,
    dap, directoryShadowAbstractService, distributedOperations,
    enhancedSecurity, id-at, informationFramework, selectedAttributeTypes,
    serviceAdministration, upperBounds
    FROM UsefulDefinitions {joint-iso-itu-t ds(5) module(1)
      usefulDefinitions(0) 4}
  Attribute, ATTRIBUTE, AttributeType, AttributeTypeAssertion, AttributeValue,
    AttributeValueAssertion, CONTEXT, ContextAssertion, DistinguishedName, RDNSequence,
    MATCHING-RULE, -- Name,-- OBJECT-CLASS, RelativeDistinguishedName,
    SupportedAttributes, SupportedContexts
    FROM InformationFramework {joint-iso-itu-t ds(5) module(1)
      informationFramework(1) 4}
  RelaxationPolicy
    FROM ServiceAdministration {joint-iso-itu-t ds(5) module(1)
      serviceAdministration(33) 4}
  AttributeTypeAndValue
    FROM BasicAccessControl {joint-iso-itu-t ds(5) module(1)
      basicAccessControl(24) 4}
  OPTIONALLY-PROTECTED{}, OPTIONALLY-PROTECTED-SEQ{}
    FROM EnhancedSecurity {joint-iso-itu-t ds(5) module(1) enhancedSecurity(28)
      4}
  -- from ITU-T Rec. X.518 | ISO/IEC 9594-4
  AccessPoint, ContinuationReference, Exclusions, OperationProgress,
    ReferenceType
    FROM DistributedOperations {joint-iso-itu-t ds(5) module(1)
      distributedOperations(3) 4}
  -- from ITU-T Rec. X.519 | ISO/IEC 9594-5
  id-errcode-abandoned, id-errcode-abandonFailed, id-errcode-attributeError,
    id-errcode-nameError, id-errcode-referral, id-errcode-securityError,
    id-errcode-serviceError, id-errcode-updateError, id-opcode-abandon,
    id-opcode-addEntry, id-opcode-compare, id-opcode-list, id-opcode-modifyDN,
    id-opcode-modifyEntry, id-opcode-read, id-opcode-removeEntry,
    id-opcode-search
    FROM DirectoryAccessProtocol {joint-iso-itu-t ds(5) module(1) dap(11) 4}
  -- from ITU-T Rec. X.520 | ISO/IEC 9594-6
  DirectoryString
    FROM SelectedAttributeTypes {joint-iso-itu-t ds(5) module(1)
      selectedAttributeTypes(5) 4}
  ub-domainLocalID
    FROM UpperBounds {joint-iso-itu-t ds(5) module(1) upperBounds(10) 4}
  -- from ITU-T Rec. X.509 | ISO/IEC 9594-8
  AlgorithmIdentifier, CertificationPath, ENCRYPTED{}, SIGNATURE{}, SIGNED{}
    FROM AuthenticationFramework {joint-iso-itu-t ds(5) module(1)
      authenticationFramework(7) 4}
  AttributeCertificationPath
    FROM AttributeCertificateDefinitions {joint-iso-itu-t ds(5) module(1)
      attributeCertificateDefinitions(32) 4}
  -- from ITU-T Rec. X.525 | ISO/IEC 9594-9
  AgreementID
    FROM DirectoryShadowAbstractService {joint-iso-itu-t ds(5) module(1)
      directoryShadowAbstractService(15) 4}
  -- from ITU-T Rec. X.880 | ISO/IEC 13712-1
  Code, ERROR, OPERATION
    FROM Remote-Operations-Information-Objects {joint-iso-itu-t
      remote-operations(4) informationObjects(5) version1(0)}
  emptyUnbind
    FROM Remote-Operations-Useful-Definitions {joint-iso-itu-t
      remote-operations(4) useful-definitions(7) version1(0)}
  InvokeId
    FROM Remote-Operations-Generic-ROS-PDUs {joint-iso-itu-t
      remote-operations(4) generic-ROS-PDUs(6) version1(0)}
  -- from RFC 2025
  SPKM-ERROR, SPKM-REP-TI, SPKM-REQ
    FROM SpkmGssTokens {iso(1) identified-organization(3) dod(6) internet(1)
      security(5) mechanisms(5) spkm(1) spkmGssTokens(10)};

-- Common data types 
CommonArguments ::= SET {
  serviceControls      [30]  ServiceControls DEFAULT {},
  securityParameters   [29]  SecurityParameters OPTIONAL,
  requestor            [28]  DistinguishedName OPTIONAL,
  operationProgress
    [27]  OperationProgress DEFAULT {nameResolutionPhase notStarted},
  aliasedRDNs          [26]  INTEGER OPTIONAL,
  criticalExtensions   [25]  BIT STRING OPTIONAL,
  referenceType        [24]  ReferenceType OPTIONAL,
  entryOnly            [23]  BOOLEAN DEFAULT TRUE,
  exclusions           [22]  Exclusions OPTIONAL,
  nameResolveOnMaster  [21]  BOOLEAN DEFAULT FALSE,
  operationContexts    [20]  ContextSelection OPTIONAL,
  familyGrouping       [19]  FamilyGrouping DEFAULT entryOnly
}

FamilyGrouping ::= ENUMERATED {
  entryOnly(1), compoundEntry(2), strands(3), multiStrand(4)}

CommonResults ::= SET {
  securityParameters  [30]  SecurityParameters OPTIONAL,
  performer           [29]  DistinguishedName OPTIONAL,
  aliasDereferenced   [28]  BOOLEAN DEFAULT FALSE,
  notification        [27]  SEQUENCE SIZE (1..MAX) OF Attribute OPTIONAL
}

CommonResultsSeq ::= SEQUENCE {
  securityParameters  [30]  SecurityParameters OPTIONAL,
  performer           [29]  DistinguishedName OPTIONAL,
  aliasDereferenced   [28]  BOOLEAN DEFAULT FALSE,
  notification        [27]  SEQUENCE SIZE (1..MAX) OF Attribute OPTIONAL
}

ServiceControls ::= SET {
  options              [0]  ServiceControlOptions DEFAULT {},
  priority             [1]  INTEGER {low(0), medium(1), high(2)} DEFAULT medium,
  timeLimit            [2]  INTEGER OPTIONAL,
  sizeLimit            [3]  INTEGER OPTIONAL,
  scopeOfReferral      [4]  INTEGER {dmd(0), country(1)} OPTIONAL,
  attributeSizeLimit   [5]  INTEGER OPTIONAL,
  manageDSAITPlaneRef
    [6]  SEQUENCE {dsaName      Name,
                   agreementID  AgreementID} OPTIONAL,
  serviceType          [7]  OBJECT IDENTIFIER OPTIONAL,
  userClass            [8]  INTEGER OPTIONAL
}

ServiceControlOptions ::= BIT STRING {
  preferChaining(0), chainingProhibited(1), localScope(2), dontUseCopy(3),
  dontDereferenceAliases(4), subentries(5), copyShallDo(6),
  partialNameResolution(7), manageDSAIT(8), noSubtypeMatch(9),
  noSubtypeSelection(10), countFamily(11), dontSelectFriends(12), dontMatchFriends(13)}

