TC       !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~   Safe-Inferred7The LDAPOID is a notational convenience to indicate that the permitted value of this string is a (UTF-8 encoded) dotted-decimal representation of an OBJECT IDENTIFIER. Although an LDAPOID is encoded as an OCTET STRING, values are limited to the definition of <numericoid> given in Section 1.4 of [RFC4512]. The LDAPString is a notational convenience to indicate that, although strings of LDAPString type encode as ASN.1 OCTET STRING types, the [ISO10646] character set (a superset of [Unicode]) is used, encoded following the UTF-8 [RFC3629] algorithm. (Section 4.1.2.)A RelativeLDAPDN is defined to be the representation of a Relative Distinguished Name (RDN) after encoding according to the specification in [RFC4514].An LDAPDN is defined to be the representation of a Distinguished Name (DN) after encoding according to the specification in [RFC4514].LDAP operation's result.RMatching rules are defined in Section 4.1.3 of [RFC4512]. A matching rule is identified in the protocol by the printable representation of either its  numericoid8 or one of its short name descriptors [RFC4512], e.g., caseIgnoreMatch or  '2.5.13.2'. (Section 4.1.8.)\QConditions that must be fulfilled in order for the Search to match a given entry.^Same as c for most servers_!Attribute is present in the entry`ORDERING or EQUALITY rule returns TRUEaORDERING rule returns FALSEbSUBSTR rule returns TRUEcEQUALITY rule returns TRUEdFilter evaluates to FALSEeAny filter evaluates to TRUEfAll filters evaluate to TRUEgAn indicator as to whether or not alias entries (as defined in [RFC4512]) are to be dereferenced during stages of the Search operation.hTDereference aliases both in searching and in locating the base object of the Search.i>Dereference aliases in locating the base object of the Search.j_While searching subordinates of the base object, dereference any alias within the search scope.kUDo not dereference aliases in searching or in locating the base object of the Search.l$Scope of the search to be performed.mIConstrained to the entry named by baseObject and to all its subordinates.nKConstrained to the immediate subordinates of the entry named by baseObject.o-Constrained to the entry named by baseObject.p,Not really a choice until SASL is supported.r=Server responses. The RFC doesn't make a difference between ~ and r8 but it's useful to distinguish between them in Haskell.~<Client requests. The RFC doesn't make a difference between ~ and r8 but it's useful to distinguish between them in Haskell.REvery message being processed has a unique non-zero integer ID. (Section 4.1.1.1.)"Message envelope. (Section 4.1.1.)  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~~r}|{zyxwvutspqlonmgkjih\fedcba`_^]Z[VYXWTURSPQNOLMJKHIFGEDCBA@?>=<;:9876543210/.-,+*)('&%$#"!        'EDCBA@?>=<;:9876543210/.-,+*)('&%$#"! FGHIJKLMNOPQRSTUVYXWZ[\ fedcba`_^]gkjihlonmpqr }|{zyxwvuts~ NoneConvert a LDAP type to ASN.1.NWhen it's relevant, instances include the part of RFC describing the encoding. 