1#
2# LDAP message syntax
3#
4# ASN.1 source from:
5# http://www.trl.ibm.com/projects/xml/xss4j/data/asn1/grammars/ldap.asn
6#
7# Sample captures from:
8# http://wiki.wireshark.org/SampleCaptures/
9#
10from pyasn1.type import tag, namedtype, namedval, univ, constraint,char,useful
11from pyasn1.codec.der import decoder, encoder
12
13maxInt = univ.Integer(2147483647)
14
15class LDAPString(univ.OctetString): pass
16class LDAPOID(univ.OctetString): pass
17
18class LDAPDN(LDAPString): pass
19class RelativeLDAPDN(LDAPString): pass
20class AttributeType(LDAPString): pass
21class AttributeDescription(LDAPString): pass
22
23class AttributeDescriptionList(univ.SequenceOf):
24    componentType = AttributeDescription()
25
26class AttributeValue(univ.OctetString): pass
27
28class AssertionValue(univ.OctetString): pass
29
30class AttributeValueAssertion(univ.Sequence):
31    componentType = namedtype.NamedTypes(
32        namedtype.NamedType('attributeDesc', AttributeDescription()),
33        namedtype.NamedType('assertionValue', AssertionValue())
34        )
35
36class Attribute(univ.Sequence):
37    componentType = namedtype.NamedTypes(
38        namedtype.NamedType('type', AttributeDescription()),
39        namedtype.NamedType('vals', univ.SetOf(componentType=AttributeValue()))
40        )
41
42class MatchingRuleId(LDAPString): pass
43
44class Control(univ.Sequence):
45    componentType = namedtype.NamedTypes(
46        namedtype.NamedType('controlType', LDAPOID()),
47        namedtype.DefaultedNamedType('criticality', univ.Boolean('False')),
48        namedtype.OptionalNamedType('controlValue', univ.OctetString())
49        )
50
51class Controls(univ.SequenceOf):
52    componentType = Control()
53
54class LDAPURL(LDAPString): pass
55
56class Referral(univ.SequenceOf):
57    componentType = LDAPURL()
58
59class SaslCredentials(univ.Sequence):
60    componentType = namedtype.NamedTypes(
61        namedtype.NamedType('mechanism', LDAPString()),
62        namedtype.OptionalNamedType('credentials', univ.OctetString())
63        )
64
65class AuthenticationChoice(univ.Choice):
66    componentType = namedtype.NamedTypes(
67        namedtype.NamedType('simple', univ.OctetString().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
68        namedtype.NamedType('reserved-1', univ.OctetString().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
69        namedtype.NamedType('reserved-2', univ.OctetString().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
70        namedtype.NamedType('sasl', SaslCredentials().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3)))
71        )
72
73class BindRequest(univ.Sequence):
74    tagSet = univ.Sequence.tagSet.tagImplicitly(
75        tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 0)
76        )
77    componentType = namedtype.NamedTypes(
78        namedtype.NamedType('version', univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(1, 127))),
79        namedtype.NamedType('name', LDAPDN()),
80        namedtype.NamedType('authentication', AuthenticationChoice())
81        )
82
83class PartialAttributeList(univ.SequenceOf):
84    componentType = univ.Sequence(componentType=namedtype.NamedTypes(namedtype.NamedType('type', AttributeDescription()), namedtype.NamedType('vals', univ.SetOf(componentType=AttributeValue()))))
85
86class SearchResultEntry(univ.Sequence):
87    tagSet = univ.Sequence.tagSet.tagImplicitly(
88        tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 4)
89        )
90    componentType = namedtype.NamedTypes(
91        namedtype.NamedType('objectName', LDAPDN()),
92        namedtype.NamedType('attributes', PartialAttributeList())
93        )
94
95class MatchingRuleAssertion(univ.Sequence):
96    componentType = namedtype.NamedTypes(
97        namedtype.OptionalNamedType('matchingRule', MatchingRuleId().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
98        namedtype.OptionalNamedType('type', AttributeDescription().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
99        namedtype.NamedType('matchValue', AssertionValue().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))),
100        namedtype.DefaultedNamedType('dnAttributes', univ.Boolean('False').subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4)))
101        )
102
103class SubstringFilter(univ.Sequence):
104    componentType = namedtype.NamedTypes(
105        namedtype.NamedType('type', AttributeDescription()),
106        namedtype.NamedType('substrings', univ.SequenceOf(componentType=univ.Choice(componentType=namedtype.NamedTypes(namedtype.NamedType('initial', LDAPString().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), namedtype.NamedType('any', LDAPString().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), namedtype.NamedType('final', LDAPString().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2)))))))
107        )
108
109# Ugly hack to handle recursive Filter reference (up to 3-levels deep).
