Safe Haskell | Safe-Inferred |
---|---|
Language | Haskell2010 |
- data LdapMessage op = LdapMessage {
- ldapMessageId :: !Id
- ldapMessageOp :: !op
- ldapMessageControls :: !(Maybe Controls)
- newtype Id = Id {}
- data ProtocolClientOp
- = BindRequest !Int8 !LdapDn !AuthenticationChoice
- | UnbindRequest
- | SearchRequest !LdapDn !Scope !DerefAliases !Int32 !Int32 !Bool !Filter !AttributeSelection
- | ModifyRequest !LdapDn ![(Operation, PartialAttribute)]
- | AddRequest !LdapDn !AttributeList
- | DeleteRequest !LdapDn
- | ModifyDnRequest !LdapDn !RelativeLdapDn !Bool !(Maybe LdapDn)
- | CompareRequest !LdapDn !AttributeValueAssertion
- | ExtendedRequest !LdapOid !(Maybe ByteString)
- data ProtocolServerOp
- = BindResponse !LdapResult !(Maybe ByteString)
- | SearchResultEntry !LdapDn !PartialAttributeList
- | SearchResultReference !(NonEmpty Uri)
- | SearchResultDone !LdapResult
- | ModifyResponse !LdapResult
- | AddResponse !LdapResult
- | DeleteResponse !LdapResult
- | ModifyDnResponse !LdapResult
- | CompareResponse !LdapResult
- | ExtendedResponse !LdapResult !(Maybe LdapOid) !(Maybe ByteString)
- | IntermediateResponse !(Maybe LdapOid) !(Maybe ByteString)
- newtype AuthenticationChoice = Simple ByteString
- data Scope
- data DerefAliases
- data Filter
- = And !(NonEmpty Filter)
- | Or !(NonEmpty Filter)
- | Not Filter
- | EqualityMatch AttributeValueAssertion
- | Substrings SubstringFilter
- | GreaterOrEqual AttributeValueAssertion
- | LessOrEqual AttributeValueAssertion
- | Present AttributeDescription
- | ApproxMatch AttributeValueAssertion
- | ExtensibleMatch MatchingRuleAssertion
- data SubstringFilter = SubstringFilter !AttributeDescription !(NonEmpty Substring)
- data Substring
- data MatchingRuleAssertion = MatchingRuleAssertion !(Maybe MatchingRuleId) !(Maybe AttributeDescription) !AssertionValue !Bool
- newtype MatchingRuleId = MatchingRuleId LdapString
- newtype AttributeSelection = AttributeSelection [LdapString]
- newtype AttributeList = AttributeList [Attribute]
- newtype PartialAttributeList = PartialAttributeList [PartialAttribute]
- newtype Controls = Controls [Control]
- data Control = Control !LdapOid !Bool !(Maybe ByteString)
- data LdapResult = LdapResult !ResultCode !LdapDn !LdapString !(Maybe ReferralUris)
- data ResultCode
- = Success
- | OperationError
- | ProtocolError
- | TimeLimitExceeded
- | SizeLimitExceeded
- | CompareFalse
- | CompareTrue
- | AuthMethodNotSupported
- | StrongerAuthRequired
- | Referral
- | AdminLimitExceeded
- | UnavailableCriticalExtension
- | ConfidentialityRequired
- | SaslBindInProgress
- | NoSuchAttribute
- | UndefinedAttributeType
- | InappropriateMatching
- | ConstraintViolation
- | AttributeOrValueExists
- | InvalidAttributeSyntax
- | NoSuchObject
- | AliasProblem
- | InvalidDNSyntax
- | AliasDereferencingProblem
- | InappropriateAuthentication
- | InvalidCredentials
- | InsufficientAccessRights
- | Busy
- | Unavailable
- | UnwillingToPerform
- | LoopDetect
- | NamingViolation
- | ObjectClassViolation
- | NotAllowedOnNonLeaf
- | NotAllowedOnRDN
- | EntryAlreadyExists
- | ObjectClassModsProhibited
- | AffectsMultipleDSAs
- | Other
- newtype AttributeDescription = AttributeDescription LdapString
- newtype AttributeValue = AttributeValue ByteString
- data AttributeValueAssertion = AttributeValueAssertion !AttributeDescription !AssertionValue
- newtype AssertionValue = AssertionValue ByteString
- data Attribute = Attribute !AttributeDescription !(NonEmpty AttributeValue)
- data PartialAttribute = PartialAttribute !AttributeDescription ![AttributeValue]
- newtype LdapDn = LdapDn LdapString
- newtype RelativeLdapDn = RelativeLdapDn LdapString
- newtype ReferralUris = ReferralUris (NonEmpty Uri)
- newtype Uri = Uri LdapString
- data Operation
- newtype LdapString = LdapString Text
- newtype LdapOid = LdapOid Text
Documentation
data LdapMessage op Source
Message envelope. (Section 4.1.1.)