EntryInformationSelection ::= SET {
  attributes
    CHOICE {allUserAttributes  [0]  NULL,
            select             [1]  SET OF AttributeType
            --  empty set implies no attributes are requested 
  } DEFAULT allUserAttributes:NULL,
  infoTypes
    [2]  INTEGER {attributeTypesOnly(0), attributeTypesAndValues(1)} 
      DEFAULT attributeTypesAndValues,
  extraAttributes
    CHOICE {allOperationalAttributes  [3]  NULL,
            select                    [4]  SET SIZE (1..MAX) OF AttributeType
  } OPTIONAL,
  contextSelection  ContextSelection OPTIONAL,
  returnContexts    BOOLEAN DEFAULT FALSE,
  familyReturn      FamilyReturn DEFAULT {memberSelect contributingEntriesOnly}
}

ContextSelection ::= CHOICE {
  allContexts       NULL,
  selectedContexts  SET SIZE (1..MAX) OF TypeAndContextAssertion
}

TypeAndContextAssertion ::= SEQUENCE {
  type               AttributeType,
  contextAssertions
    CHOICE {preference  SEQUENCE OF ContextAssertion,
            all         SET OF ContextAssertion}
}

FamilyReturn ::= SEQUENCE {
  memberSelect
    ENUMERATED {contributingEntriesOnly(1), participatingEntriesOnly(2),
                compoundEntry(3)},
  familySelect  SEQUENCE SIZE (1..MAX) OF OBJECT-CLASS.&id OPTIONAL
}


EntryInformation ::= SEQUENCE {
  name             Name,
  fromEntry        BOOLEAN DEFAULT TRUE,
  information
    SET SIZE (1..MAX) OF CHOICE {
  attributeType  AttributeType,
  attribute      Attribute}  OPTIONAL,
  incompleteEntry  [3]  BOOLEAN DEFAULT FALSE, -- not in 1988-edition systems
  partialName      [4]  BOOLEAN DEFAULT FALSE, -- not in 1988 or 1993 edition systems
  derivedEntry
    [5]  BOOLEAN DEFAULT FALSE -- not in pre-2001 edition systems --
}

--family-information ATTRIBUTE ::= {
--  WITH SYNTAX  FamilyEntries
--  USAGE        directoryOperation
--  ID           id-at-family-information
--}

FamilyEntries ::= SEQUENCE {
  family-class   --OBJECT-CLASS.&id-- OBJECT IDENTIFIER, -- structural object class value
  familyEntries  SEQUENCE OF FamilyEntry
}

FamilyEntry ::= SEQUENCE {
  rdn          RelativeDistinguishedName,
  information
    SEQUENCE OF CHOICE {attributeType  AttributeType,
                        attribute      Attribute},
  family-info  SEQUENCE SIZE (1..MAX) OF FamilyEntries OPTIONAL
}

Filter ::= CHOICE {
  item  [0]  FilterItem,
  and   [1]  SetOfFilter,
  or    [2]  SetOfFilter,
  not   [3]  Filter
}

SetOfFilter ::=  SET OF Filter


FilterItem ::= CHOICE {
  equality          [0]  AttributeValueAssertion,
  substrings
    [1]  SEQUENCE {type     ATTRIBUTE.&id({SupportedAttributes}),
                   strings
                     SEQUENCE OF
                       CHOICE {initial
                                 [0] ATTRIBUTE.&Type
                                        ({SupportedAttributes}
                                           {@substrings.type}),
                               any
                                 [1] ATTRIBUTE.&Type
                                        ({SupportedAttributes}
                                           {@substrings.type}),
                               final
                                 [2]  ATTRIBUTE.&Type
                                        ({SupportedAttributes}
                                           {@substrings.type}),
                               control  Attribute}}, -- Used to specify interpretation of following items
  greaterOrEqual    [2]  AttributeValueAssertion,
  lessOrEqual       [3]  AttributeValueAssertion,
  present           [4]  AttributeType,
  approximateMatch  [5]  AttributeValueAssertion,
  extensibleMatch   [6]  MatchingRuleAssertion,
  contextPresent    [7]  AttributeTypeAssertion
}

MatchingRuleAssertion ::= SEQUENCE {
  matchingRule  [1]  SET SIZE (1..MAX) OF MATCHING-RULE.&id,
  type          [2]  AttributeType OPTIONAL,
  matchValue
    [3]  MATCHING-RULE.&AssertionType
--           (CONSTRAINED BY {
              -- matchValue shall be a value of  type specified by the &AssertionType field of 
              -- one of the MATCHING-RULE information objects identified by matchingRule }) --,
  dnAttributes  [4]  BOOLEAN DEFAULT FALSE
}

PagedResultsRequest ::= CHOICE {
  newRequest
    SEQUENCE {pageSize  INTEGER,
              sortKeys  SEQUENCE SIZE (1..MAX) OF SortKey OPTIONAL,
              reverse   [1]  BOOLEAN DEFAULT FALSE,
              unmerged  [2]  BOOLEAN DEFAULT FALSE},
  queryReference  OCTET STRING
}

SortKey ::= SEQUENCE {
  type          AttributeType,
  orderingRule  --MATCHING-RULE.&id-- OBJECT IDENTIFIER OPTIONAL
}

SecurityParameters ::= SET {
  certification-path          [0]  CertificationPath OPTIONAL,
  name                        [1]  DistinguishedName OPTIONAL,
  time                        [2]  Time OPTIONAL,
  random                      [3]  BIT STRING OPTIONAL,
  target                      [4]  ProtectionRequest OPTIONAL,
  response                    [5]  BIT STRING OPTIONAL,
  operationCode               [6]  Code OPTIONAL,
  attributeCertificationPath  [7]  AttributeCertificationPath OPTIONAL,
  errorProtection             [8]  ErrorProtectionRequest OPTIONAL,
  errorCode                   [9]  Code OPTIONAL
}

ProtectionRequest ::= INTEGER {
  none(0), signed(1), encrypted(2), signed-encrypted(3)}

Time ::= CHOICE {utcTime          UTCTime,
                 generalizedTime  GeneralizedTime
}

ErrorProtectionRequest ::= INTEGER {
  none(0), signed(1), encrypted(2), signed-encrypted(3)}

--  Bind and unbind operations 
directoryBind OPERATION ::= {
  ARGUMENT  DirectoryBindArgument
  RESULT    DirectoryBindResult
  ERRORS    {directoryBindError}
  CODE      op-ros-bind -- WS: internal operation code
}

DirectoryBindArgument ::= SET {
  credentials  [0]  Credentials OPTIONAL,
  versions     [1]  Versions DEFAULT {v1}
}

Credentials ::= CHOICE {
  simple             [0]  SimpleCredentials,
  strong             [1]  StrongCredentials,
  externalProcedure  [2]  EXTERNAL,
  spkm               [3]  SpkmCredentials,
  sasl               [4]  SaslCredentials
}

