-- Hoogle documentation, generated by Haddock
-- See Hoogle, http://www.haskell.org/hoogle/


-- | Pure Haskell LDAP Client Library
--   
--   Pure Haskell LDAP client library implementing (the parts of) RFC 4511.
@package ldap-client
@version 0.2.0

module Ldap.Asn1.Type

-- | Message envelope. (Section 4.1.1.)
data LdapMessage op
LdapMessage :: !Id -> !op -> !(Maybe Controls) -> LdapMessage op
[ldapMessageId] :: LdapMessage op -> !Id
[ldapMessageOp] :: LdapMessage op -> !op
[ldapMessageControls] :: LdapMessage op -> !(Maybe Controls)

-- | Every message being processed has a unique non-zero integer ID.
--   (Section 4.1.1.1.)
newtype Id
Id :: Int32 -> Id
[unId] :: Id -> Int32

-- | Client requests. The RFC doesn't make a difference between
--   <a>ProtocolClientOp</a> and <a>ProtocolServerOp</a> but it's useful to
--   distinguish between them in Haskell.
data ProtocolClientOp
BindRequest :: !Int8 -> !LdapDn -> !AuthenticationChoice -> ProtocolClientOp
UnbindRequest :: ProtocolClientOp
SearchRequest :: !LdapDn -> !Scope -> !DerefAliases -> !Int32 -> !Int32 -> !Bool -> !Filter -> !AttributeSelection -> ProtocolClientOp
ModifyRequest :: !LdapDn -> ![(Operation, PartialAttribute)] -> ProtocolClientOp
AddRequest :: !LdapDn -> !AttributeList -> ProtocolClientOp
DeleteRequest :: !LdapDn -> ProtocolClientOp
ModifyDnRequest :: !LdapDn -> !RelativeLdapDn -> !Bool -> !(Maybe LdapDn) -> ProtocolClientOp
CompareRequest :: !LdapDn -> !AttributeValueAssertion -> ProtocolClientOp
ExtendedRequest :: !LdapOid -> !(Maybe ByteString) -> ProtocolClientOp

-- | Server responses. The RFC doesn't make a difference between
--   <a>ProtocolClientOp</a> and <a>ProtocolServerOp</a> but it's useful to
--   distinguish between them in Haskell.
data ProtocolServerOp
BindResponse :: !LdapResult -> !(Maybe ByteString) -> ProtocolServerOp
SearchResultEntry :: !LdapDn -> !PartialAttributeList -> ProtocolServerOp
SearchResultReference :: !(NonEmpty Uri) -> ProtocolServerOp
SearchResultDone :: !LdapResult -> ProtocolServerOp
ModifyResponse :: !LdapResult -> ProtocolServerOp
AddResponse :: !LdapResult -> ProtocolServerOp
DeleteResponse :: !LdapResult -> ProtocolServerOp
ModifyDnResponse :: !LdapResult -> ProtocolServerOp
CompareResponse :: !LdapResult -> ProtocolServerOp
ExtendedResponse :: !LdapResult -> !(Maybe LdapOid) -> !(Maybe ByteString) -> ProtocolServerOp
IntermediateResponse :: !(Maybe LdapOid) -> !(Maybe ByteString) -> ProtocolServerOp

-- | Not really a choice until SASL is supported.
data AuthenticationChoice
Simple :: !ByteString -> AuthenticationChoice
Sasl :: !SaslMechanism -> !(Maybe Text) -> AuthenticationChoice

-- | SASL Mechanism, for now only SASL EXTERNAL is supported
data SaslMechanism
External :: SaslMechanism

-- | Scope of the search to be performed.
data Scope

-- | Constrained to the entry named by baseObject.
BaseObject :: Scope

-- | Constrained to the immediate subordinates of the entry named by
--   baseObject.
SingleLevel :: Scope

-- | Constrained to the entry named by baseObject and to all its
--   subordinates.
WholeSubtree :: Scope

-- | An indicator as to whether or not alias entries (as defined in
--   [RFC4512]) are to be dereferenced during stages of the Search
--   operation.
data DerefAliases

-- | Do not dereference aliases in searching or in locating the base object
--   of the Search.
NeverDerefAliases :: DerefAliases

-- | While searching subordinates of the base object, dereference any alias
--   within the search scope.
DerefInSearching :: DerefAliases

-- | Dereference aliases in locating the base object of the Search.
DerefFindingBaseObject :: DerefAliases

-- | Dereference aliases both in searching and in locating the base object
--   of the Search.
DerefAlways :: DerefAliases

-- | Conditions that must be fulfilled in order for the Search to match a
--   given entry.
data Filter

-- | All filters evaluate to <tt>TRUE</tt>
And :: !(NonEmpty Filter) -> Filter

-- | Any filter evaluates to <tt>TRUE</tt>
Or :: !(NonEmpty Filter) -> Filter

-- | Filter evaluates to <tt>FALSE</tt>
Not :: !Filter -> Filter

-- | <tt>EQUALITY</tt> rule returns <tt>TRUE</tt>
EqualityMatch :: !AttributeValueAssertion -> Filter

-- | <tt>SUBSTR</tt> rule returns <tt>TRUE</tt>
Substrings :: !SubstringFilter -> Filter

-- | <tt>ORDERING</tt> rule returns <tt>FALSE</tt>
GreaterOrEqual :: !AttributeValueAssertion -> Filter

-- | <tt>ORDERING</tt> or <tt>EQUALITY</tt> rule returns <tt>TRUE</tt>
LessOrEqual :: !AttributeValueAssertion -> Filter

-- | Attribute is present in the entry
Present :: !AttributeDescription -> Filter