LdapMessage | |
|
Eq op => Eq (LdapMessage op) | |
Show op => Show (LdapMessage op) | |
ToAsn1 op => ToAsn1 (LdapMessage op) | LDAPMessage ::= SEQUENCE { messageID MessageID, protocolOp CHOICE { bindRequest BindRequest, bindResponse BindResponse, unbindRequest UnbindRequest, searchRequest SearchRequest, searchResEntry SearchResultEntry, searchResDone SearchResultDone, searchResRef SearchResultReference, addRequest AddRequest, addResponse AddResponse, ... }, controls [0] Controls OPTIONAL } |
FromAsn1 op => FromAsn1 (LdapMessage op) | LDAPMessage ::= SEQUENCE { messageID MessageID, protocolOp CHOICE { bindRequest BindRequest, bindResponse BindResponse, unbindRequest UnbindRequest, searchRequest SearchRequest, searchResEntry SearchResultEntry, searchResDone SearchResultDone, searchResRef SearchResultReference, addRequest AddRequest, addResponse AddResponse, ... }, controls [0] Controls OPTIONAL } |
Every message being processed has a unique non-zero integer ID. (Section 4.1.1.1.)
data ProtocolClientOp Source
Client requests. The RFC doesn't make a difference between ProtocolClientOp
and ProtocolServerOp
but it's useful to distinguish between them in Haskell.
Eq ProtocolClientOp | |
Show ProtocolClientOp | |
ToAsn1 ProtocolClientOp | BindRequest ::= [APPLICATION 0] SEQUENCE { version INTEGER (1 .. 127), name LDAPDN, authentication AuthenticationChoice } UnbindRequest ::= [APPLICATION 2] NULL SearchRequest ::= [APPLICATION 3] SEQUENCE { baseObject LDAPDN, scope ENUMERATED { baseObject (0), singleLevel (1), wholeSubtree (2), ... }, derefAliases ENUMERATED { neverDerefAliases (0), derefInSearching (1), derefFindingBaseObj (2), derefAlways (3) }, sizeLimit INTEGER (0 .. maxInt), timeLimit INTEGER (0 .. maxInt), typesOnly BOOLEAN, filter Filter, attributes AttributeSelection } ModifyRequest ::= [APPLICATION 6] SEQUENCE { object LDAPDN, changes SEQUENCE OF change SEQUENCE { operation ENUMERATED { add (0), delete (1), replace (2), ... }, modification PartialAttribute } } AddRequest ::= [APPLICATION 8] SEQUENCE { entry LDAPDN, attributes AttributeList } DelRequest ::= [APPLICATION 10] LDAPDN ModifyDNRequest ::= [APPLICATION 12] SEQUENCE { entry LDAPDN, newrdn RelativeLDAPDN, deleteoldrdn BOOLEAN, newSuperior [0] LDAPDN OPTIONAL } CompareRequest ::= [APPLICATION 14] SEQUENCE { entry LDAPDN, ava AttributeValueAssertion } ExtendedRequest ::= [APPLICATION 23] SEQUENCE { requestName [0] LDAPOID, requestValue [1] OCTET STRING OPTIONAL } |
data ProtocolServerOp Source
Server responses. The RFC doesn't make a difference between ProtocolClientOp
and ProtocolServerOp
but it's useful to distinguish between them in Haskell.
Eq ProtocolServerOp | |
Show ProtocolServerOp | |
FromAsn1 ProtocolServerOp | BindResponse ::= [APPLICATION 1] SEQUENCE { COMPONENTS OF LDAPResult, serverSaslCreds [7] OCTET STRING OPTIONAL } SearchResultEntry ::= [APPLICATION 4] SEQUENCE { objectName LDAPDN, attributes PartialAttributeList } SearchResultReference ::= [APPLICATION 19] SEQUENCE SIZE (1..MAX) OF uri URI SearchResultDone ::= [APPLICATION 5] LDAPResult ModifyResponse ::= [APPLICATION 7] LDAPResult AddResponse ::= [APPLICATION 9] LDAPResult DelResponse ::= [APPLICATION 11] LDAPResult ModifyDNResponse ::= [APPLICATION 13] LDAPResult CompareResponse ::= [APPLICATION 15] LDAPResult ExtendedResponse ::= [APPLICATION 24] SEQUENCE { COMPONENTS OF LDAPResult, responseName [10] LDAPOID OPTIONAL, responseValue [11] OCTET STRING OPTIONAL } IntermediateResponse ::= [APPLICATION 25] SEQUENCE { responseName [0] LDAPOID OPTIONAL, responseValue [1] OCTET STRING OPTIONAL } |
newtype AuthenticationChoice Source
Not really a choice until SASL is supported.