2AttributeList ::= SEQUENCE OF attribute Attribute MatchingRuleAssertion ::= SEQUENCE { matchingRule [1] MatchingRuleId OPTIONAL, type [2] AttributeDescription OPTIONAL, matchValue [3] AssertionValue, dnAttributes [4] BOOLEAN DEFAULT FALSE } 9SubstringFilter ::= SEQUENCE { type AttributeDescription, substrings SEQUENCE SIZE (1..MAX) OF substring CHOICE { initial [0] AssertionValue, -- can occur at most once any [1] AssertionValue, final [2] AssertionValue } -- can occur at most once }  Filter ::= CHOICE { and [0] SET SIZE (1..MAX) OF filter Filter, or [1] SET SIZE (1..MAX) OF filter Filter, not [2] Filter, equalityMatch [3] AttributeValueAssertion, substrings [4] SubstringFilter, greaterOrEqual [5] AttributeValueAssertion, lessOrEqual [6] AttributeValueAssertion, present [7] AttributeDescription, approxMatch [8] AttributeValueAssertion, extensibleMatch [9] MatchingRuleAssertion, ... } 7AttributeSelection ::= SEQUENCE OF selector LDAPString ]AuthenticationChoice ::= CHOICE { simple [0] OCTET STRING, ... }  BindRequest ::= [APPLICATION 0] SEQUENCE { version INTEGER (1 .. 127), name LDAPDN, authentication AuthenticationChoice }  'UnbindRequest ::= [APPLICATION 2] NULL  rSearchRequest ::= [APPLICATION 3] SEQUENCE { baseObject LDAPDN, scope ENUMERATED { baseObject (0), singleLevel (1), wholeSubtree (2), ... }, derefAliases ENUMERATED { neverDerefAliases (0), derefInSearching (1), derefFindingBaseObj (2), derefAlways (3) }, sizeLimit INTEGER (0 .. maxInt), timeLimit INTEGER (0 .. maxInt), typesOnly BOOLEAN, filter Filter, attributes AttributeSelection }  >ModifyRequest ::= [APPLICATION 6] SEQUENCE { object LDAPDN, changes SEQUENCE OF change SEQUENCE { operation ENUMERATED { add (0), delete (1), replace (2), ... }, modification PartialAttribute } }  lAddRequest ::= [APPLICATION 8] SEQUENCE { entry LDAPDN, attributes AttributeList }  'DelRequest ::= [APPLICATION 10] LDAPDN  ModifyDNRequest ::= [APPLICATION 12] SEQUENCE { entry LDAPDN, newrdn RelativeLDAPDN, deleteoldrdn BOOLEAN, newSuperior [0] LDAPDN OPTIONAL }  {CompareRequest ::= [APPLICATION 14] SEQUENCE { entry LDAPDN, ava AttributeValueAssertion } ExtendedRequest ::= [APPLICATION 23] SEQUENCE { requestName [0] LDAPOID, requestValue [1] OCTET STRING OPTIONAL } Control ::= SEQUENCE { controlType LDAPOID, criticality BOOLEAN DEFAULT FALSE, controlValue OCTET STRING OPTIONAL }  )Controls ::= SEQUENCE OF control Control  MatchingRuleId ::= LDAPString  VAttribute ::= PartialAttribute(WITH COMPONENTS { ..., vals (SIZE(1..MAX))})  tPartialAttribute ::= SEQUENCE { type AttributeDescription, vals SET OF value AttributeValue }   AssertionValue ::= OCTET STRING  xAttributeValueAssertion ::= SEQUENCE { attributeDesc AttributeDescription, assertionValue AssertionValue }   AttributeValue ::= OCTET STRING  $AttributeDescription ::= LDAPString  ARelativeLDAPDN ::= LDAPString -- Constrained to <name-component>  <LDAPDN ::= LDAPString -- Constrained to <distinguishedName>  8LDAPOID ::= OCTET STRING -- Constrained to <numericoid>  -LDAPString ::= OCTET STRING -- UTF-8 encoded  %MessageID ::= INTEGER (0 .. maxInt)  DLDAPMessage ::= SEQUENCE { messageID MessageID, protocolOp CHOICE { bindRequest BindRequest, bindResponse BindResponse, unbindRequest UnbindRequest, searchRequest SearchRequest, searchResEntry SearchResultEntry, searchResDone SearchResultDone, searchResRef SearchResultReference, addRequest AddRequest, addResponse AddResponse, ... }, controls [0] Controls OPTIONAL } "     !     None+%List of attributes and their values. f- is the structure these values are in, e.g. .Attribute value.Attribute name.&Response indicates a failed operation.LThe response contains a result code indicating failure and an error message.,LDAP server did not follow the protocol, so  ldap-client% couldn't make sense of the response.