110
111class Filter3(univ.Choice):
112    componentType = namedtype.NamedTypes(
113        namedtype.NamedType('equalityMatch', AttributeValueAssertion().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3))),
114        namedtype.NamedType('substrings', SubstringFilter().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 4))),
115        namedtype.NamedType('greaterOrEqual', AttributeValueAssertion().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 5))),
116        namedtype.NamedType('lessOrEqual', AttributeValueAssertion().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 6))),
117        namedtype.NamedType('present', AttributeDescription().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 7))),
118        namedtype.NamedType('approxMatch', AttributeValueAssertion().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 8))),
119        namedtype.NamedType('extensibleMatch', MatchingRuleAssertion().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 9)))
120        )
121
122class Filter2(univ.Choice):
123    componentType = namedtype.NamedTypes(
124        namedtype.NamedType('and', univ.SetOf(componentType=Filter3()).subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
125        namedtype.NamedType('or', univ.SetOf(componentType=Filter3()).subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))),
126        namedtype.NamedType('not', Filter3().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))),
127        namedtype.NamedType('equalityMatch', AttributeValueAssertion().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3))),
128        namedtype.NamedType('substrings', SubstringFilter().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 4))),
129        namedtype.NamedType('greaterOrEqual', AttributeValueAssertion().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 5))),
130        namedtype.NamedType('lessOrEqual', AttributeValueAssertion().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 6))),
131        namedtype.NamedType('present', AttributeDescription().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 7))),
132        namedtype.NamedType('approxMatch', AttributeValueAssertion().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 8))),
133        namedtype.NamedType('extensibleMatch', MatchingRuleAssertion().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 9)))
134        )
135
136class Filter(univ.Choice):
137    componentType = namedtype.NamedTypes(
138        namedtype.NamedType('and', univ.SetOf(componentType=Filter2()).subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
139        namedtype.NamedType('or', univ.SetOf(componentType=Filter2()).subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))),
140        namedtype.NamedType('not', Filter2().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))),
141        namedtype.NamedType('equalityMatch', AttributeValueAssertion().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3))),
142        namedtype.NamedType('substrings', SubstringFilter().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 4))),
143        namedtype.NamedType('greaterOrEqual', AttributeValueAssertion().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 5))),
144        namedtype.NamedType('lessOrEqual', AttributeValueAssertion().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 6))),
145        namedtype.NamedType('present', AttributeDescription().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 7))),
146        namedtype.NamedType('approxMatch', AttributeValueAssertion().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 8))),
147        namedtype.NamedType('extensibleMatch', MatchingRuleAssertion().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 9)))
148        )
149
150# End of Filter hack
151
152class SearchRequest(univ.Sequence):
153    tagSet = univ.Sequence.tagSet.tagImplicitly(
154        tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 3)
155        )
156    componentType = namedtype.NamedTypes(
157        namedtype.NamedType('baseObject', LDAPDN()),
158        namedtype.NamedType('scope', univ.Enumerated(namedValues=namedval.NamedValues(('baseObject', 0), ('singleLevel', 1), ('wholeSubtree', 2)))),