SimpleCredentials ::= SEQUENCE {
  name      [0]  DistinguishedName,
  validity
    [1]  SET {time1    [0]  CHOICE {utc  UTCTime,
                                    gt   GeneralizedTime} OPTIONAL,
              time2    [1]  CHOICE {utc  UTCTime,
                                    gt   GeneralizedTime} OPTIONAL,
              random1  [2]  BIT STRING OPTIONAL,
              random2  [3]  BIT STRING OPTIONAL} OPTIONAL,
  password
    [2]  CHOICE {unprotected  OCTET STRING,
--                 protected    SIGNATURE{OCTET STRING}} OPTIONAL
                 protected SEQUENCE {
                     protectedPassword OCTET STRING,
                     algorithmIdentifier AlgorithmIdentifier,
                     encrypted          BIT STRING }} OPTIONAL
}

StrongCredentials ::= SET {
  certification-path          [0]  CertificationPath OPTIONAL,
  bind-token                  [1]  Token,
  name                        [2]  DistinguishedName OPTIONAL,
  attributeCertificationPath  [3]  AttributeCertificationPath OPTIONAL
}

SpkmCredentials ::= CHOICE {req  [0]  -- SPKM-REQ -- ANY,
                            rep  [1]  -- SPKM-REP-TI-- ANY
}

SaslCredentials ::= SEQUENCE {
  mechanism    [0]  DirectoryString {--ub-sasIMechanism--},
  credentials  [1]  OCTET STRING OPTIONAL,
  saslAbort    [2]  BOOLEAN DEFAULT FALSE
}

TokenData ::=
--  SIGNED
--    { --SEQUENCE {algorithm          [0]  AlgorithmIdentifier,
               name               [1]  DistinguishedName,
               time               [2]  UTCTime,
               random             [3]  BIT STRING,
               response           [4]  BIT STRING OPTIONAL,
               bindIntAlgorithm
                 [5]  SEQUENCE SIZE (1..MAX) OF AlgorithmIdentifier OPTIONAL,
               bindIntKeyInfo     [6]  BindKeyInfo OPTIONAL,
               bindConfAlgorithm
                 [7]  SEQUENCE SIZE (1..MAX) OF AlgorithmIdentifier OPTIONAL,
               bindConfKeyInfo
                 [8]  BindKeyInfo--,--
                   OPTIONAL --  dirqop                  [9]     OBJECT IDENTIFIER OPTIONAL--
    } --}

-- expand SIGNED macro

Token ::= SEQUENCE {
  token-data                    TokenData,
  algorithm-identifier          AlgorithmIdentifier,
  encrypted                     BIT STRING
}

Versions ::= BIT STRING {v1(0), v2(1)}

DirectoryBindResult ::= DirectoryBindArgument

directoryBindError ERROR ::= {
  PARAMETER -- OPTIONALLY-PROTECTED -- DirectoryBindError
--    {SET {versions  [0]  Versions DEFAULT {v1},
--          error
--            CHOICE {serviceError   [1]  ServiceProblem,
--                    securityError  [2]  SecurityProblem}} }
  CODE err-ros-bind  -- WS: internal error code
}

-- expand OPTIONALLY-PROTECTED macro
DirectoryBindError ::= CHOICE {
  unsignedDirectoryBindError DirectoryBindErrorData,
  signedDirectoryBindError SEQUENCE {
    directoryBindError  DirectoryBindErrorData,
    algorithmIdentifier AlgorithmIdentifier,
    encrypted           BIT STRING
    }
}

DirectoryBindErrorData ::= 
    SET {versions  [0]  Versions DEFAULT {v1},
          error
            CHOICE {serviceError   [1]  ServiceProblem,
                    securityError  [2]  SecurityProblem},
          securityParameters       [30] SecurityParameters OPTIONAL
} 


BindKeyInfo ::= -- ENCRYPTED{-- BIT STRING 

--directoryUnbind OPERATION ::= emptyUnbind

--  Operations, arguments, and results 
read OPERATION ::= {
  ARGUMENT  ReadArgument
  RESULT    ReadResult
  ERRORS
    {attributeError | nameError | serviceError | referral | abandoned |
      securityError}
  CODE      id-opcode-read
}

ReadArgumentData ::=
--  OPTIONALLY-PROTECTED
--    {-- SET {object               [0]  Name,
          selection            [1]  EntryInformationSelection DEFAULT {},
          modifyRightsRequest  [2]  BOOLEAN DEFAULT FALSE,
--          COMPONENTS OF CommonArguments
  serviceControls      [30]  ServiceControls DEFAULT {},
  securityParameters   [29]  SecurityParameters OPTIONAL,
  requestor            [28]  DistinguishedName OPTIONAL,
  operationProgress
    [27]  OperationProgress DEFAULT {nameResolutionPhase notStarted},
  aliasedRDNs          [26]  INTEGER OPTIONAL,
  criticalExtensions   [25]  BIT STRING OPTIONAL,
  referenceType        [24]  ReferenceType OPTIONAL,
  entryOnly            [23]  BOOLEAN DEFAULT TRUE,
  exclusions           [22]  Exclusions OPTIONAL,
  nameResolveOnMaster  [21]  BOOLEAN DEFAULT FALSE,
  operationContexts    [20]  ContextSelection OPTIONAL,
  familyGrouping       [19]  FamilyGrouping DEFAULT entryOnly
}--}

Name ::= CHOICE {
   rdnSequence  RDNSequence
}


-- OPTIONALLY-PROTECTED macro expansion
ReadArgument ::= CHOICE {
  unsignedReadArgument ReadArgumentData,
  signedReadArgument SEQUENCE {
    readArgument        ReadArgumentData,
    algorithmIdentifier AlgorithmIdentifier,
    encrypted           BIT STRING
    }
}

ReadResultData ::=
--  OPTIONALLY-PROTECTED
--    {--SET {entry         [0]  EntryInformation,
          modifyRights  [1]  ModifyRights OPTIONAL,
--          COMPONENTS OF CommonResults
  securityParameters  [30]  SecurityParameters OPTIONAL,
  performer           [29]  DistinguishedName OPTIONAL,
  aliasDereferenced   [28]  BOOLEAN DEFAULT FALSE,
  notification        [27]  SEQUENCE SIZE (1..MAX) OF Attribute OPTIONAL
}--}

-- OPTIONALLY-PROTECTED macro expansion
ReadResult ::= CHOICE {
  unsignedReadResult ReadResultData,
  signedReadResult SEQUENCE {
    readResult          ReadResultData,
    algorithmIdentifier AlgorithmIdentifier,
    encrypted           BIT STRING
    }
}


ModifyRights ::=
  SET OF
    SEQUENCE {item
                CHOICE {entry      [0]  NULL,
                        attribute  [1]  AttributeType,
                        value      [2]  AttributeValueAssertion},
              permission
                [3]  BIT STRING {add(0), remove(1), rename(2), move(3)}
    }

compare OPERATION ::= {
  ARGUMENT  CompareArgument
  RESULT    CompareResult
  ERRORS
    {attributeError | nameError | serviceError | referral | abandoned |
      securityError}
  CODE      id-opcode-compare
}