Eq AuthenticationChoice | |
Show AuthenticationChoice | |
ToAsn1 AuthenticationChoice | AuthenticationChoice ::= CHOICE { simple [0] OCTET STRING, ... } |
Scope of the search to be performed.
BaseObject | Constrained to the entry named by baseObject. |
SingleLevel | Constrained to the immediate subordinates of the entry named by baseObject. |
WholeSubtree | Constrained to the entry named by baseObject and to all its subordinates. |
data DerefAliases Source
An indicator as to whether or not alias entries (as defined in [RFC4512]) are to be dereferenced during stages of the Search operation.
NeverDerefAliases | Do not dereference aliases in searching or in locating the base object of the Search. |
DerefInSearching | While searching subordinates of the base object, dereference any alias within the search scope. |
DerefFindingBaseObject | Dereference aliases in locating the base object of the Search. |
DerefAlways | Dereference aliases both in searching and in locating the base object of the Search. |
Conditions that must be fulfilled in order for the Search to match a given entry.
And !(NonEmpty Filter) | All filters evaluate to |
Or !(NonEmpty Filter) | Any filter evaluates to |
Not Filter | Filter evaluates to |
EqualityMatch AttributeValueAssertion |
|
Substrings SubstringFilter |
|
GreaterOrEqual AttributeValueAssertion |
|
LessOrEqual AttributeValueAssertion |
|
Present AttributeDescription | Attribute is present in the entry |
ApproxMatch AttributeValueAssertion | Same as |
ExtensibleMatch MatchingRuleAssertion |
Eq Filter | |
Show Filter | |
ToAsn1 Filter | Filter ::= CHOICE { and [0] SET SIZE (1..MAX) OF filter Filter, or [1] SET SIZE (1..MAX) OF filter Filter, not [2] Filter, equalityMatch [3] AttributeValueAssertion, substrings [4] SubstringFilter, greaterOrEqual [5] AttributeValueAssertion, lessOrEqual [6] AttributeValueAssertion, present [7] AttributeDescription, approxMatch [8] AttributeValueAssertion, extensibleMatch [9] MatchingRuleAssertion, ... } |
data SubstringFilter Source
Eq SubstringFilter | |
Show SubstringFilter | |
ToAsn1 SubstringFilter | SubstringFilter ::= SEQUENCE { type AttributeDescription, substrings SEQUENCE SIZE (1..MAX) OF substring CHOICE { initial [0] AssertionValue, -- can occur at most once any [1] AssertionValue, final [2] AssertionValue } -- can occur at most once } |
data MatchingRuleAssertion Source
Eq MatchingRuleAssertion | |
Show MatchingRuleAssertion | |
ToAsn1 MatchingRuleAssertion | MatchingRuleAssertion ::= SEQUENCE { matchingRule [1] MatchingRuleId OPTIONAL, type [2] AttributeDescription OPTIONAL, matchValue [3] AssertionValue, dnAttributes [4] BOOLEAN DEFAULT FALSE } |
newtype MatchingRuleId Source
Matching rules are defined in Section 4.1.3 of [RFC4512]. A matching
rule is identified in the protocol by the printable representation of
either its numericoid or one of its short name descriptors
[RFC4512], e.g., caseIgnoreMatch
or '2.5.13.2'. (Section 4.1.8.)
