asn1ct out of date?

> While working towards implementing an LDAP server I found that asn1ct does
> not appear to support the current LDAP asn.1 specification format.
>
> http://tools.ietf.org/html/rfc4511#appendix-B
>
> Attached is the modified ASN.1 for LDAP3 with the statements that cause the
> compile time errors commented out as: --##
>
> Of course, the modified asn file defines a protocol that is no longer
> "according to spec"
>
> /s
>
> --## Lightweight-Directory-Access-Protocol-V3 {1 3 6 1 1 18}
> -- Copyright (C) The Internet Society (2006).  This version of
> -- this ASN.1 module is part of RFC 4511; see the RFC itself
> -- for full legal notices.
> LDAP3
> DEFINITIONS
> IMPLICIT TAGS
> --## EXTENSIBILITY IMPLIED
>
> ::=
>
> BEGIN
>
> LDAPMessage ::= SEQUENCE {
>     messageID       MessageID,
>     protocolOp      CHOICE {
>          bindRequest           BindRequest,
>          bindResponse          BindResponse,
>          unbindRequest         UnbindRequest,
>          searchRequest         SearchRequest,
>          searchResEntry        SearchResultEntry,
>          searchResDone         SearchResultDone,
>          searchResRef          SearchResultReference,
>          modifyRequest         ModifyRequest,
>          modifyResponse        ModifyResponse,
>          addRequest            AddRequest,
>          addResponse           AddResponse,
>          delRequest            DelRequest,
>          delResponse           DelResponse,
>          modDNRequest          ModifyDNRequest,
>          modDNResponse         ModifyDNResponse,
>          compareRequest        CompareRequest,
>          compareResponse       CompareResponse,
>          abandonRequest        AbandonRequest,
>          extendedReq           ExtendedRequest,
>          extendedResp          ExtendedResponse,
>          ...,
>          intermediateResponse  IntermediateResponse },
>     controls       [0] Controls OPTIONAL }
>
> MessageID ::= INTEGER (0 ..  maxInt)
>
> maxInt INTEGER ::= 2147483647 -- (2^^31 - 1) --
>
> LDAPString ::= OCTET STRING -- UTF-8 encoded,
>                            -- [ISO10646] characters
>
> LDAPOID ::= OCTET STRING -- Constrained to <numericoid>
>                         -- [RFC4512]
>
> LDAPDN ::= LDAPString -- Constrained to <distinguishedName>
>                      -- [RFC4514]
>
> RelativeLDAPDN ::= LDAPString -- Constrained to <name-component>
>                              -- [RFC4514]
>
> AttributeDescription ::= LDAPString
>                        -- Constrained to <attributedescription>
>                        -- [RFC4512]
>
> AttributeValue ::= OCTET STRING
>
> AttributeValueAssertion ::= SEQUENCE {
>     attributeDesc   AttributeDescription,
>     assertionValue  AssertionValue }
>
> AssertionValue ::= OCTET STRING
>
> PartialAttribute ::= SEQUENCE {
>     type       AttributeDescription,
> --##     vals       SET OF value AttributeValue }
>     vals       SET OF AttributeValue }
>
> Attribute ::= PartialAttribute(WITH COMPONENTS {
>     ...,
>     vals (SIZE(1..MAX))})
>
> MatchingRuleId ::= LDAPString
>
> LDAPResult ::= SEQUENCE {
>     resultCode         ENUMERATED {
>          success                      (0),
>          operationsError              (1),
>          protocolError                (2),
>          timeLimitExceeded            (3),
>          sizeLimitExceeded            (4),
>          compareFalse                 (5),
>          compareTrue                  (6),
>          authMethodNotSupported       (7),
>          strongerAuthRequired         (8),
>               -- 9 reserved --
>          referral                     (10),
>          adminLimitExceeded           (11),
>          unavailableCriticalExtension (12),
>          confidentialityRequired      (13),
>          saslBindInProgress           (14),
>               -- 15??? --
>          noSuchAttribute              (16),
>          undefinedAttributeType       (17),
>          inappropriateMatching        (18),
>          constraintViolation          (19),
>          attributeOrValueExists       (20),
>          invalidAttributeSyntax       (21),
>               -- 22-31 unused --
>          noSuchObject                 (32),
>          aliasProblem                 (33),
>          invalidDNSyntax              (34),
>               -- 35 reserved for undefined isLeaf --
>          aliasDereferencingProblem    (36),
>               -- 37-47 unused --
>          inappropriateAuthentication  (48),
>          invalidCredentials           (49),
>          insufficientAccessRights     (50),
>          busy                         (51),
>          unavailable                  (52),
>          unwillingToPerform           (53),
>          loopDetect                   (54),
>               -- 55-63 unused --
>          namingViolation              (64),
>          objectClassViolation         (65),
>          notAllowedOnNonLeaf          (66),
>          notAllowedOnRDN              (67),
>          entryAlreadyExists           (68),
>          objectClassModsProhibited    (69),
>               -- 70 reserved for CLDAP --
>          affectsMultipleDSAs          (71),
>               -- 72-79 unused --
>          other                        (80)
> --##         ...