-- | Same as <a>EqualityMatch</a> for most servers
ApproxMatch :: !AttributeValueAssertion -> Filter
ExtensibleMatch :: !MatchingRuleAssertion -> Filter
data SubstringFilter
SubstringFilter :: !AttributeDescription -> !(NonEmpty Substring) -> SubstringFilter
data Substring
Initial :: !AssertionValue -> Substring
Any :: !AssertionValue -> Substring
Final :: !AssertionValue -> Substring
data MatchingRuleAssertion
MatchingRuleAssertion :: !(Maybe MatchingRuleId) -> !(Maybe AttributeDescription) -> !AssertionValue -> !Bool -> MatchingRuleAssertion

-- | Matching rules are defined in Section 4.1.3 of [RFC4512]. A matching
--   rule is identified in the protocol by the printable representation of
--   either its <a>numericoid</a> or one of its short name descriptors
--   [RFC4512], e.g., <tt>caseIgnoreMatch</tt> or '2.5.13.2'. (Section
--   4.1.8.)
newtype MatchingRuleId
MatchingRuleId :: LdapString -> MatchingRuleId
newtype AttributeSelection
AttributeSelection :: [LdapString] -> AttributeSelection
newtype AttributeList
AttributeList :: [Attribute] -> AttributeList
newtype PartialAttributeList
PartialAttributeList :: [PartialAttribute] -> PartialAttributeList
newtype Controls
Controls :: [Control] -> Controls
data Control
Control :: !LdapOid -> !Bool -> !(Maybe ByteString) -> Control
data LdapResult
LdapResult :: !ResultCode -> !LdapDn -> !LdapString -> !(Maybe ReferralUris) -> LdapResult

-- | LDAP operation's result.
data ResultCode
Success :: ResultCode
OperationError :: ResultCode
ProtocolError :: ResultCode
TimeLimitExceeded :: ResultCode
SizeLimitExceeded :: ResultCode
CompareFalse :: ResultCode
CompareTrue :: ResultCode
AuthMethodNotSupported :: ResultCode
StrongerAuthRequired :: ResultCode
Referral :: ResultCode
AdminLimitExceeded :: ResultCode
UnavailableCriticalExtension :: ResultCode
ConfidentialityRequired :: ResultCode
SaslBindInProgress :: ResultCode
NoSuchAttribute :: ResultCode
UndefinedAttributeType :: ResultCode
InappropriateMatching :: ResultCode
ConstraintViolation :: ResultCode
AttributeOrValueExists :: ResultCode
InvalidAttributeSyntax :: ResultCode
NoSuchObject :: ResultCode
AliasProblem :: ResultCode
InvalidDNSyntax :: ResultCode
AliasDereferencingProblem :: ResultCode
InappropriateAuthentication :: ResultCode
InvalidCredentials :: ResultCode
InsufficientAccessRights :: ResultCode
Busy :: ResultCode
Unavailable :: ResultCode
UnwillingToPerform :: ResultCode
LoopDetect :: ResultCode
NamingViolation :: ResultCode
ObjectClassViolation :: ResultCode
NotAllowedOnNonLeaf :: ResultCode
NotAllowedOnRDN :: ResultCode
EntryAlreadyExists :: ResultCode
ObjectClassModsProhibited :: ResultCode
AffectsMultipleDSAs :: ResultCode
Other :: ResultCode
newtype AttributeDescription
AttributeDescription :: LdapString -> AttributeDescription
newtype AttributeValue
AttributeValue :: ByteString -> AttributeValue
data AttributeValueAssertion
AttributeValueAssertion :: !AttributeDescription -> !AssertionValue -> AttributeValueAssertion
newtype AssertionValue
AssertionValue :: ByteString -> AssertionValue
data Attribute
Attribute :: !AttributeDescription -> !(NonEmpty AttributeValue) -> Attribute
data PartialAttribute
PartialAttribute :: !AttributeDescription -> ![AttributeValue] -> PartialAttribute

-- | An LDAPDN is defined to be the representation of a Distinguished Name
--   (DN) after encoding according to the specification in [RFC4514].
newtype LdapDn
LdapDn :: LdapString -> LdapDn

-- | A RelativeLDAPDN is defined to be the representation of a Relative
--   Distinguished Name (RDN) after encoding according to the specification
--   in [RFC4514].
newtype RelativeLdapDn
RelativeLdapDn :: LdapString -> RelativeLdapDn
newtype ReferralUris
ReferralUris :: (NonEmpty Uri) -> ReferralUris
newtype Uri
Uri :: LdapString -> Uri
data Operation
Add :: Operation
Delete :: Operation
Replace :: Operation

-- | The LDAPString is a notational convenience to indicate that, although
--   strings of LDAPString type encode as ASN.1 OCTET STRING types, the
--   [ISO10646] character set (a superset of [Unicode]) is used, encoded
--   following the UTF-8 [RFC3629] algorithm. (Section 4.1.2.)
newtype LdapString
LdapString :: Text -> LdapString