159        namedtype.NamedType('derefAliases', univ.Enumerated(namedValues=namedval.NamedValues(('neverDerefAliases', 0), ('derefInSearching', 1), ('derefFindingBaseObj', 2), ('derefAlways', 3)))),
160        namedtype.NamedType('sizeLimit', univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(0, maxInt))),
161        namedtype.NamedType('timeLimit', univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(0, maxInt))),
162        namedtype.NamedType('typesOnly', univ.Boolean()),
163        namedtype.NamedType('filter', Filter()),
164        namedtype.NamedType('attributes', AttributeDescriptionList())
165        )
166
167class UnbindRequest(univ.Null):
168    tagSet = univ.Sequence.tagSet.tagImplicitly(
169        tag.Tag(tag.tagClassApplication, tag.tagFormatSimple, 2)
170        )
171
172class BindResponse(univ.Sequence):
173    tagSet = univ.Sequence.tagSet.tagImplicitly(
174        tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 1)
175        )
176    componentType = namedtype.NamedTypes(
177        namedtype.NamedType('resultCode', univ.Enumerated(namedValues=namedval.NamedValues(('success', 0), ('operationsError', 1), ('protocolError', 2), ('timeLimitExceeded', 3), ('sizeLimitExceeded', 4), ('compareFalse', 5), ('compareTrue', 6), ('authMethodNotSupported', 7), ('strongAuthRequired', 8), ('reserved-9', 9), ('referral', 10), ('adminLimitExceeded', 11), ('unavailableCriticalExtension', 12), ('confidentialityRequired', 13), ('saslBindInProgress', 14), ('noSuchAttribute', 16), ('undefinedAttributeType', 17), ('inappropriateMatching', 18), ('constraintViolation', 19), ('attributeOrValueExists', 20), ('invalidAttributeSyntax', 21), ('noSuchObject', 32), ('aliasProblem', 33), ('invalidDNSyntax', 34), ('reserved-35', 35), ('aliasDereferencingProblem', 36), ('inappropriateAuthentication', 48), ('invalidCredentials', 49), ('insufficientAccessRights', 50), ('busy', 51), ('unavailable', 52), ('unwillingToPerform', 53), ('loopDetect', 54), ('namingViolation', 64), ('objectClassViolation', 65), ('notAllowedOnNonLeaf', 66), ('notAllowedOnRDN', 67), ('entryAlreadyExists', 68), ('objectClassModsProhibited', 69), ('reserved-70', 70), ('affectsMultipleDSAs', 71), ('other', 80), ('reserved-81', 81), ('reserved-82', 82), ('reserved-83', 83), ('reserved-84', 84), ('reserved-85', 85), ('reserved-86', 86), ('reserved-87', 87), ('reserved-88', 88), ('reserved-89', 89), ('reserved-90', 90)))),
178        namedtype.NamedType('matchedDN', LDAPDN()),
179        namedtype.NamedType('errorMessage', LDAPString()),
180        namedtype.OptionalNamedType('referral', Referral().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3))),
181        namedtype.OptionalNamedType('serverSaslCreds', univ.OctetString().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 7)))
182        )
183
184class LDAPResult(univ.Sequence):
185    componentType = namedtype.NamedTypes(
186        namedtype.NamedType('resultCode', univ.Enumerated(namedValues=namedval.NamedValues(('success', 0), ('operationsError', 1), ('protocolError', 2), ('timeLimitExceeded', 3), ('sizeLimitExceeded', 4), ('compareFalse', 5), ('compareTrue', 6), ('authMethodNotSupported', 7), ('strongAuthRequired', 8), ('reserved-9', 9), ('referral', 10), ('adminLimitExceeded', 11), ('unavailableCriticalExtension', 12), ('confidentialityRequired', 13), ('saslBindInProgress', 14), ('noSuchAttribute', 16), ('undefinedAttributeType', 17), ('inappropriateMatching', 18), ('constraintViolation', 19), ('attributeOrValueExists', 20), ('invalidAttributeSyntax', 21), ('noSuchObject', 32), ('aliasProblem', 33), ('invalidDNSyntax', 34), ('reserved-35', 35), ('aliasDereferencingProblem', 36), ('inappropriateAuthentication', 48), ('invalidCredentials', 49), ('insufficientAccessRights', 50), ('busy', 51), ('unavailable', 52), ('unwillingToPerform', 53), ('loopDetect', 54), ('namingViolation', 64), ('objectClassViolation', 65), ('notAllowedOnNonLeaf', 66), ('notAllowedOnRDN', 67), ('entryAlreadyExists', 68), ('objectClassModsProhibited', 69), ('reserved-70', 70), ('affectsMultipleDSAs', 71), ('other', 80), ('reserved-81', 81), ('reserved-82', 82), ('reserved-83', 83), ('reserved-84', 84), ('reserved-85', 85), ('reserved-86', 86), ('reserved-87', 87), ('reserved-88', 88), ('reserved-89', 89), ('reserved-90', 90)))),