CompareArgumentData ::=
--  OPTIONALLY-PROTECTED
--    {--SET {object     [0]  Name,
          purported  [1]  AttributeValueAssertion,
--          COMPONENTS OF CommonArguments}}
  serviceControls      [30]  ServiceControls DEFAULT {},
  securityParameters   [29]  SecurityParameters OPTIONAL,
  requestor            [28]  DistinguishedName OPTIONAL,
  operationProgress
    [27]  OperationProgress DEFAULT {nameResolutionPhase notStarted},
  aliasedRDNs          [26]  INTEGER OPTIONAL,
  criticalExtensions   [25]  BIT STRING OPTIONAL,
  referenceType        [24]  ReferenceType OPTIONAL,
  entryOnly            [23]  BOOLEAN DEFAULT TRUE,
  exclusions           [22]  Exclusions OPTIONAL,
  nameResolveOnMaster  [21]  BOOLEAN DEFAULT FALSE,
  operationContexts    [20]  ContextSelection OPTIONAL,
  familyGrouping       [19]  FamilyGrouping DEFAULT entryOnly
}

-- OPTIONALLY-PROTECTED macro expansion
CompareArgument ::= CHOICE {
  unsignedCompareArgument CompareArgumentData,
  signedCompareArgument SEQUENCE {
    compareArgument     CompareArgumentData,
    algorithmIdentifier AlgorithmIdentifier,
    encrypted           BIT STRING
    }
}


CompareResultData ::=
--  OPTIONALLY-PROTECTED
--    {--SET {name            Name OPTIONAL,
          matched         [0]  BOOLEAN,
          fromEntry       [1]  BOOLEAN DEFAULT TRUE,
          matchedSubtype  [2]  AttributeType OPTIONAL,
--          COMPONENTS OF CommonResults}}
  securityParameters  [30]  SecurityParameters OPTIONAL,
  performer           [29]  DistinguishedName OPTIONAL,
  aliasDereferenced   [28]  BOOLEAN DEFAULT FALSE,
  notification        [27]  SEQUENCE SIZE (1..MAX) OF Attribute OPTIONAL
}

-- OPTIONALLY-PROTECTED macro expansion
CompareResult ::= CHOICE {
  unsignedCompareResult CompareResultData,
  signedCompareResult SEQUENCE {
    compareResult       CompareResultData,
    algorithmIdentifier AlgorithmIdentifier,
    encrypted           BIT STRING
    }
}


abandon OPERATION ::= {
  ARGUMENT  AbandonArgument
  RESULT    AbandonResult
  ERRORS    {abandonFailed}
  CODE      id-opcode-abandon
}

AbandonArgumentData ::=
--  OPTIONALLY-PROTECTED-SEQ{--SEQUENCE {invokeID  [0]  InvokeId}--}

-- OPTIONALLY-PROTECTED-SEQ macro expansion
AbandonArgument ::= CHOICE {
  unsignedAbandonArgument AbandonArgumentData,
  signedAbandonArgument [0] SEQUENCE {
    abandonArgument     AbandonArgumentData,
    algorithmIdentifier AlgorithmIdentifier,
    encrypted           BIT STRING
    }
}


AbandonResultData ::= SEQUENCE {
  invokeID InvokeId,
  securityParameters  [30]  SecurityParameters OPTIONAL,
  performer           [29]  DistinguishedName OPTIONAL,
  aliasDereferenced   [28]  BOOLEAN DEFAULT FALSE,
  notification        [27]  SEQUENCE SIZE (1..MAX) OF Attribute OPTIONAL
}

AbandonResult ::= CHOICE {
  null         NULL,
  information
--    OPTIONALLY-PROTECTED-SEQ{SEQUENCE {invokeID  InvokeId,
--                                       COMPONENTS OF CommonResultsSeq
--      }}
  CHOICE  {
    unsignedAbandonResult AbandonResultData,
    signedAbandonResult [0] SEQUENCE {
      abandonResult             AbandonResultData,
      algorithmIdentifier       AlgorithmIdentifier,
      encrypted                 BIT STRING
    }
  }
}

list OPERATION ::= {
  ARGUMENT  ListArgument
  RESULT    ListResult
  ERRORS    {nameError | serviceError | referral | abandoned | securityError}
  CODE      id-opcode-list
}

ListArgumentData ::=
--  OPTIONALLY-PROTECTED
--    {--SET {object        [0]  Name,
          pagedResults  [1]  PagedResultsRequest OPTIONAL,
          listFamily    [2]  BOOLEAN DEFAULT FALSE,
--          COMPONENTS OF CommonArguments}}
  serviceControls      [30]  ServiceControls DEFAULT {},
  securityParameters   [29]  SecurityParameters OPTIONAL,
  requestor            [28]  DistinguishedName OPTIONAL,
  operationProgress
    [27]  OperationProgress DEFAULT {nameResolutionPhase notStarted},
  aliasedRDNs          [26]  INTEGER OPTIONAL,
  criticalExtensions   [25]  BIT STRING OPTIONAL,
  referenceType        [24]  ReferenceType OPTIONAL,
  entryOnly            [23]  BOOLEAN DEFAULT TRUE,
  exclusions           [22]  Exclusions OPTIONAL,
  nameResolveOnMaster  [21]  BOOLEAN DEFAULT FALSE,
  operationContexts    [20]  ContextSelection OPTIONAL,
  familyGrouping       [19]  FamilyGrouping DEFAULT entryOnly
}

-- expand OPTIONALLY-PROTECTED macro
ListArgument ::= CHOICE {
  unsignedListArgument ListArgumentData,
  signedListArgument SEQUENCE {
    listArgument        ListArgumentData,
    algorithmIdentifier AlgorithmIdentifier,
    encrypted           BIT STRING
    }
}


ListResultData ::=
--  OPTIONALLY-PROTECTED
--    {--CHOICE {listInfo
               SET {name                     Name OPTIONAL,
                    subordinates
                      [1]  SET OF
                             SEQUENCE {rdn         RelativeDistinguishedName,
                                       aliasEntry  [0]  BOOLEAN DEFAULT FALSE,
                                       fromEntry   [1]  BOOLEAN DEFAULT TRUE
                             },
                    partialOutcomeQualifier
                      [2]  PartialOutcomeQualifier OPTIONAL,
--                    COMPONENTS OF CommonResults},
                      securityParameters  [30]  SecurityParameters OPTIONAL,
                      performer           [29]  DistinguishedName OPTIONAL,
                      aliasDereferenced   [28]  BOOLEAN DEFAULT FALSE,
                      notification        [27]  SEQUENCE SIZE (1..MAX) OF Attribute OPTIONAL
                      },
             uncorrelatedListInfo  [0]  SET OF ListResult}--}