>          },
>     matchedDN          LDAPDN,
>     diagnosticMessage  LDAPString,
>     referral           [3] Referral OPTIONAL }
>
> --## Referral ::= SEQUENCE SIZE (1..MAX) OF uri URI
> Referral ::= SEQUENCE OF URI
>
> URI ::= LDAPString     -- limited to characters permitted in
>                       -- URIs
>
> --## Controls ::= SEQUENCE OF control Control
> Controls ::= SEQUENCE OF Control
>
> Control ::= SEQUENCE {
>     controlType             LDAPOID,
>     criticality             BOOLEAN DEFAULT FALSE,
>     controlValue            OCTET STRING OPTIONAL }
>
> BindRequest ::= [APPLICATION 0] SEQUENCE {
>     version                 INTEGER (1 ..  127),
>     name                    LDAPDN,
>     authentication          AuthenticationChoice }
>
> AuthenticationChoice ::= CHOICE {
>     simple                  [0] OCTET STRING,
>                             -- 1 and 2 reserved
>     sasl                    [3] SaslCredentials,
>     ...  }
>
> SaslCredentials ::= SEQUENCE {
>     mechanism               LDAPString,
>     credentials             OCTET STRING OPTIONAL }
>
> BindResponse ::= [APPLICATION 1] SEQUENCE {
>     COMPONENTS OF LDAPResult,
>     serverSaslCreds    [7] OCTET STRING OPTIONAL }
>
> UnbindRequest ::= [APPLICATION 2] NULL
>
> SearchRequest ::= [APPLICATION 3] SEQUENCE {
>     baseObject      LDAPDN,
>     scope           ENUMERATED {
>          baseObject              (0),
>          singleLevel             (1),
>          wholeSubtree            (2),
>          ...  },
>     derefAliases    ENUMERATED {
>          neverDerefAliases       (0),
>          derefInSearching        (1),
>          derefFindingBaseObj     (2),
>          derefAlways             (3) },
>     sizeLimit       INTEGER (0 ..  maxInt),
>     timeLimit       INTEGER (0 ..  maxInt),
>     typesOnly       BOOLEAN,
>     filter          Filter,
>     attributes      AttributeSelection }
>
> --## AttributeSelection ::= SEQUENCE OF selector LDAPString
> AttributeSelection ::= SEQUENCE OF LDAPString
>               -- The LDAPString is constrained to
>               -- <attributeSelector> in Section 4.5.1.8
>
> Filter ::= CHOICE {
> --##     and             [0] SET SIZE (1..MAX) OF filter Filter,
> --##     or              [1] SET SIZE (1..MAX) OF filter Filter,
>     and             [0] SET OF Filter,
>     or              [1] SET OF Filter,
>     not             [2] Filter,
>     equalityMatch   [3] AttributeValueAssertion,
>     substrings      [4] SubstringFilter,
>     greaterOrEqual  [5] AttributeValueAssertion,
>     lessOrEqual     [6] AttributeValueAssertion,
>     present         [7] AttributeDescription,
>     approxMatch     [8] AttributeValueAssertion,
>     extensibleMatch [9] MatchingRuleAssertion,
>     ...  }
>
> SubstringFilter ::= SEQUENCE {
>     type           AttributeDescription,
> --##     substrings     SEQUENCE SIZE (1..MAX) OF substring CHOICE {