Eq MatchingRuleId | |
Show MatchingRuleId | |
ToAsn1 MatchingRuleId | MatchingRuleId ::= LDAPString |
newtype AttributeSelection Source
Eq AttributeSelection | |
Show AttributeSelection | |
ToAsn1 AttributeSelection | AttributeSelection ::= SEQUENCE OF selector LDAPString |
newtype AttributeList Source
Eq AttributeList | |
Show AttributeList | |
ToAsn1 AttributeList | AttributeList ::= SEQUENCE OF attribute Attribute |
newtype PartialAttributeList Source
Eq PartialAttributeList | |
Show PartialAttributeList | |
FromAsn1 PartialAttributeList | PartialAttributeList ::= SEQUENCE OF partialAttribute PartialAttribute |
Control !LdapOid !Bool !(Maybe ByteString) |
data LdapResult Source
Eq LdapResult | |
Show LdapResult | |
FromAsn1 LdapResult | LDAPResult ::= SEQUENCE { resultCode ENUMERATED { success (0), operationsError (1), protocolError (2), timeLimitExceeded (3), sizeLimitExceeded (4), compareFalse (5), compareTrue (6), authMethodNotSupported (7), strongerAuthRequired (8), -- 9 reserved -- referral (10), adminLimitExceeded (11), unavailableCriticalExtension (12), confidentialityRequired (13), saslBindInProgress (14), noSuchAttribute (16), undefinedAttributeType (17), inappropriateMatching (18), constraintViolation (19), attributeOrValueExists (20), invalidAttributeSyntax (21), -- 22-31 unused -- noSuchObject (32), aliasProblem (33), invalidDNSyntax (34), -- 35 reserved for undefined isLeaf -- aliasDereferencingProblem (36), -- 37-47 unused -- inappropriateAuthentication (48), invalidCredentials (49), insufficientAccessRights (50), busy (51), unavailable (52), unwillingToPerform (53), loopDetect (54), -- 55-63 unused -- namingViolation (64), objectClassViolation (65), notAllowedOnNonLeaf (66), notAllowedOnRDN (67), entryAlreadyExists (68), objectClassModsProhibited (69), -- 70 reserved for CLDAP -- affectsMultipleDSAs (71), -- 72-79 unused -- other (80), ... }, matchedDN LDAPDN, diagnosticMessage LDAPString, referral [3] Referral OPTIONAL } |
data ResultCode Source
LDAP operation's result.
newtype AttributeDescription Source
Eq AttributeDescription | |
Show AttributeDescription | |
ToAsn1 AttributeDescription | AttributeDescription ::= LDAPString |
FromAsn1 AttributeDescription | AttributeDescription ::= LDAPString |
newtype AttributeValue Source
Eq AttributeValue | |
Show AttributeValue | |
ToAsn1 AttributeValue | AttributeValue ::= OCTET STRING |
FromAsn1 AttributeValue | AttributeValue ::= OCTET STRING |
data AttributeValueAssertion Source
Eq AttributeValueAssertion | |
Show AttributeValueAssertion | |
ToAsn1 AttributeValueAssertion | AttributeValueAssertion ::= SEQUENCE { attributeDesc AttributeDescription, assertionValue AssertionValue } |
newtype AssertionValue Source
Eq AssertionValue | |
Show AssertionValue | |
ToAsn1 AssertionValue | AssertionValue ::= OCTET STRING |
data PartialAttribute Source
Eq PartialAttribute | |
Show PartialAttribute | |
ToAsn1 PartialAttribute | PartialAttribute ::= SEQUENCE { type AttributeDescription, vals SET OF value AttributeValue } |
FromAsn1 PartialAttribute | PartialAttribute ::= SEQUENCE { type AttributeDescription, vals SET OF value AttributeValue } |
An LDAPDN is defined to be the representation of a Distinguished Name (DN) after encoding according to the specification in [RFC4514].
newtype RelativeLdapDn Source
A RelativeLDAPDN is defined to be the representation of a Relative Distinguished Name (RDN) after encoding according to the specification in [RFC4514].
Eq RelativeLdapDn | |
Show RelativeLdapDn | |
ToAsn1 RelativeLdapDn | RelativeLDAPDN ::= LDAPString -- Constrained to <name-component> |
newtype ReferralUris Source
Eq ReferralUris | |
Show ReferralUris | |
FromAsn1 ReferralUris | Referral ::= SEQUENCE SIZE (1..MAX) OF uri URI |
newtype LdapString Source
The LDAPString is a notational convenience to indicate that, although strings of LDAPString type encode as ASN.1 OCTET STRING types, the [ISO10646] character set (a superset of [Unicode]) is used, encoded following the UTF-8 [RFC3629] algorithm. (Section 4.1.2.)
Eq LdapString | |
Show LdapString | |
ToAsn1 LdapString | LDAPString ::= OCTET STRING -- UTF-8 encoded |
FromAsn1 LdapString | LDAPString ::= OCTET STRING -- UTF-8 encoded, |
The LDAPOID is a notational convenience to indicate that the permitted value of this string is a (UTF-8 encoded) dotted-decimal representation of an OBJECT IDENTIFIER. Although an LDAPOID is encoded as an OCTET STRING, values are limited to the definition of <numericoid> given in Section 1.4 of [RFC4512].