-- expand OPTIONALLY-PROTECTED macro
ListResult ::= CHOICE {
  unsignedListResult ListResultData,
  signedListResult SEQUENCE {
    listResult          ListResultData,
    algorithmIdentifier AlgorithmIdentifier,
    encrypted           BIT STRING
    }
}


PartialOutcomeQualifier ::= SET {
  limitProblem                   [0]  LimitProblem OPTIONAL,
  unexplored
    [1]  SET SIZE (1..MAX) OF ContinuationReference OPTIONAL,
  unavailableCriticalExtensions  [2]  BOOLEAN DEFAULT FALSE,
  unknownErrors
    [3]  SET SIZE (1..MAX) OF --ABSTRACT-SYNTAX.&Type-- OBJECT IDENTIFIER OPTIONAL,
  queryReference                 [4]  OCTET STRING OPTIONAL,
  overspecFilter                 [5]  Filter OPTIONAL,
  notification
    [6]  SEQUENCE SIZE (1..MAX) OF Attribute OPTIONAL,
  entryCount
    CHOICE {bestEstimate  [7]  INTEGER,
            lowEstimate   [8]  INTEGER,
            exact         [9]  INTEGER} OPTIONAL,
  streamedResult                 [10] BOOLEAN DEFAULT FALSE
}

LimitProblem ::= INTEGER {
  timeLimitExceeded(0), sizeLimitExceeded(1), administrativeLimitExceeded(2)
}

search OPERATION ::= {
  ARGUMENT  SearchArgument
  RESULT    SearchResult
  ERRORS
    {attributeError | nameError | serviceError | referral | abandoned |
      securityError}
  CODE      id-opcode-search
}

SearchArgumentData ::=
--  OPTIONALLY-PROTECTED
--    {--SET {baseObject            [0]  Name,
          subset
            [1]  INTEGER {baseObject(0), oneLevel(1), wholeSubtree(2)}
              DEFAULT baseObject,
          filter                [2]  Filter DEFAULT and:{},
          searchAliases         [3]  BOOLEAN DEFAULT TRUE,
          selection             [4]  EntryInformationSelection DEFAULT {},
          pagedResults          [5]  PagedResultsRequest OPTIONAL,
          matchedValuesOnly     [6]  BOOLEAN DEFAULT FALSE,
          extendedFilter        [7]  Filter OPTIONAL,
          checkOverspecified    [8]  BOOLEAN DEFAULT FALSE,
          relaxation            [9]  RelaxationPolicy OPTIONAL,
          extendedArea          [10]  INTEGER OPTIONAL,
          hierarchySelections   [11]  HierarchySelections DEFAULT {self},
          searchControlOptions
            [12]  SearchControlOptions DEFAULT {searchAliases},
          joinArguments
            [13]  SEQUENCE SIZE (1..MAX) OF JoinArgument OPTIONAL,
          joinType
            [14]  ENUMERATED {innerJoin(0), leftOuterJoin(1), fullOuterJoin(2)}
              DEFAULT leftOuterJoin,
--          COMPONENTS OF CommonArguments}}
          serviceControls      [30]  ServiceControls DEFAULT {},
          securityParameters   [29]  SecurityParameters OPTIONAL,
          requestor            [28]  DistinguishedName OPTIONAL,
          operationProgress
                               [27]  OperationProgress DEFAULT {nameResolutionPhase notStarted},
          aliasedRDNs          [26]  INTEGER OPTIONAL,
          criticalExtensions   [25]  BIT STRING OPTIONAL,
          referenceType        [24]  ReferenceType OPTIONAL,
          entryOnly            [23]  BOOLEAN DEFAULT TRUE,
          exclusions           [22]  Exclusions OPTIONAL,
          nameResolveOnMaster  [21]  BOOLEAN DEFAULT FALSE,
          operationContexts    [20]  ContextSelection OPTIONAL,
          familyGrouping       [19]  FamilyGrouping DEFAULT entryOnly
}

-- expand OPTIONALLY-PROTECTED macro
SearchArgument ::= CHOICE {
  unsignedSearchArgument SearchArgumentData,
  signedSearchArgument SEQUENCE {
    searchArgument      SearchArgumentData,
    algorithmIdentifier AlgorithmIdentifier,
    encrypted           BIT STRING
    }
}

HierarchySelections ::= BIT STRING {
  self(0), children(1), parent(2), hierarchy(3), top(4), subtree(5),
  siblings(6), siblingChildren(7), siblingSubtree(8), all(9)}

SearchControlOptions ::= BIT STRING {
  searchAliases(0), matchedValuesOnly(1), checkOverspecified(2),
  performExactly(3), includeAllAreas(4), noSystemRelaxation(5), dnAttribute(6),
  matchOnResidualName(7), entryCount(8), useSubset(9),
  separateFamilyMembers(10), searchFamily(11)}

JoinArgument ::= SEQUENCE {
  joinBaseObject  [0]  Name,
  domainLocalID   [1]  DomainLocalID OPTIONAL,
  joinSubset
    [2]  ENUMERATED {baseObject(0), oneLevel(1), wholeSubtree(2)}
      DEFAULT baseObject,
  joinFilter      [3]  Filter OPTIONAL,
  joinAttributes  [4]  SEQUENCE SIZE (1..MAX) OF JoinAttPair OPTIONAL,
  joinSelection   [5]  EntryInformationSelection
}

DomainLocalID ::= DirectoryString --{ub-domainLocalID}--

JoinAttPair ::= SEQUENCE {
  baseAtt      AttributeType,
  joinAtt      AttributeType,
  joinContext  SEQUENCE SIZE (1..MAX) OF JoinContextType OPTIONAL
}

JoinContextType ::= --CONTEXT.&id({SupportedContexts})-- OBJECT IDENTIFIER

SearchResultData ::=
--  OPTIONALLY-PROTECTED
--    {--CHOICE {searchInfo
               SET {name                     Name OPTIONAL,
                    entries                  [0]  SET OF EntryInformation,
                    partialOutcomeQualifier
                      [2]  PartialOutcomeQualifier OPTIONAL,
                    altMatching              [3]  BOOLEAN DEFAULT FALSE,
--                    COMPONENTS OF CommonResults},
                    securityParameters  [30]  SecurityParameters OPTIONAL,
                    performer           [29]  DistinguishedName OPTIONAL,
                    aliasDereferenced   [28]  BOOLEAN DEFAULT FALSE,
                    notification        [27]  SEQUENCE SIZE (1..MAX)OF Attribute OPTIONAL},
             uncorrelatedSearchInfo  [0]  SET OF SearchResult}--}

-- expand OPTIONALLY-PROTECTED macro
SearchResult ::= CHOICE {
  unsignedSearchResult SearchResultData,
  signedSearchResult SEQUENCE {
    searchResult        SearchResultData,
    algorithmIdentifier AlgorithmIdentifier,
    encrypted           BIT STRING
    }
}


addEntry OPERATION ::= {
  ARGUMENT  AddEntryArgument
  RESULT    AddEntryResult
  ERRORS
    {attributeError | nameError | serviceError | referral | securityError |
      updateError}
  CODE      id-opcode-addEntry
}