-- | The LDAPOID is a notational convenience to indicate that the permitted
--   value of this string is a (UTF-8 encoded) dotted-decimal
--   representation of an OBJECT IDENTIFIER. Although an LDAPOID is encoded
--   as an OCTET STRING, values are limited to the definition of
--   &lt;numericoid&gt; given in Section 1.4 of [RFC4512].
newtype LdapOid
LdapOid :: Text -> LdapOid
instance GHC.Classes.Eq Ldap.Asn1.Type.ProtocolClientOp
instance GHC.Show.Show Ldap.Asn1.Type.ProtocolClientOp
instance GHC.Classes.Eq Ldap.Asn1.Type.ProtocolServerOp
instance GHC.Show.Show Ldap.Asn1.Type.ProtocolServerOp
instance GHC.Classes.Eq op => GHC.Classes.Eq (Ldap.Asn1.Type.LdapMessage op)
instance GHC.Show.Show op => GHC.Show.Show (Ldap.Asn1.Type.LdapMessage op)
instance GHC.Classes.Eq Ldap.Asn1.Type.Controls
instance GHC.Show.Show Ldap.Asn1.Type.Controls
instance GHC.Classes.Eq Ldap.Asn1.Type.Control
instance GHC.Show.Show Ldap.Asn1.Type.Control
instance GHC.Classes.Eq Ldap.Asn1.Type.LdapOid
instance GHC.Show.Show Ldap.Asn1.Type.LdapOid
instance GHC.Classes.Eq Ldap.Asn1.Type.Filter
instance GHC.Show.Show Ldap.Asn1.Type.Filter
instance GHC.Classes.Eq Ldap.Asn1.Type.MatchingRuleAssertion
instance GHC.Show.Show Ldap.Asn1.Type.MatchingRuleAssertion
instance GHC.Classes.Eq Ldap.Asn1.Type.MatchingRuleId
instance GHC.Show.Show Ldap.Asn1.Type.MatchingRuleId
instance GHC.Classes.Eq Ldap.Asn1.Type.AttributeSelection
instance GHC.Show.Show Ldap.Asn1.Type.AttributeSelection
instance GHC.Classes.Eq Ldap.Asn1.Type.LdapResult
instance GHC.Show.Show Ldap.Asn1.Type.LdapResult
instance GHC.Classes.Eq Ldap.Asn1.Type.SubstringFilter
instance GHC.Show.Show Ldap.Asn1.Type.SubstringFilter
instance GHC.Classes.Eq Ldap.Asn1.Type.AttributeValueAssertion
instance GHC.Show.Show Ldap.Asn1.Type.AttributeValueAssertion
instance GHC.Classes.Eq Ldap.Asn1.Type.AttributeList
instance GHC.Show.Show Ldap.Asn1.Type.AttributeList
instance GHC.Classes.Eq Ldap.Asn1.Type.Attribute
instance GHC.Show.Show Ldap.Asn1.Type.Attribute
instance GHC.Classes.Eq Ldap.Asn1.Type.PartialAttributeList
instance GHC.Show.Show Ldap.Asn1.Type.PartialAttributeList
instance GHC.Classes.Eq Ldap.Asn1.Type.PartialAttribute
instance GHC.Show.Show Ldap.Asn1.Type.PartialAttribute
instance GHC.Classes.Eq Ldap.Asn1.Type.AttributeDescription
instance GHC.Show.Show Ldap.Asn1.Type.AttributeDescription
instance GHC.Classes.Eq Ldap.Asn1.Type.LdapDn
instance GHC.Show.Show Ldap.Asn1.Type.LdapDn
instance GHC.Classes.Eq Ldap.Asn1.Type.RelativeLdapDn
instance GHC.Show.Show Ldap.Asn1.Type.RelativeLdapDn
instance GHC.Classes.Eq Ldap.Asn1.Type.ReferralUris
instance GHC.Show.Show Ldap.Asn1.Type.ReferralUris
instance GHC.Classes.Eq Ldap.Asn1.Type.Uri
instance GHC.Show.Show Ldap.Asn1.Type.Uri
instance GHC.Classes.Eq Ldap.Asn1.Type.LdapString
instance GHC.Show.Show Ldap.Asn1.Type.LdapString
instance GHC.Classes.Eq Ldap.Asn1.Type.Operation
instance GHC.Show.Show Ldap.Asn1.Type.Operation
instance GHC.Classes.Eq Ldap.Asn1.Type.Substring
instance GHC.Show.Show Ldap.Asn1.Type.Substring
instance GHC.Classes.Eq Ldap.Asn1.Type.AssertionValue
instance GHC.Show.Show Ldap.Asn1.Type.AssertionValue
instance GHC.Classes.Eq Ldap.Asn1.Type.AttributeValue
instance GHC.Show.Show Ldap.Asn1.Type.AttributeValue
instance GHC.Classes.Eq Ldap.Asn1.Type.ResultCode
instance GHC.Show.Show Ldap.Asn1.Type.ResultCode
instance GHC.Classes.Eq Ldap.Asn1.Type.DerefAliases
instance GHC.Show.Show Ldap.Asn1.Type.DerefAliases
instance GHC.Classes.Eq Ldap.Asn1.Type.Scope
instance GHC.Show.Show Ldap.Asn1.Type.Scope
instance GHC.Classes.Eq Ldap.Asn1.Type.AuthenticationChoice
instance GHC.Show.Show Ldap.Asn1.Type.AuthenticationChoice
instance GHC.Classes.Eq Ldap.Asn1.Type.SaslMechanism
instance GHC.Show.Show Ldap.Asn1.Type.SaslMechanism
instance GHC.Classes.Ord Ldap.Asn1.Type.Id
instance GHC.Classes.Eq Ldap.Asn1.Type.Id
instance GHC.Show.Show Ldap.Asn1.Type.Id

module Ldap.Client.Internal

-- | LDAP host.
data Host

-- | Plain LDAP.
Plain :: String -> Host

-- | LDAP over TLS.
Tls :: String -> TLSSettings -> Host

-- | Use the <tt>Num</tt> instance (i.e. use a literal) to create a
--   <tt>PortNumber</tt> value with the correct network-byte-ordering. You
--   should not use the PortNum constructor. It will be removed in the next
--   release.
--   
--   <pre>
--   &gt;&gt;&gt; 1 :: PortNumber
--   1
--   
--   &gt;&gt;&gt; read "1" :: PortNumber
--   1
--   </pre>
data PortNumber :: *