#Unique identifier of an LDAP entry.!Asynchronous LDAP operation. Use  or  to wait for its completion.DA token. All functions that interact with the Directory require one. LDAP host.LDAP over TLS. Use!NLDAP over TLS without the certificate validity check. Only use for testing!Plain LDAP. Do not use!Wait for operation completion.%Wait for operation completion inside . Do not use this inside the same  transaction the operation was requested in! To give LDAP the chance to respond to it that transaction should commit. After that, applying  to the corresponding  starts to make sense.*Terminate the connection to the Directory. Note that  does not return an ), because LDAP server never responds to  UnbindRequests, hence a call to  on a hypothetical - would have resulted in an exception anyway.*Terminate the connection to the Directory. Note that  does not return an ), because LDAP server never responds to  UnbindRequests, hence a call to  on a hypothetical - would have resulted in an exception anyway.!E !"#$%&'()*+,-./0123456789:;<=>?@ABCDEEEDCBA@?>=<;:9876543210/.-,+*)('&%$#"! NoneUser's password.1Perform the Bind operation synchronously. Raises  on failures.2Perform the Bind operation synchronously. Returns Left e where e is a  on failures.0Perform the Bind operation asynchronously. Call   to wait for its completion.*Perform the Bind operation asynchronously.$Don't wait for its completion (with 2) in the same transaction you've performed it in. NoneEntry found during the Search.QConditions that must be fulfilled in order for the Search to match a given entry.Extensible match Glob match5Attribute's value approximately matches the assertion8Attribute's value is equal to or less than the assertion;Attribute's value is equal to or greater than the assertion+Attribute's value is equal to the assertion!Attribute is present in the entryAny filter matches the entryAll filters match the entryFilter does not match the entrySearch modifier. Combine using   and/or ! instance.Search options. Use  to change some of those.3Perform the Search operation synchronously. Raises  on failures.4Perform the Search operation synchronously. Returns Left e where e is a  on failures.2Perform the Search operation asynchronously. Call   to wait for its completion.,Perform the Search operation asynchronously.$Don't wait for its completion (with 2) in the same transaction you've performed it in.Scope of the search (default:  WholeSubtree).^Maximum number of entries to be returned as a result of the Search. No limit if the value is 0 (default: 0).LMaximum time (in seconds) allowed for the Search. No limit if the value is 0 (default: 0).xWhether Search results are to contain just attribute descriptions, or both attribute descriptions and values (default: ").#Alias dereference policy (default: NeverDerefAliases).$#$%&'()*+,-.$ghijklmno$lonmgkjih #$%&'()*+,-.None A component of .%Type of modification being performed.kReplace all existing values of the attribute with the new list. Deletes the attribute if the list is empty.6Add values to the attribute, creating it if necessary.nDelete values from the attribute. Deletes the attribute if the list is empty or all current values are listed.3Perform the Modify operation synchronously. Raises  on failures.4Perform the Modify operation synchronously. Returns Left e where e is a  on failures.2Perform the Modify operation asynchronously. Call   to wait for its completion.,Perform the Modify operation asynchronously.