AddEntryArgumentData ::=
--  OPTIONALLY-PROTECTED
--    {--SET {object        [0]  Name,
          entry         [1]  SET OF Attribute,
          targetSystem  [2]  AccessPoint OPTIONAL,
--          COMPONENTS OF CommonArguments}}
          serviceControls      [30]  ServiceControls DEFAULT {},
          securityParameters   [29]  SecurityParameters OPTIONAL,
          requestor            [28]  DistinguishedName OPTIONAL,
          operationProgress
                               [27]  OperationProgress DEFAULT {nameResolutionPhase notStarted},
          aliasedRDNs          [26]  INTEGER OPTIONAL,
          criticalExtensions   [25]  BIT STRING OPTIONAL,
          referenceType        [24]  ReferenceType OPTIONAL,
          entryOnly            [23]  BOOLEAN DEFAULT TRUE,
          exclusions           [22]  Exclusions OPTIONAL,
          nameResolveOnMaster  [21]  BOOLEAN DEFAULT FALSE,
          operationContexts    [20]  ContextSelection OPTIONAL,
          familyGrouping       [19]  FamilyGrouping DEFAULT entryOnly
}

-- expand OPTIONALLY-PROTECTED macro
AddEntryArgument ::= CHOICE {
  unsignedAddEntryArgument AddEntryArgumentData,
  signedAddEntryArgument SEQUENCE {
    addEntryArgument    AddEntryArgumentData,
    algorithmIdentifier AlgorithmIdentifier,
    encrypted           BIT STRING
    }
}

AddEntryResultData ::= SEQUENCE {
  securityParameters  [30]  SecurityParameters OPTIONAL,
  performer           [29]  DistinguishedName OPTIONAL,
  aliasDereferenced   [28]  BOOLEAN DEFAULT FALSE,
  notification        [27]  SEQUENCE SIZE (1..MAX) OF Attribute OPTIONAL
}

AddEntryResult ::= CHOICE {
  null         NULL,
  information
--    OPTIONALLY-PROTECTED-SEQ{SEQUENCE {COMPONENTS OF CommonResultsSeq}}
  CHOICE  {
    unsignedAddEntryResult AddEntryResultData,
    signedAddEntryResult [0] SEQUENCE {
      addEntryResult            AddEntryResultData,
      algorithmIdentifier       AlgorithmIdentifier,
      encrypted                 BIT STRING
    }
  }
}

removeEntry OPERATION ::= {
  ARGUMENT  RemoveEntryArgument
  RESULT    RemoveEntryResult
  ERRORS    {nameError | serviceError | referral | securityError | updateError}
  CODE      id-opcode-removeEntry
}

RemoveEntryArgumentData ::=
--  OPTIONALLY-PROTECTED{--SET {object  [0]  Name,
--                            COMPONENTS OF CommonArguments}}
  serviceControls      [30]  ServiceControls DEFAULT {},
  securityParameters   [29]  SecurityParameters OPTIONAL,
  requestor            [28]  DistinguishedName OPTIONAL,
  operationProgress
    [27]  OperationProgress DEFAULT {nameResolutionPhase notStarted},
  aliasedRDNs          [26]  INTEGER OPTIONAL,
  criticalExtensions   [25]  BIT STRING OPTIONAL,
  referenceType        [24]  ReferenceType OPTIONAL,
  entryOnly            [23]  BOOLEAN DEFAULT TRUE,
  exclusions           [22]  Exclusions OPTIONAL,
  nameResolveOnMaster  [21]  BOOLEAN DEFAULT FALSE,
  operationContexts    [20]  ContextSelection OPTIONAL,
  familyGrouping       [19]  FamilyGrouping DEFAULT entryOnly
}

-- OPTIONALLY-PROTECTED macro expansion
RemoveEntryArgument ::= CHOICE {
  unsignedRemoveEntryArgument RemoveEntryArgumentData,
  signedRemoveEntryArgument SEQUENCE {
    removeEntryArgument RemoveEntryArgumentData,
    algorithmIdentifier AlgorithmIdentifier,
    encrypted           BIT STRING
    }
}


RemoveEntryResultData ::= SEQUENCE {
  securityParameters  [30]  SecurityParameters OPTIONAL,
  performer           [29]  DistinguishedName OPTIONAL,
  aliasDereferenced   [28]  BOOLEAN DEFAULT FALSE,
  notification        [27]  SEQUENCE SIZE (1..MAX) OF Attribute OPTIONAL
}

RemoveEntryResult ::= CHOICE {
  null         NULL,
  information
--    OPTIONALLY-PROTECTED-SEQ{SEQUENCE {COMPONENTS OF CommonResultsSeq}}
  CHOICE  {
    unsignedRemoveEntryResult RemoveEntryResultData,
    signedRemoveEntryResult [0] SEQUENCE {
      removeEntryResult         RemoveEntryResultData,
      algorithmIdentifier       AlgorithmIdentifier,
      encrypted                 BIT STRING
    }
  }
}

modifyEntry OPERATION ::= {
  ARGUMENT  ModifyEntryArgument
  RESULT    ModifyEntryResult
  ERRORS
    {attributeError | nameError | serviceError | referral | securityError |
      updateError}
  CODE      id-opcode-modifyEntry
}

ModifyEntryArgumentData ::=
--  OPTIONALLY-PROTECTED
--    {--SET {object     [0]  Name,
          changes    [1]  SEQUENCE OF EntryModification,
          selection  [2]  EntryInformationSelection OPTIONAL,
--          COMPONENTS OF CommonArguments}}
          serviceControls      [30]  ServiceControls DEFAULT {},
          securityParameters   [29]  SecurityParameters OPTIONAL,
          requestor            [28]  DistinguishedName OPTIONAL,
          operationProgress
                               [27]  OperationProgress DEFAULT {nameResolutionPhase notStarted},
          aliasedRDNs          [26]  INTEGER OPTIONAL,
          criticalExtensions   [25]  BIT STRING OPTIONAL,
          referenceType        [24]  ReferenceType OPTIONAL,
          entryOnly            [23]  BOOLEAN DEFAULT TRUE,
          exclusions           [22]  Exclusions OPTIONAL,
          nameResolveOnMaster  [21]  BOOLEAN DEFAULT FALSE,
          operationContexts    [20]  ContextSelection OPTIONAL,
          familyGrouping       [19]  FamilyGrouping DEFAULT entryOnly
}

-- OPTIONALLY-PROTECTED macro expansion
ModifyEntryArgument ::= CHOICE {
  unsignedModifyEntryArgument ModifyEntryArgumentData,
  signedModifyEntryArgument SEQUENCE {
    modifyEntryArgument ModifyEntryArgumentData,
    algorithmIdentifier AlgorithmIdentifier,
    encrypted           BIT STRING
    }
}