-- | A token. All functions that interact with the Directory require one.
newtype Ldap
Ldap :: TQueue ClientMessage -> Ldap
[client] :: Ldap -> TQueue ClientMessage
data ClientMessage
New :: !Request -> !(TMVar (NonEmpty ProtocolServerOp)) -> ClientMessage

-- | LDAP operation's result.
data ResultCode
Success :: ResultCode
OperationError :: ResultCode
ProtocolError :: ResultCode
TimeLimitExceeded :: ResultCode
SizeLimitExceeded :: ResultCode
CompareFalse :: ResultCode
CompareTrue :: ResultCode
AuthMethodNotSupported :: ResultCode
StrongerAuthRequired :: ResultCode
Referral :: ResultCode
AdminLimitExceeded :: ResultCode
UnavailableCriticalExtension :: ResultCode
ConfidentialityRequired :: ResultCode
SaslBindInProgress :: ResultCode
NoSuchAttribute :: ResultCode
UndefinedAttributeType :: ResultCode
InappropriateMatching :: ResultCode
ConstraintViolation :: ResultCode
AttributeOrValueExists :: ResultCode
InvalidAttributeSyntax :: ResultCode
NoSuchObject :: ResultCode
AliasProblem :: ResultCode
InvalidDNSyntax :: ResultCode
AliasDereferencingProblem :: ResultCode
InappropriateAuthentication :: ResultCode
InvalidCredentials :: ResultCode
InsufficientAccessRights :: ResultCode
Busy :: ResultCode
Unavailable :: ResultCode
UnwillingToPerform :: ResultCode
LoopDetect :: ResultCode
NamingViolation :: ResultCode
ObjectClassViolation :: ResultCode
NotAllowedOnNonLeaf :: ResultCode
NotAllowedOnRDN :: ResultCode
EntryAlreadyExists :: ResultCode
ObjectClassModsProhibited :: ResultCode
AffectsMultipleDSAs :: ResultCode
Other :: ResultCode

-- | Asynchronous LDAP operation. Use <a>wait</a> or <a>waitSTM</a> to wait
--   for its completion.
data Async a

-- | List of attributes and their values. <tt>f</tt> is the structure these
--   values are in, e.g. <a>NonEmpty</a>.
type AttrList f = [(Attr, f AttrValue)]

-- | Wait for operation completion.
wait :: Async a -> IO (Either ResponseError a)

-- | Wait for operation completion inside <a>STM</a>.
--   
--   Do not use this inside the same <a>STM</a> transaction the operation
--   was requested in! To give LDAP the chance to respond to it that
--   transaction should commit. After that, applying <a>waitSTM</a> to the
--   corresponding <a>Async</a> starts to make sense.
waitSTM :: Async a -> STM (Either ResponseError a)
type Response = NonEmpty InMessage

-- | Response indicates a failed operation.
data ResponseError

-- | LDAP server did not follow the protocol, so <tt>ldap-client</tt>
--   couldn't make sense of the response.
ResponseInvalid :: !Request -> !Response -> ResponseError

-- | The response contains a result code indicating failure and an error
--   message.
ResponseErrorCode :: !Request -> !ResultCode -> !Dn -> !Text -> ResponseError
type Request = ProtocolClientOp
raise :: Exception e => Either e a -> IO a
sendRequest :: Ldap -> (Response -> Either ResponseError a) -> Request -> STM (Async a)

-- | Unique identifier of an LDAP entry.
newtype Dn
Dn :: Text -> Dn

-- | Attribute name.
newtype Attr
Attr :: Text -> Attr

-- | Attribute value.
type AttrValue = ByteString
unAttr :: Attr -> Text

-- | Terminate the connection to the Directory.
--   
--   Note that <a>unbindAsync</a> does not return an <a>Async</a>, because
--   LDAP server never responds to <tt>UnbindRequest</tt>s, hence a call to
--   <a>wait</a> on a hypothetical <a>Async</a> would have resulted in an
--   exception anyway.
unbindAsync :: Ldap -> IO ()

-- | Terminate the connection to the Directory.
--   
--   Note that <a>unbindAsyncSTM</a> does not return an <a>Async</a>,
--   because LDAP server never responds to <tt>UnbindRequest</tt>s, hence a
--   call to <a>wait</a> on a hypothetical <a>Async</a> would have resulted
--   in an exception anyway.
unbindAsyncSTM :: Ldap -> STM ()
instance GHC.Classes.Eq Ldap.Client.Internal.Attr
instance GHC.Show.Show Ldap.Client.Internal.Attr
instance GHC.Classes.Eq Ldap.Client.Internal.ResponseError
instance GHC.Show.Show Ldap.Client.Internal.ResponseError
instance GHC.Classes.Eq Ldap.Client.Internal.Dn
instance GHC.Show.Show Ldap.Client.Internal.Dn
instance GHC.Classes.Eq Ldap.Client.Internal.Ldap
instance GHC.Show.Show Ldap.Client.Internal.Host
instance GHC.Base.Functor Ldap.Client.Internal.Async
instance GHC.Exception.Exception Ldap.Client.Internal.ResponseError


-- | <a>Add</a> operation.
--   
--   This operation comes in four flavours:
--   
--   <ul>
--   <li>synchronous, exception throwing (<a>add</a>)</li>
--   <li>synchronous, returning <a>Either</a> <a>ResponseError</a>
--   <tt>()</tt> (<a>addEither</a>)</li>
--   <li>asynchronous, <a>IO</a> based (<a>addAsync</a>)</li>
--   <li>asynchronous, <a>STM</a> based (<a>addAsyncSTM</a>)</li>
--   </ul>
--   
--   Of those, the first one (<a>add</a>) is probably the most useful for
--   the typical usecase.
module Ldap.Client.Add