>     substrings     SEQUENCE OF CHOICE {
>          initial [0] AssertionValue,  -- can occur at most once
>          any     [1] AssertionValue,
>          final   [2] AssertionValue } -- can occur at most once
>     }
>
> MatchingRuleAssertion ::= SEQUENCE {
>     matchingRule    [1] MatchingRuleId OPTIONAL,
>     type            [2] AttributeDescription OPTIONAL,
>     matchValue      [3] AssertionValue,
>     dnAttributes    [4] BOOLEAN DEFAULT FALSE }
>
> SearchResultEntry ::= [APPLICATION 4] SEQUENCE {
>     objectName      LDAPDN,
>     attributes      PartialAttributeList }
>
> PartialAttributeList ::= SEQUENCE OF PartialAttribute
> --##                     partialAttribute PartialAttribute
>
> SearchResultReference ::= [APPLICATION 19] SEQUENCE OF URI
> --##                          SIZE (1..MAX) OF uri URI
>
> SearchResultDone ::= [APPLICATION 5] LDAPResult
>
> ModifyRequest ::= [APPLICATION 6] SEQUENCE {
>     object          LDAPDN,
> --##     changes         SEQUENCE OF change SEQUENCE {
>     changes         SEQUENCE OF SEQUENCE {
>          operation       ENUMERATED {
>               add     (0),
>               delete  (1),
>               replace (2),
>               ...  },
>          modification    PartialAttribute } }
>
> ModifyResponse ::= [APPLICATION 7] LDAPResult
>
> AddRequest ::= [APPLICATION 8] SEQUENCE {
>     entry           LDAPDN,
>     attributes      AttributeList }
>
> --## AttributeList ::= SEQUENCE OF attribute Attribute
> AttributeList ::= SEQUENCE OF Attribute
>
> AddResponse ::= [APPLICATION 9] LDAPResult
>
> DelRequest ::= [APPLICATION 10] LDAPDN
>
> DelResponse ::= [APPLICATION 11] LDAPResult
>
> ModifyDNRequest ::= [APPLICATION 12] SEQUENCE {
>     entry           LDAPDN,
>     newrdn          RelativeLDAPDN,
>     deleteoldrdn    BOOLEAN,
>     newSuperior     [0] LDAPDN OPTIONAL }
>
> ModifyDNResponse ::= [APPLICATION 13] LDAPResult
>
> CompareRequest ::= [APPLICATION 14] SEQUENCE {
>     entry           LDAPDN,
>     ava             AttributeValueAssertion }
>
> CompareResponse ::= [APPLICATION 15] LDAPResult
>
> AbandonRequest ::= [APPLICATION 16] MessageID
>
> ExtendedRequest ::= [APPLICATION 23] SEQUENCE {
>     requestName      [0] LDAPOID,
>     requestValue     [1] OCTET STRING OPTIONAL }
>
> ExtendedResponse ::= [APPLICATION 24] SEQUENCE {
>     COMPONENTS OF LDAPResult,
>     responseName     [10] LDAPOID OPTIONAL,
>     responseValue    [11] OCTET STRING OPTIONAL }
>
> IntermediateResponse ::= [APPLICATION 25] SEQUENCE {
>     responseName     [0] LDAPOID OPTIONAL,
>     responseValue    [1] OCTET STRING OPTIONAL }
>
> END
>
>
> ________________________________________________________________
> erlang-bugs mailing list. See http://www.erlang.org/faq.html
> erlang-bugs (at) erlang.org
>

> Hi,
>
> This isa new LDAP ASN.1 spec that I have not seen before.