ModifyEntryResultData ::= SEQUENCE {
  entry               [0] EntryInformation OPTIONAL,
  securityParameters  [30]  SecurityParameters OPTIONAL,
  performer           [29]  DistinguishedName OPTIONAL,
  aliasDereferenced   [28]  BOOLEAN DEFAULT FALSE,
  notification        [27]  SEQUENCE SIZE (1..MAX) OF Attribute OPTIONAL
}

ModifyEntryResult ::= CHOICE {
  null         NULL,
  information
--    OPTIONALLY-PROTECTED-SEQ{SEQUENCE {COMPONENTS OF CommonResultsSeq}}
  CHOICE  {
    unsignedModifyEntryResult ModifyEntryResultData,
    signedModifyEntryResult [0] SEQUENCE {
      modifyEntryResult         ModifyEntryResultData,
      algorithmIdentifier       AlgorithmIdentifier,
      encrypted                 BIT STRING
    }
  }
}

EntryModification ::= CHOICE {
  addAttribute     [0]  Attribute,
  removeAttribute  [1]  AttributeType,
  addValues        [2]  Attribute,
  removeValues     [3]  Attribute,
  alterValues      [4]  AttributeTypeAndValue,
  resetValue       [5]  AttributeType
}

modifyDN OPERATION ::= {
  ARGUMENT  ModifyDNArgument
  RESULT    ModifyDNResult
  ERRORS    {nameError | serviceError | referral | securityError | updateError}
  CODE      id-opcode-modifyDN
}

ModifyDNArgument ::=
--  OPTIONALLY-PROTECTED
--    {--SET {object        [0]  DistinguishedName,
          newRDN        [1]  RelativeDistinguishedName,
          deleteOldRDN  [2]  BOOLEAN DEFAULT FALSE,
          newSuperior   [3]  DistinguishedName OPTIONAL,
--          COMPONENTS OF CommonArguments}}
          serviceControls      [30]  ServiceControls DEFAULT {},
          securityParameters   [29]  SecurityParameters OPTIONAL,
          requestor            [28]  DistinguishedName OPTIONAL,
          operationProgress
                               [27]  OperationProgress DEFAULT {nameResolutionPhase notStarted},
          aliasedRDNs          [26]  INTEGER OPTIONAL,
          criticalExtensions   [25]  BIT STRING OPTIONAL,
          referenceType        [24]  ReferenceType OPTIONAL,
          entryOnly            [23]  BOOLEAN DEFAULT TRUE,
          exclusions           [22]  Exclusions OPTIONAL,
          nameResolveOnMaster  [21]  BOOLEAN DEFAULT FALSE,
          operationContexts    [20]  ContextSelection OPTIONAL,
          familyGrouping       [19]  FamilyGrouping DEFAULT entryOnly
}

ModifyDNResultData ::= SEQUENCE {
  newRDN                    RelativeDistinguishedName,
  securityParameters  [30]  SecurityParameters OPTIONAL,
  performer           [29]  DistinguishedName OPTIONAL,
  aliasDereferenced   [28]  BOOLEAN DEFAULT FALSE,
  notification        [27]  SEQUENCE SIZE (1..MAX) OF Attribute OPTIONAL
}


ModifyDNResult ::= CHOICE {
  null         NULL,
  information
--    OPTIONALLY-PROTECTED-SEQ{SEQUENCE {COMPONENTS OF CommonResultsSeq}}
  CHOICE  {
    unsignedModifyDNResult ModifyDNResultData,
    signedModifyDNResult [0] SEQUENCE {
      modifyDNResult            ModifyDNResultData,
      algorithmIdentifier       AlgorithmIdentifier,
      encrypted                 BIT STRING
    }
  }
}


-- Errors and parameters 

abandoned ERROR ::= { -- not literally an "error"
  PARAMETER --OPTIONALLY-PROTECTED  {SET {COMPONENTS OF CommonResults}}-- Abandoned
  CODE                            id-errcode-abandoned
}

AbandonedData ::= SET {
  securityParameters  [30]  SecurityParameters OPTIONAL,
  performer           [29]  DistinguishedName OPTIONAL,
  aliasDereferenced   [28]  BOOLEAN DEFAULT FALSE,
  notification        [27]  SEQUENCE SIZE (1..MAX) OF Attribute OPTIONAL
}

Abandoned ::= CHOICE {
  unsignedAbandoned      AbandonedData,
  signedAbandoned SEQUENCE {
    abandoned           AbandonedData,
    algorithmIdentifier AlgorithmIdentifier,
    encrypted           BIT STRING
    }
}

abandonFailed ERROR ::= {
  PARAMETER --OPTIONALLY-PROTECTED-- AbandonFailedError
--    {SET {problem    [0]  AbandonProblem,
--          operation  [1]  InvokeId,
--          COMPONENTS OF CommonResults}}
  CODE                            id-errcode-abandonFailed
}

AbandonFailedErrorData ::= SET {
  problem             [0]  AbandonProblem,      
  operation           [1]  InvokeId,
  securityParameters  [30]  SecurityParameters OPTIONAL,
  performer           [29]  DistinguishedName OPTIONAL,
  aliasDereferenced   [28]  BOOLEAN DEFAULT FALSE,
  notification        [27]  SEQUENCE SIZE (1..MAX) OF Attribute OPTIONAL
}

AbandonFailedError ::= CHOICE {
  unsignedAbandonFailedError AbandonFailedErrorData,
  signedAbandonFailedError SEQUENCE {
    abandonFailedError  AbandonFailedErrorData,
    algorithmIdentifier AlgorithmIdentifier,
    encrypted           BIT STRING
    }
}

AbandonProblem ::= INTEGER {noSuchOperation(1), tooLate(2), cannotAbandon(3)}

attributeError ERROR ::= {
  PARAMETER --OPTIONALLY-PROTECTED-- AttributeError
--    {SET {object    [0]  Name,
--          problems
--            [1]  SET OF
--                   SEQUENCE {problem  [0]  AttributeProblem,
--                             type     [1]  AttributeType,
--                             value    [2]  AttributeValue OPTIONAL},
--          COMPONENTS OF CommonResults}}
  CODE                            id-errcode-attributeError
}

AttributeErrorData ::= SET {
  object              [0]  Name,
  problems
                      [1]  SET OF
                           SEQUENCE {problem  [0]  AttributeProblem,
                                     type     [1]  AttributeType,
                                     value    [2]  AttributeValue OPTIONAL},  
  securityParameters  [30]  SecurityParameters OPTIONAL,
  performer           [29]  DistinguishedName OPTIONAL,
  aliasDereferenced   [28]  BOOLEAN DEFAULT FALSE,
  notification        [27]  SEQUENCE SIZE (1..MAX) OF Attribute OPTIONAL
}

AttributeError ::= CHOICE {
  unsignedAttributeError AttributeErrorData,
  signedAttributeError SEQUENCE {
    attributeError      AttributeErrorData,
    algorithmIdentifier AlgorithmIdentifier,
    encrypted           BIT STRING
    }
}