-- | Perform the Add operation synchronously. Raises <a>ResponseError</a>
--   on failures.
add :: Ldap -> Dn -> AttrList NonEmpty -> IO ()

-- | Perform the Add operation synchronously. Returns <tt>Left e</tt> where
--   <tt>e</tt> is a <a>ResponseError</a> on failures.
addEither :: Ldap -> Dn -> AttrList NonEmpty -> IO (Either ResponseError ())

-- | Perform the Add operation asynchronously. Call <a>wait</a> to wait for
--   its completion.
addAsync :: Ldap -> Dn -> AttrList NonEmpty -> IO (Async ())

-- | Perform the Add operation asynchronously.
--   
--   Don't wait for its completion (with <a>waitSTM</a>) in the same
--   transaction you've performed it in.
addAsyncSTM :: Ldap -> Dn -> AttrList NonEmpty -> STM (Async ())

-- | Asynchronous LDAP operation. Use <a>wait</a> or <a>waitSTM</a> to wait
--   for its completion.
data Async a

-- | Wait for operation completion.
wait :: Async a -> IO (Either ResponseError a)

-- | Wait for operation completion inside <a>STM</a>.
--   
--   Do not use this inside the same <a>STM</a> transaction the operation
--   was requested in! To give LDAP the chance to respond to it that
--   transaction should commit. After that, applying <a>waitSTM</a> to the
--   corresponding <a>Async</a> starts to make sense.
waitSTM :: Async a -> STM (Either ResponseError a)


-- | <a>Bind</a> operation.
--   
--   This operation comes in four flavours:
--   
--   <ul>
--   <li>synchronous, exception throwing (<a>bind</a>)</li>
--   <li>synchronous, returning <a>Either</a> <a>ResponseError</a>
--   <tt>()</tt> (<a>bindEither</a>)</li>
--   <li>asynchronous, <a>IO</a> based (<a>bindAsync</a>)</li>
--   <li>asynchronous, <a>STM</a> based (<a>bindAsyncSTM</a>)</li>
--   </ul>
--   
--   Of those, the first one (<a>bind</a>) is probably the most useful for
--   the typical usecase.
module Ldap.Client.Bind

-- | User's password.
newtype Password
Password :: ByteString -> Password

-- | Perform the Bind operation synchronously. Raises <a>ResponseError</a>
--   on failures.
bind :: Ldap -> Dn -> Password -> IO ()

-- | Perform the Bind operation synchronously. Returns <tt>Left e</tt>
--   where <tt>e</tt> is a <a>ResponseError</a> on failures.
bindEither :: Ldap -> Dn -> Password -> IO (Either ResponseError ())

-- | Perform the Bind operation asynchronously. Call <a>wait</a> to wait
--   for its completion.
bindAsync :: Ldap -> Dn -> Password -> IO (Async ())

-- | Perform the Bind operation asynchronously.
--   
--   Don't wait for its completion (with <a>waitSTM</a>) in the same
--   transaction you've performed it in.
bindAsyncSTM :: Ldap -> Dn -> Password -> STM (Async ())

-- | Perform a SASL EXTERNAL Bind operation synchronously. Raises
--   <a>ResponseError</a> on failures.
externalBind :: Ldap -> Dn -> Maybe Text -> IO ()

-- | Perform a SASL EXTERNAL Bind operation synchronously. Returns <tt>Left
--   e</tt> where <tt>e</tt> is a <a>ResponseError</a> on failures.
externalBindEither :: Ldap -> Dn -> Maybe Text -> IO (Either ResponseError ())

-- | Perform the SASL EXTERNAL Bind operation asynchronously. Call
--   <a>wait</a> to wait for its completion.
externalBindAsync :: Ldap -> Dn -> Maybe Text -> IO (Async ())

-- | Perform the SASL EXTERNAL Bind operation asynchronously.
--   
--   Don't wait for its completion (with <a>waitSTM</a>) in the same
--   transaction you've performed it in.
externalBindAsyncSTM :: Ldap -> Dn -> Maybe Text -> STM (Async ())

-- | Asynchronous LDAP operation. Use <a>wait</a> or <a>waitSTM</a> to wait
--   for its completion.
data Async a

-- | Wait for operation completion.
wait :: Async a -> IO (Either ResponseError a)

-- | Wait for operation completion inside <a>STM</a>.
--   
--   Do not use this inside the same <a>STM</a> transaction the operation
--   was requested in! To give LDAP the chance to respond to it that
--   transaction should commit. After that, applying <a>waitSTM</a> to the
--   corresponding <a>Async</a> starts to make sense.
waitSTM :: Async a -> STM (Either ResponseError a)
instance GHC.Classes.Eq Ldap.Client.Bind.Password
instance GHC.Show.Show Ldap.Client.Bind.Password


-- | <a>Compare</a> operation.
--   
--   This operation comes in four flavours:
--   
--   <ul>
--   <li>synchronous, exception throwing (<a>compare</a>)</li>
--   <li>synchronous, returning <a>Either</a> <a>ResponseError</a>
--   <tt>()</tt> (<a>compareEither</a>)</li>
--   <li>asynchronous, <a>IO</a> based (<a>compareAsync</a>)</li>
--   <li>asynchronous, <a>STM</a> based (<a>compareAsyncSTM</a>)</li>
--   </ul>
--   
--   Of those, the first one (<a>compare</a>) is probably the most useful
--   for the typical usecase.
module Ldap.Client.Compare