187        namedtype.NamedType('matchedDN', LDAPDN()),
188        namedtype.NamedType('errorMessage', LDAPString()),
189        namedtype.OptionalNamedType('referral', Referral().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3)))
190        )
191
192class SearchResultReference(univ.SequenceOf):
193    tagSet = univ.Sequence.tagSet.tagImplicitly(
194        tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 19)
195        )
196    componentType = LDAPURL()
197
198class SearchResultDone(LDAPResult):
199    tagSet = univ.Sequence.tagSet.tagImplicitly(
200        tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 5)
201        )
202
203class AttributeTypeAndValues(univ.Sequence):
204    componentType = namedtype.NamedTypes(
205        namedtype.NamedType('type', AttributeDescription()),
206        namedtype.NamedType('vals', univ.SetOf(componentType=AttributeValue()))
207        )
208
209class ModifyRequest(univ.Sequence):
210    tagSet = univ.Sequence.tagSet.tagImplicitly(
211        tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 6)
212        )
213    componentType = namedtype.NamedTypes(
214        namedtype.NamedType('object', LDAPDN()),
215        namedtype.NamedType('modification', univ.SequenceOf(componentType=univ.Sequence(componentType=namedtype.NamedTypes(namedtype.NamedType('operation', univ.Enumerated(namedValues=namedval.NamedValues(('add', 0), ('delete', 1), ('replace', 2)))), namedtype.NamedType('modification', AttributeTypeAndValues())))))
216        )
217
218class ModifyResponse(LDAPResult):
219    tagSet = univ.Sequence.tagSet.tagImplicitly(
220        tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 7)
221        )
222
223class AttributeList(univ.SequenceOf):
224    componentType = univ.Sequence(componentType=namedtype.NamedTypes(namedtype.NamedType('type', AttributeDescription()), namedtype.NamedType('vals', univ.SetOf(componentType=AttributeValue()))))
225
226class AddRequest(univ.Sequence):
227    tagSet = univ.Sequence.tagSet.tagImplicitly(
228        tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 8)
229        )
230    componentType = namedtype.NamedTypes(
231        namedtype.NamedType('entry', LDAPDN()),
232        namedtype.NamedType('attributes', AttributeList())
233        )
234
235class AddResponse(LDAPResult):
236    tagSet = univ.Sequence.tagSet.tagImplicitly(
237        tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 9)
238        )
239
240class DelRequest(LDAPResult):
241    tagSet = univ.Sequence.tagSet.tagImplicitly(
242        tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 10)
243        )
244
245class DelResponse(LDAPResult):
246    tagSet = univ.Sequence.tagSet.tagImplicitly(
247        tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 11)
248        )
249
250class ModifyDNRequest(univ.Sequence):
251    tagSet = univ.Sequence.tagSet.tagImplicitly(
252        tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 12)
253        )
254    componentType = namedtype.NamedTypes(
255        namedtype.NamedType('entry', LDAPDN()),
256        namedtype.NamedType('newrdn', RelativeLDAPDN()),
257        namedtype.NamedType('deleteoldrdn', univ.Boolean()),
258        namedtype.OptionalNamedType('newSuperior', LDAPDN().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
259
260        )
261
262class ModifyDNResponse(LDAPResult):
263    tagSet = univ.Sequence.tagSet.tagImplicitly(
264        tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 13)
265        )
266
267class CompareRequest(univ.Sequence):
268    tagSet = univ.Sequence.tagSet.tagImplicitly(
269        tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 14)
270        )
271    componentType = namedtype.NamedTypes(
272        namedtype.NamedType('entry', LDAPDN()),
273        namedtype.NamedType('ava', AttributeValueAssertion())
274        )
275
276class CompareResponse(LDAPResult):
277    tagSet = univ.Sequence.tagSet.tagImplicitly(
278        tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 15)
279        )
280
281class AbandonRequest(LDAPResult):
282    tagSet = univ.Sequence.tagSet.tagImplicitly(
283        tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 16)
284        )
285