AttributeProblem ::= INTEGER {
  noSuchAttributeOrValue(1), invalidAttributeSyntax(2),
  undefinedAttributeType(3), inappropriateMatching(4), constraintViolation(5),
  attributeOrValueAlreadyExists(6), contextViolation(7)}

nameError ERROR ::= {
  PARAMETER --OPTIONALLY-PROTECTED-- NameError
--    {SET {problem  [0]  NameProblem,
--          matched  [1]  Name,
--          COMPONENTS OF CommonResults}}
  CODE                            id-errcode-nameError
}

NameErrorData ::= SET {
  problem             [0]  NameProblem,
  matched             [1]  Name,
  securityParameters  [30]  SecurityParameters OPTIONAL,
  performer           [29]  DistinguishedName OPTIONAL,
  aliasDereferenced   [28]  BOOLEAN DEFAULT FALSE,
  notification        [27]  SEQUENCE SIZE (1..MAX) OF Attribute OPTIONAL
}


NameError ::= CHOICE {
  unsignedNameError NameErrorData,
  signedNameError SEQUENCE {
    nameError           NameErrorData,
    algorithmIdentifier AlgorithmIdentifier,
    encrypted           BIT STRING
    }
}

NameProblem ::= INTEGER {
  noSuchObject(1), aliasProblem(2), invalidAttributeSyntax(3),
  aliasDereferencingProblem(4), contextProblem(5)}

referral ERROR ::= { -- not literally an "error"
  PARAMETER --OPTIONALLY-PROTECTED-- Referral
--    {SET {candidate  [0]  ContinuationReference,
--          COMPONENTS OF CommonResults}}
  CODE                            id-errcode-referral
}

ReferralData ::= SET {
  candidate           [0]  ContinuationReference,
  securityParameters  [30]  SecurityParameters OPTIONAL,
  performer           [29]  DistinguishedName OPTIONAL,
  aliasDereferenced   [28]  BOOLEAN DEFAULT FALSE,
  notification        [27]  SEQUENCE SIZE (1..MAX) OF Attribute OPTIONAL

}

Referral ::= CHOICE {
  unsignedReferral ReferralData,
  signedReferral SEQUENCE {
    referral            ReferralData,
    algorithmIdentifier AlgorithmIdentifier,
    encrypted           BIT STRING
    }
}

securityError ERROR ::= {
  PARAMETER --OPTIONALLY-PROTECTED-- SecurityError
--    {SET {problem   [0]  SecurityProblem,
--          spkmInfo  [1]  SPKM-ERROR,
--          COMPONENTS OF CommonResults}}
  CODE                            id-errcode-securityError
}

SecurityErrorData ::= SET {
  problem             [0]  SecurityProblem,
  spkmInfo            [1]  -- SPKM-ERROR -- ANY,
  securityParameters  [30]  SecurityParameters OPTIONAL,
  performer           [29]  DistinguishedName OPTIONAL,
  aliasDereferenced   [28]  BOOLEAN DEFAULT FALSE,
  notification        [27]  SEQUENCE SIZE (1..MAX) OF Attribute OPTIONAL
}

SecurityError ::= CHOICE {
  unsignedSecurityError SecurityErrorData,
  signedSecurityError SEQUENCE {
    securityError       SecurityErrorData,
    algorithmIdentifier AlgorithmIdentifier,
    encrypted           BIT STRING
    }
}


SecurityProblem ::= INTEGER {
  inappropriateAuthentication(1), invalidCredentials(2),
  insufficientAccessRights(3), invalidSignature(4), protectionRequired(5),
  noInformation(6), blockedCredentials(7), invalidQOPMatch(8), spkmError(9)
}


serviceError ERROR ::= {
  PARAMETER --OPTIONALLY-PROTECTED-- ServiceError
--    {SET {problem  [0]  ServiceProblem,
--          COMPONENTS OF CommonResults}}
  CODE                            id-errcode-serviceError
}

ServiceErrorData ::= SET {
  problem             [0]  ServiceProblem,
  securityParameters  [30]  SecurityParameters OPTIONAL,
  performer           [29]  DistinguishedName OPTIONAL,
  aliasDereferenced   [28]  BOOLEAN DEFAULT FALSE,
  notification        [27]  SEQUENCE SIZE (1..MAX) OF Attribute OPTIONAL
}

ServiceError ::= CHOICE {
  unsignedServiceError ServiceErrorData,
  signedServiceError SEQUENCE {
    serviceError        ServiceErrorData,
    algorithmIdentifier AlgorithmIdentifier,
    encrypted           BIT STRING
    }
}


ServiceProblem ::= INTEGER {
  busy(1), unavailable(2), unwillingToPerform(3), chainingRequired(4),
  unableToProceed(5), invalidReference(6), timeLimitExceeded(7),
  administrativeLimitExceeded(8), loopDetected(9),
  unavailableCriticalExtension(10), outOfScope(11), ditError(12),
  invalidQueryReference(13), requestedServiceNotAvailable(14),
  unsupportedMatchingUse(15), ambiguousKeyAttributes(16),
  saslBindInProgress(17)
}


updateError ERROR ::= {
  PARAMETER --OPTIONALLY-PROTECTED-- UpdateError
--    {SET {problem        [0]  UpdateProblem,
--          attributeInfo
--            [1]  SET SIZE (1..MAX) OF
--                   CHOICE {attributeType  AttributeType,
--                           attribute      Attribute} OPTIONAL,
--          COMPONENTS OF CommonResults}}
  CODE                            id-errcode-updateError
}

UpdateErrorData ::= SET {
  problem             [0]  UpdateProblem,
  attributeInfo
                      [1]  SET SIZE (1..MAX) OF
                             CHOICE {attributeType  AttributeType,
                                     attribute      Attribute} OPTIONAL,
  securityParameters  [30]  SecurityParameters OPTIONAL,
  performer           [29]  DistinguishedName OPTIONAL,
  aliasDereferenced   [28]  BOOLEAN DEFAULT FALSE,
  notification        [27]  SEQUENCE SIZE (1..MAX) OF Attribute OPTIONAL
}

UpdateError ::= CHOICE {
  unsignedUpdateError UpdateErrorData,
  signedUpdateError SEQUENCE {
    updateError         UpdateErrorData,
    algorithmIdentifier AlgorithmIdentifier,
    encrypted           BIT STRING
    }
}


UpdateProblem ::= INTEGER {
  namingViolation(1), objectClassViolation(2), notAllowedOnNonLeaf(3),
  notAllowedOnRDN(4), entryAlreadyExists(5), affectsMultipleDSAs(6),
  objectClassModificationProhibited(7), noSuchSuperior(8), notAncestor(9),
  parentNotAncestor(10), hierarchyRuleViolation(11), familyRuleViolation(12)
}

-- attribute types 
--id-at-family-information OBJECT IDENTIFIER ::= {id-at 64}

END -- DirectoryAbstractService

-- Generated by Asnp, the ASN.1 pretty-printer of France Telecom R&D