-- | Perform the Compare operation synchronously. Raises
--   <a>ResponseError</a> on failures.
compare :: Ldap -> Dn -> Attr -> AttrValue -> IO Bool

-- | Perform the Compare operation synchronously. Returns <tt>Left e</tt>
--   where <tt>e</tt> is a <a>ResponseError</a> on failures.
compareEither :: Ldap -> Dn -> Attr -> AttrValue -> IO (Either ResponseError Bool)

-- | Perform the Compare operation asynchronously. Call <a>wait</a> to wait
--   for its completion.
compareAsync :: Ldap -> Dn -> Attr -> AttrValue -> IO (Async Bool)

-- | Perform the Compare operation asynchronously.
--   
--   Don't wait for its completion (with <a>waitSTM</a>) in the same
--   transaction you've performed it in.
compareAsyncSTM :: Ldap -> Dn -> Attr -> AttrValue -> STM (Async Bool)

-- | Asynchronous LDAP operation. Use <a>wait</a> or <a>waitSTM</a> to wait
--   for its completion.
data Async a

-- | Wait for operation completion.
wait :: Async a -> IO (Either ResponseError a)

-- | Wait for operation completion inside <a>STM</a>.
--   
--   Do not use this inside the same <a>STM</a> transaction the operation
--   was requested in! To give LDAP the chance to respond to it that
--   transaction should commit. After that, applying <a>waitSTM</a> to the
--   corresponding <a>Async</a> starts to make sense.
waitSTM :: Async a -> STM (Either ResponseError a)


-- | <a>Delete</a> operation.
--   
--   This operation comes in four flavours:
--   
--   <ul>
--   <li>synchronous, exception throwing (<a>delete</a>)</li>
--   <li>synchronous, returning <a>Either</a> <a>ResponseError</a>
--   <tt>()</tt> (<a>deleteEither</a>)</li>
--   <li>asynchronous, <a>IO</a> based (<a>deleteAsync</a>)</li>
--   <li>asynchronous, <a>STM</a> based (<a>deleteAsyncSTM</a>)</li>
--   </ul>
--   
--   Of those, the first one (<a>delete</a>) is probably the most useful
--   for the typical usecase.
module Ldap.Client.Delete

-- | Perform the Delete operation synchronously. Raises
--   <a>ResponseError</a> on failures.
delete :: Ldap -> Dn -> IO ()

-- | Perform the Delete operation synchronously. Returns <tt>Left e</tt>
--   where <tt>e</tt> is a <a>ResponseError</a> on failures.
deleteEither :: Ldap -> Dn -> IO (Either ResponseError ())

-- | Perform the Delete operation asynchronously. Call <a>wait</a> to wait
--   for its completion.
deleteAsync :: Ldap -> Dn -> IO (Async ())

-- | Perform the Delete operation asynchronously.
--   
--   Don't wait for its completion (with <a>waitSTM</a>) in the same
--   transaction you've performed it in.
deleteAsyncSTM :: Ldap -> Dn -> STM (Async ())

-- | Asynchronous LDAP operation. Use <a>wait</a> or <a>waitSTM</a> to wait
--   for its completion.
data Async a

-- | Wait for operation completion.
wait :: Async a -> IO (Either ResponseError a)

-- | Wait for operation completion inside <a>STM</a>.
--   
--   Do not use this inside the same <a>STM</a> transaction the operation
--   was requested in! To give LDAP the chance to respond to it that
--   transaction should commit. After that, applying <a>waitSTM</a> to the
--   corresponding <a>Async</a> starts to make sense.
waitSTM :: Async a -> STM (Either ResponseError a)


-- | <a>Extended</a> operation.
--   
--   This operation comes in four flavours:
--   
--   <ul>
--   <li>synchronous, exception throwing (<a>extended</a>)</li>
--   <li>synchronous, returning <a>Either</a> <a>ResponseError</a>
--   <tt>()</tt> (<a>extendedEither</a>)</li>
--   <li>asynchronous, <a>IO</a> based (<a>extendedAsync</a>)</li>
--   <li>asynchronous, <a>STM</a> based (<a>extendedAsyncSTM</a>)</li>
--   </ul>
--   
--   Of those, the first one (<a>extended</a>) is probably the most useful
--   for the typical usecase.
module Ldap.Client.Extended

-- | Globally unique LDAP object identifier.
newtype Oid
Oid :: Text -> Oid

-- | Perform the Extended operation synchronously. Raises
--   <a>ResponseError</a> on failures.
extended :: Ldap -> Oid -> Maybe ByteString -> IO ()

-- | Perform the Extended operation synchronously. Returns <tt>Left e</tt>
--   where <tt>e</tt> is a <a>ResponseError</a> on failures.
extendedEither :: Ldap -> Oid -> Maybe ByteString -> IO (Either ResponseError ())

-- | Perform the Extended operation asynchronously. Call <a>wait</a> to
--   wait for its completion.
extendedAsync :: Ldap -> Oid -> Maybe ByteString -> IO (Async ())

-- | Perform the Extended operation asynchronously.
--   
--   Don't wait for its completion (with <a>waitSTM</a>) in the same
--   transaction you've performed it in.
extendedAsyncSTM :: Ldap -> Oid -> Maybe ByteString -> STM (Async ())

-- | An example of <tt>Extended Operation</tt>, cf. <a>extended</a>.
startTls :: Ldap -> IO ()

-- | An example of <tt>Extended Operation</tt>, cf. <a>extendedEither</a>.
startTlsEither :: Ldap -> IO (Either ResponseError ())

-- | An example of <tt>Extended Operation</tt>, cf. <a>extendedAsync</a>.
startTlsAsync :: Ldap -> IO (Async ())