$Don't wait for its completion (with 2) in the same transaction you've performed it in.6Perform the Modify DN operation synchronously. Raises  on failures.7Perform the Modify DN operation synchronously. Returns Left e where e is a  on failures.5Perform the Modify DN operation asynchronously. Call   to wait for its completion./Perform the Modify DN operation asynchronously.$Don't wait for its completion (with 2) in the same transaction you've performed it in./012/012None0Perform the Add operation synchronously. Raises  on failures.1Perform the Add operation synchronously. Returns Left e where e is a  on failures./Perform the Add operation asynchronously. Call   to wait for its completion.)Perform the Add operation asynchronously.$Don't wait for its completion (with 2) in the same transaction you've performed it in.3434 None3Perform the Delete operation synchronously. Raises  on failures.4Perform the Delete operation synchronously. Returns Left e where e is a  on failures.2Perform the Delete operation asynchronously. Call   to wait for its completion.,Perform the Delete operation asynchronously.$Don't wait for its completion (with 2) in the same transaction you've performed it in.5656 None4Perform the Compare operation synchronously. Raises  on failures.5Perform the Compare operation synchronously. Returns Left e where e is a  on failures.3Perform the Compare operation asynchronously. Call   to wait for its completion.-Perform the Compare operation asynchronously.$Don't wait for its completion (with 2) in the same transaction you've performed it in.7878 None 'Globally unique LDAP object identifier.5Perform the Extended operation synchronously. Raises  on failures.6Perform the Extended operation synchronously. Returns Left e where e is a  on failures.4Perform the Extended operation asynchronously. Call   to wait for its completion..Perform the Extended operation asynchronously.$Don't wait for its completion (with 2) in the same transaction you've performed it in.An example of Extended Operation, cf. .An example of Extended Operation, cf. .An example of Extended Operation, cf. .An example of Extended Operation, cf. . 9: 9: NoneASN.1 stream parsers.NWhen it's relevant, instances include the part of RFC describing the encoding.TConvert a part of ASN.1 stream to a LDAP type returning the remainder of the stream.; GPartialAttributeList ::= SEQUENCE OF partialAttribute PartialAttribute < BindResponse ::= [APPLICATION 1] SEQUENCE { COMPONENTS OF LDAPResult, serverSaslCreds [7] OCTET STRING OPTIONAL }  zSearchResultEntry ::= [APPLICATION 4] SEQUENCE { objectName LDAPDN, attributes PartialAttributeList }  gSearchResultReference ::= [APPLICATION 19] SEQUENCE SIZE (1..MAX) OF uri URI  0SearchResultDone ::= [APPLICATION 5] LDAPResult  .ModifyResponse ::= [APPLICATION 7] LDAPResult  +AddResponse ::= [APPLICATION 9] LDAPResult  ,DelResponse ::= [APPLICATION 11] LDAPResult  1ModifyDNResponse ::= [APPLICATION 13] LDAPResult  0CompareResponse ::= [APPLICATION 15] LDAPResult  ExtendedResponse ::= [APPLICATION 24] SEQUENCE { COMPONENTS OF LDAPResult, responseName [10] LDAPOID OPTIONAL, responseValue [11] OCTET STRING OPTIONAL } IntermediateResponse ::= [APPLICATION 25] SEQUENCE { responseName [0] LDAPOID OPTIONAL, responseValue [1] OCTET STRING OPTIONAL } = URI ::= LDAPString > /Referral ::= SEQUENCE SIZE (1..MAX) OF uri URI ? }LDAPResult ::= SEQUENCE { resultCode ENUMERATED { success (0), operationsError (1), protocolError (2), timeLimitExceeded (3), sizeLimitExceeded (4), compareFalse (5), compareTrue (6), authMethodNotSupported (7), strongerAuthRequired (8), -- 9 reserved -- referral (10), adminLimitExceeded (11), unavailableCriticalExtension (12), confidentialityRequired (13), saslBindInProgress (14), noSuchAttribute (16), undefinedAttributeType (17), inappropriateMatching (18), constraintViolation (19), attributeOrValueExists (20), invalidAttributeSyntax (21), -- 22-31 unused -- noSuchObject (32), aliasProblem (33), invalidDNSyntax (34), -- 35 reserved for undefined isLeaf -- aliasDereferencingProblem (36), -- 37-47 unused -- inappropriateAuthentication (48), invalidCredentials (49), insufficientAccessRights (50), busy (51), unavailable (52), unwillingToPerform (53), loopDetect (54), -- 55-63 unused -- namingViolation (64), objectClassViolation (65), notAllowedOnNonLeaf (66), notAllowedOnRDN (67), entryAlreadyExists (68), objectClassModsProhibited (69), -- 70 reserved for CLDAP -- affectsMultipleDSAs (71), -- 72-79 unused -- other (80), ... }, matchedDN LDAPDN, diagnosticMessage LDAPString, referral [3] Referral OPTIONAL } @ tPartialAttribute ::= SEQUENCE { type AttributeDescription, vals SET OF value AttributeValue } A  AttributeValue ::= OCTET STRING B $AttributeDescription ::= LDAPString C LDAPDN ::= LDAPString D 8LDAPOID ::= OCTET STRING -- Constrained to <numericoid> E .LDAPString ::= OCTET STRING -- UTF-8 encoded, F %MessageID ::= INTEGER (0 .. maxInt) G DLDAPMessage ::= SEQUENCE { messageID MessageID, protocolOp CHOICE { bindRequest BindRequest, bindResponse BindResponse, unbindRequest UnbindRequest, searchRequest SearchRequest, searchResEntry SearchResultEntry, searchResDone SearchResultDone, searchResRef SearchResultReference, addRequest AddRequest, addResponse AddResponse, ... }, controls [0] Controls OPTIONAL } HIJKLMNOPQRS;<=>?@ABCDEFGHIJKLMNOPQRS;<=>?@ABCDEFGNone+8Various failures that can happen when working with LDAP.*Notice of Disconnection has been received.An LDAP operation failed.,Invalid ASN.1 data received from the server.Network failure.The entrypoint into LDAP.'It catches all LDAP-related exceptions.TUVWXYZ[\]^m !"#$%&'()*+,-./0123456789:;<=>?@ABCDEghijklmnomEDCBA@?>=<;:9876543210/.-,+*)('&%$#"! lonmgkjih TUVWXYZ[\]^_  !!""##$$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMMNNOOPPQQRRSSTTUVWXYYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ Z]cdb          ! " # $ % & ' ( ) * + , - . / 0 1 2 3 4 4 5 6 7 8 9 : ; < = >??@@ABCDEFGHldap-client-0.1.0Ldap.Client.Internal Ldap.ClientLdap.Asn1.TypeLdap.Asn1.ToAsn1Ldap.Client.BindLdap.Client.SearchLdap.Client.ModifyLdap.Client.AddLdap.Client.DeleteLdap.Client.CompareLdap.Client.ExtendedLdap.Asn1.FromAsn1waitwaitSTMnetwork-2.6.0.2Network.Socket.Types PortNumbersemigroups-0.16.2.2Data.List.NonEmptyNonEmptyLdapOid LdapString OperationReplaceDeleteAddUri ReferralUrisRelativeLdapDnLdapDnPartialAttribute AttributeAssertionValueAttributeValueAssertionAttributeValueAttributeDescription ResultCodeOtherAffectsMultipleDSAsObjectClassModsProhibitedEntryAlreadyExistsNotAllowedOnRDNNotAllowedOnNonLeafObjectClassViolationNamingViolation LoopDetectUnwillingToPerform UnavailableBusyInsufficientAccessRightsInvalidCredentialsInappropriateAuthenticationAliasDereferencingProblemInvalidDNSyntax AliasProblem