> The previous ones has passed the Erlang ASN.1 compiler without problems.
>
> The Erlang ASN.1 compiler does not support everything in the 2002
> standard of ASN.1 and there might also be limitations vs the 1997
> standard.
>
> We have implemented the constructs that we have seen need for because
> they have occured in specifications used by our customers.
>
> This is the firs time I see use of:
>
> EXSTENSIBILITY IMPLIED, % I will implement that  soon, quite easy
> SEQUENCE OF NamedType which is equivalent to
> SEQUENCE OF identifier Type % I will implement that too,the
> identifier is of no real use as I understand it except maybe if the
> XML encoding rules and value notation is to be used. And
> we don't support them now.
>
> SET OF identifier Type % will implement that too, same as SEQUENCE OF
>
> SEQUENCE SIZE (1..MAX) OF uri URI % I can't see that this is allowed
> syntax in any version of ASN.1?
>
> /Kenneth , Erlang/OTP Ericsson
>
> On Sun, Nov 8, 2009 at 4:38 PM, Steve Davis
> <steven.charles.davis@...> wrote:
>> While working towards implementing an LDAP server I found that asn1ct does
>> not appear to support the current LDAP asn.1 specification format.
>>
>> http://tools.ietf.org/html/rfc4511#appendix-B
>>
>> Attached is the modified ASN.1 for LDAP3 with the statements that cause the
>> compile time errors commented out as: --##
>>
>> Of course, the modified asn file defines a protocol that is no longer
>> "according to spec"
>>

> Hi again,
>
> I was a bit quick in the last answer regarding the SEQUENCE SIZE() OF construct.
> This construct is already supported, but not the NamedType following
> the OF keyword.
> This is the same limitation as the plain SEQUENCE OF which also did
> not support NamedType.
>
> By the way thanks for the bug-report.
> I will correct and add this functionality in the next release.
>
> I also think that your changes in the ASN.1 spec in order to let it
> through the compiler is
> perfectly ok because they will have no impact on the BER encoding
> (which is used in LDAP).
>
> /Kenneth
>
> On Fri, Dec 4, 2009 at 1:52 PM, Kenneth Lundin <kenneth.lundin@...> wrote:
>> Hi,
>>
>> This isa new LDAP ASN.1 spec that I have not seen before.
>> The previous ones has passed the Erlang ASN.1 compiler without problems.
>>
>> The Erlang ASN.1 compiler does not support everything in the 2002
>> standard of ASN.1 and there might also be limitations vs the 1997
>> standard.
>>
>> We have implemented the constructs that we have seen need for because
>> they have occured in specifications used by our customers.
>>
>> This is the firs time I see use of:
>>
>> EXSTENSIBILITY IMPLIED, % I will implement that  soon, quite easy
>> SEQUENCE OF NamedType which is equivalent to
>> SEQUENCE OF identifier Type % I will implement that too,the
>> identifier is of no real use as I understand it except maybe if the
>> XML encoding rules and value notation is to be used. And
>> we don't support them now.
>>
>> SET OF identifier Type % will implement that too, same as SEQUENCE OF
>>
>> SEQUENCE SIZE (1..MAX) OF uri URI % I can't see that this is allowed
>> syntax in any version of ASN.1?
>>
>> /Kenneth , Erlang/OTP Ericsson
>>
>> On Sun, Nov 8, 2009 at 4:38 PM, Steve Davis
>> <steven.charles.davis@...> wrote:
>>> While working towards implementing an LDAP server I found that asn1ct does
>>> not appear to support the current LDAP asn.1 specification format.
>>>
>>> http://tools.ietf.org/html/rfc4511#appendix-B
>>>
>>> Attached is the modified ASN.1 for LDAP3 with the statements that cause the
>>> compile time errors commented out as: --##
>>>
>>> Of course, the modified asn file defines a protocol that is no longer
>>> "according to spec"
>>>
>