-- | An example of <tt>Extended Operation</tt>, cf.
--   <a>extendedAsyncSTM</a>.
startTlsAsyncSTM :: Ldap -> STM (Async ())
noticeOfDisconnectionOid :: Oid
startTlsOid :: Oid

-- | Asynchronous LDAP operation. Use <a>wait</a> or <a>waitSTM</a> to wait
--   for its completion.
data Async a

-- | Wait for operation completion.
wait :: Async a -> IO (Either ResponseError a)

-- | Wait for operation completion inside <a>STM</a>.
--   
--   Do not use this inside the same <a>STM</a> transaction the operation
--   was requested in! To give LDAP the chance to respond to it that
--   transaction should commit. After that, applying <a>waitSTM</a> to the
--   corresponding <a>Async</a> starts to make sense.
waitSTM :: Async a -> STM (Either ResponseError a)
instance GHC.Classes.Eq Ldap.Client.Extended.Oid
instance GHC.Show.Show Ldap.Client.Extended.Oid
instance Data.String.IsString Ldap.Client.Extended.Oid


-- | <a>Modify</a> and <a>Modify DN</a> operations.
--   
--   These operations come in four flavours:
--   
--   <ul>
--   <li>synchronous, exception throwing (<a>modify</a> /
--   <a>modifyDn</a>)</li>
--   <li>synchronous, returning <a>Either</a> <a>ResponseError</a>
--   <tt>()</tt> (<a>modifyEither</a> / <a>modifyDnEither</a>)</li>
--   <li>asynchronous, <a>IO</a> based (<a>modifyAsync</a> /
--   <a>modifyDnAsync</a>)</li>
--   <li>asynchronous, <a>STM</a> based (<a>modifyAsyncSTM</a> /
--   <a>modifyDnAsyncSTM</a>)</li>
--   </ul>
--   
--   Of those, the first one (<a>modify</a> / <a>modifyDn</a>) is probably
--   the most useful for the typical usecase.
module Ldap.Client.Modify

-- | Type of modification being performed.
data Operation

-- | Delete values from the attribute. Deletes the attribute if the list is
--   empty or all current values are listed.
Delete :: !Attr -> ![AttrValue] -> Operation

-- | Add values to the attribute, creating it if necessary.
Add :: !Attr -> ![AttrValue] -> Operation

-- | Replace all existing values of the attribute with the new list.
--   Deletes the attribute if the list is empty.
Replace :: !Attr -> ![AttrValue] -> Operation

-- | Perform the Modify operation synchronously. Raises
--   <a>ResponseError</a> on failures.
modify :: Ldap -> Dn -> [Operation] -> IO ()

-- | Perform the Modify operation synchronously. Returns <tt>Left e</tt>
--   where <tt>e</tt> is a <a>ResponseError</a> on failures.
modifyEither :: Ldap -> Dn -> [Operation] -> IO (Either ResponseError ())

-- | Perform the Modify operation asynchronously. Call <a>wait</a> to wait
--   for its completion.
modifyAsync :: Ldap -> Dn -> [Operation] -> IO (Async ())

-- | Perform the Modify operation asynchronously.
--   
--   Don't wait for its completion (with <a>waitSTM</a>) in the same
--   transaction you've performed it in.
modifyAsyncSTM :: Ldap -> Dn -> [Operation] -> STM (Async ())

-- | A component of <a>Dn</a>.
newtype RelativeDn
RelativeDn :: Text -> RelativeDn

-- | Perform the Modify DN operation synchronously. Raises
--   <a>ResponseError</a> on failures.
modifyDn :: Ldap -> Dn -> RelativeDn -> Bool -> Maybe Dn -> IO ()

-- | Perform the Modify DN operation synchronously. Returns <tt>Left e</tt>
--   where <tt>e</tt> is a <a>ResponseError</a> on failures.
modifyDnEither :: Ldap -> Dn -> RelativeDn -> Bool -> Maybe Dn -> IO (Either ResponseError ())

-- | Perform the Modify DN operation asynchronously. Call <a>wait</a> to
--   wait for its completion.
modifyDnAsync :: Ldap -> Dn -> RelativeDn -> Bool -> Maybe Dn -> IO (Async ())

-- | Perform the Modify DN operation asynchronously.
--   
--   Don't wait for its completion (with <a>waitSTM</a>) in the same
--   transaction you've performed it in.
modifyDnAsyncSTM :: Ldap -> Dn -> RelativeDn -> Bool -> Maybe Dn -> STM (Async ())

-- | Asynchronous LDAP operation. Use <a>wait</a> or <a>waitSTM</a> to wait
--   for its completion.
data Async a

-- | Wait for operation completion.
wait :: Async a -> IO (Either ResponseError a)

-- | Wait for operation completion inside <a>STM</a>.
--   
--   Do not use this inside the same <a>STM</a> transaction the operation
--   was requested in! To give LDAP the chance to respond to it that
--   transaction should commit. After that, applying <a>waitSTM</a> to the
--   corresponding <a>Async</a> starts to make sense.
waitSTM :: Async a -> STM (Either ResponseError a)
instance GHC.Classes.Eq Ldap.Client.Modify.RelativeDn
instance GHC.Show.Show Ldap.Client.Modify.RelativeDn
instance GHC.Classes.Eq Ldap.Client.Modify.Operation
instance GHC.Show.Show Ldap.Client.Modify.Operation