NoSuchObjectInvalidAttributeSyntaxAttributeOrValueExistsConstraintViolationInappropriateMatchingUndefinedAttributeTypeNoSuchAttributeSaslBindInProgressConfidentialityRequiredUnavailableCriticalExtensionAdminLimitExceededReferralStrongerAuthRequiredAuthMethodNotSupported CompareTrue CompareFalseSizeLimitExceededTimeLimitExceeded ProtocolErrorOperationErrorSuccess LdapResultControlControlsPartialAttributeList AttributeListAttributeSelectionMatchingRuleIdMatchingRuleAssertion SubstringFinalAnyInitialSubstringFilterFilterExtensibleMatch ApproxMatchPresent LessOrEqualGreaterOrEqual Substrings EqualityMatchNotOrAnd DerefAliases DerefAlwaysDerefFindingBaseObjectDerefInSearchingNeverDerefAliasesScope WholeSubtree SingleLevel BaseObjectAuthenticationChoiceSimpleProtocolServerOpIntermediateResponseExtendedResponseCompareResponseModifyDnResponseDeleteResponse AddResponseModifyResponseSearchResultDoneSearchResultReferenceSearchResultEntry BindResponseProtocolClientOpExtendedRequestCompareRequestModifyDnRequest DeleteRequest AddRequest ModifyRequest SearchRequest UnbindRequest BindRequestIdunId LdapMessage ldapMessageId ldapMessageOpldapMessageControlsToAsn1toAsn1AttrList AttrValueAttr ResponseErrorResponseErrorCodeResponseInvalidDnAsyncResponseRequest ClientMessageNewLdapclientHostSecureInsecurePlainunAttr sendRequestraise unbindAsyncunbindAsyncSTMPasswordbind bindEither bindAsync bindAsyncSTM SearchEntry::=:=*:~=:<=:>=:=ModSearchsearch searchEither searchAsyncsearchAsyncSTMscopesizetime typesOnly derefAliases RelativeDnmodify modifyEither modifyAsyncmodifyAsyncSTMmodifyDnmodifyDnEither modifyDnAsyncmodifyDnAsyncSTMadd addEitheraddAsync addAsyncSTMdelete deleteEither deleteAsyncdeleteAsyncSTMcompare compareEither compareAsynccompareAsyncSTMOidextendedextendedEither extendedAsyncextendedAsyncSTMstartTlsstartTlsEither startTlsAsyncstartTlsAsyncSTMFromAsn1 parseAsn1 LdapErrorDisconnectError ParseErrorIOErrorwith$fToAsn1AttributeList$fToAsn1MatchingRuleAssertion$fToAsn1SubstringFilter$fToAsn1Filter$fToAsn1AttributeSelection$fToAsn1AuthenticationChoice$fToAsn1ProtocolClientOp$fToAsn1Control$fToAsn1Controls$fToAsn1MatchingRuleId$fToAsn1Attribute$fToAsn1PartialAttribute$fToAsn1AssertionValue$fToAsn1AttributeValueAssertion$fToAsn1AttributeValue$fToAsn1AttributeDescription$fToAsn1RelativeLdapDn$fToAsn1LdapDn$fToAsn1LdapOid$fToAsn1LdapString $fToAsn1Id$fToAsn1LdapMessagesequenceset applicationcontext constructionotherenumsingle$fToAsn1NonEmpty $fToAsn1[]base GHC.Conc.SyncSTM InMessage writeRequest$fExceptionResponseError$fFunctorAsync bindRequest bindResultData.Semigroup Semigroup Data.MonoidMonoidghc-prim GHC.TypesFalse_scope _derefAliases_size_time _typesOnly searchRequest searchResult defaultSearch $fMonoidMod$fSemigroupMod modifyRequest modifyResultmodifyDnRequestmodifyDnResult addRequest addResult deleteRequest deleteResultcompareRequest compareResultextendedRequestextendedResult$fFromAsn1PartialAttributeList$fFromAsn1ProtocolServerOp $fFromAsn1Uri$fFromAsn1ReferralUris$fFromAsn1LdapResult$fFromAsn1PartialAttribute$fFromAsn1AttributeValue$fFromAsn1AttributeDescription$fFromAsn1LdapDn$fFromAsn1LdapOid$fFromAsn1LdapString $fFromAsn1Id$fFromAsn1LdapMessageParserunParserfromAsn1parsenext$fMonadPlusParser $fMonadParser$fAlternativeParser$fApplicativeParser$fFunctorParser $fFromAsn1(,) DisconnectWrappedIOErrornewLdapinputoutputdispatchwrap$fExceptionDisconnect$fExceptionWrappedIOError