286class ExtendedRequest(univ.Sequence):
287    tagSet = univ.Sequence.tagSet.tagImplicitly(
288        tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 23)
289        )
290    componentType = namedtype.NamedTypes(
291        namedtype.NamedType('requestName', LDAPOID().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
292        namedtype.OptionalNamedType('requestValue', univ.OctetString().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
293        )
294
295class ExtendedResponse(univ.Sequence):
296    tagSet = univ.Sequence.tagSet.tagImplicitly(
297        tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 24)
298        )
299    componentType = namedtype.NamedTypes(
300        namedtype.NamedType('resultCode', univ.Enumerated(namedValues=namedval.NamedValues(('success', 0), ('operationsError', 1), ('protocolError', 2), ('timeLimitExceeded', 3), ('sizeLimitExceeded', 4), ('compareFalse', 5), ('compareTrue', 6), ('authMethodNotSupported', 7), ('strongAuthRequired', 8), ('reserved-9', 9), ('referral', 10), ('adminLimitExceeded', 11), ('unavailableCriticalExtension', 12), ('confidentialityRequired', 13), ('saslBindInProgress', 14), ('noSuchAttribute', 16), ('undefinedAttributeType', 17), ('inappropriateMatching', 18), ('constraintViolation', 19), ('attributeOrValueExists', 20), ('invalidAttributeSyntax', 21), ('noSuchObject', 32), ('aliasProblem', 33), ('invalidDNSyntax', 34), ('reserved-35', 35), ('aliasDereferencingProblem', 36), ('inappropriateAuthentication', 48), ('invalidCredentials', 49), ('insufficientAccessRights', 50), ('busy', 51), ('unavailable', 52), ('unwillingToPerform', 53), ('loopDetect', 54), ('namingViolation', 64), ('objectClassViolation', 65), ('notAllowedOnNonLeaf', 66), ('notAllowedOnRDN', 67), ('entryAlreadyExists', 68), ('objectClassModsProhibited', 69), ('reserved-70', 70), ('affectsMultipleDSAs', 71), ('other', 80), ('reserved-81', 81), ('reserved-82', 82), ('reserved-83', 83), ('reserved-84', 84), ('reserved-85', 85), ('reserved-86', 86), ('reserved-87', 87), ('reserved-88', 88), ('reserved-89', 89), ('reserved-90', 90)))),
301        namedtype.NamedType('matchedDN', LDAPDN()),
302        namedtype.NamedType('errorMessage', LDAPString()),
303        namedtype.OptionalNamedType('referral', Referral().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3))),
304
305        namedtype.OptionalNamedType('responseName', LDAPOID().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 10))),
306        namedtype.OptionalNamedType('response', univ.OctetString().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 11)))
307        )
308
309class MessageID(univ.Integer):
310    subtypeSpec = univ.Integer.subtypeSpec + constraint.ValueRangeConstraint(
311        0, maxInt
312        )
313
314class LDAPMessage(univ.Sequence):
315    componentType = namedtype.NamedTypes(
316        namedtype.NamedType('messageID', MessageID()),
317        namedtype.NamedType('protocolOp', univ.Choice(componentType=namedtype.NamedTypes(namedtype.NamedType('bindRequest', BindRequest()), namedtype.NamedType('bindResponse', BindResponse()), namedtype.NamedType('unbindRequest', UnbindRequest()), namedtype.NamedType('searchRequest', SearchRequest()), namedtype.NamedType('searchResEntry', SearchResultEntry()), namedtype.NamedType('searchResDone', SearchResultDone()), namedtype.NamedType('searchResRef', SearchResultReference()), namedtype.NamedType('modifyRequest', ModifyRequest()), namedtype.NamedType('modifyResponse', ModifyResponse()), namedtype.NamedType('addRequest', AddRequest()), namedtype.NamedType('addResponse', AddResponse()), namedtype.NamedType('delRequest', DelRequest()), namedtype.NamedType('delResponse', DelResponse()), namedtype.NamedType('modDNRequest', ModifyDNRequest()), namedtype.NamedType('modDNResponse', ModifyDNResponse()), namedtype.NamedType('compareRequest', CompareRequest()), namedtype.NamedType('compareResponse', CompareResponse()), namedtype.NamedType('abandonRequest', AbandonRequest()), namedtype.NamedType('extendedReq', ExtendedRequest()), namedtype.NamedType('extendedResp', ExtendedResponse())))),
318        namedtype.OptionalNamedType('controls', Controls().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0)))
319        )
320