-- | <a>Search</a> operation.
--   
--   This operation comes in four flavours:
--   
--   <ul>
--   <li>synchronous, exception throwing (<a>search</a>)</li>
--   <li>synchronous, returning <a>Either</a> <a>ResponseError</a>
--   <tt>()</tt> (<a>searchEither</a>)</li>
--   <li>asynchronous, <a>IO</a> based (<a>searchAsync</a>)</li>
--   <li>asynchronous, <a>STM</a> based (<a>searchAsyncSTM</a>)</li>
--   </ul>
--   
--   Of those, the first one (<a>search</a>) is probably the most useful
--   for the typical usecase.
module Ldap.Client.Search

-- | Perform the Search operation synchronously. Raises
--   <a>ResponseError</a> on failures.
search :: Ldap -> Dn -> Mod Search -> Filter -> [Attr] -> IO [SearchEntry]

-- | Perform the Search operation synchronously. Returns <tt>Left e</tt>
--   where <tt>e</tt> is a <a>ResponseError</a> on failures.
searchEither :: Ldap -> Dn -> Mod Search -> Filter -> [Attr] -> IO (Either ResponseError [SearchEntry])

-- | Perform the Search operation asynchronously. Call <a>wait</a> to wait
--   for its completion.
searchAsync :: Ldap -> Dn -> Mod Search -> Filter -> [Attr] -> IO (Async [SearchEntry])

-- | Perform the Search operation asynchronously.
--   
--   Don't wait for its completion (with <a>waitSTM</a>) in the same
--   transaction you've performed it in.
searchAsyncSTM :: Ldap -> Dn -> Mod Search -> Filter -> [Attr] -> STM (Async [SearchEntry])

-- | Search options. Use <a>Mod</a> to change some of those.
data Search

-- | Search modifier. Combine using <a>Semigroup</a> and/or <a>Monoid</a>
--   instance.
data Mod a

-- | Scope of the search to be performed.
data Scope

-- | Constrained to the entry named by baseObject.
BaseObject :: Scope

-- | Constrained to the immediate subordinates of the entry named by
--   baseObject.
SingleLevel :: Scope

-- | Constrained to the entry named by baseObject and to all its
--   subordinates.
WholeSubtree :: Scope

-- | Scope of the search (default: <tt>WholeSubtree</tt>).
scope :: Scope -> Mod Search

-- | Maximum number of entries to be returned as a result of the Search. No
--   limit if the value is <tt>0</tt> (default: <tt>0</tt>).
size :: Int32 -> Mod Search

-- | Maximum time (in seconds) allowed for the Search. No limit if the
--   value is <tt>0</tt> (default: <tt>0</tt>).
time :: Int32 -> Mod Search

-- | Whether Search results are to contain just attribute descriptions, or
--   both attribute descriptions and values (default: <a>False</a>).
typesOnly :: Bool -> Mod Search

-- | An indicator as to whether or not alias entries (as defined in
--   [RFC4512]) are to be dereferenced during stages of the Search
--   operation.
data DerefAliases

-- | Do not dereference aliases in searching or in locating the base object
--   of the Search.
NeverDerefAliases :: DerefAliases

-- | While searching subordinates of the base object, dereference any alias
--   within the search scope.
DerefInSearching :: DerefAliases

-- | Dereference aliases in locating the base object of the Search.
DerefFindingBaseObject :: DerefAliases

-- | Dereference aliases both in searching and in locating the base object
--   of the Search.
DerefAlways :: DerefAliases

-- | Alias dereference policy (default: <tt>NeverDerefAliases</tt>).
derefAliases :: DerefAliases -> Mod Search

-- | Conditions that must be fulfilled in order for the Search to match a
--   given entry.
data Filter

-- | Filter does not match the entry
Not :: !Filter -> Filter

-- | All filters match the entry
And :: !(NonEmpty Filter) -> Filter

-- | Any filter matches the entry
Or :: !(NonEmpty Filter) -> Filter

-- | Attribute is present in the entry
Present :: !Attr -> Filter

-- | Attribute's value is equal to the assertion
(:=) :: !Attr -> !AttrValue -> Filter

-- | Attribute's value is equal to or greater than the assertion
(:>=) :: !Attr -> !AttrValue -> Filter

-- | Attribute's value is equal to or less than the assertion
(:<=) :: !Attr -> !AttrValue -> Filter

-- | Attribute's value approximately matches the assertion
(:~=) :: !Attr -> !AttrValue -> Filter

-- | Glob match
(:=*) :: !Attr -> !(Maybe AttrValue, [AttrValue], Maybe AttrValue) -> Filter

-- | Extensible match
(::=) :: !(Maybe Attr, Maybe Attr, Bool) -> !AttrValue -> Filter

-- | Entry found during the Search.
data SearchEntry
SearchEntry :: !Dn -> !(AttrList []) -> SearchEntry

-- | Asynchronous LDAP operation. Use <a>wait</a> or <a>waitSTM</a> to wait
--   for its completion.
data Async a

-- | Wait for operation completion.
wait :: Async a -> IO (Either ResponseError a)

-- | Wait for operation completion inside <a>STM</a>.
--   
--   Do not use this inside the same <a>STM</a> transaction the operation
--   was requested in! To give LDAP the chance to respond to it that
--   transaction should commit. After that, applying <a>waitSTM</a> to the
--   corresponding <a>Async</a> starts to make sense.
waitSTM :: Async a -> STM (Either ResponseError a)
instance GHC.Classes.Eq Ldap.Client.Search.SearchEntry
instance GHC.Show.Show Ldap.Client.Search.SearchEntry
instance GHC.Classes.Eq Ldap.Client.Search.Search
instance GHC.Show.Show Ldap.Client.Search.Search
instance Data.Semigroup.Semigroup (Ldap.Client.Search.Mod a)
instance GHC.Base.Monoid (Ldap.Client.Search.Mod a)


-- | This module contains convertions from LDAP types to ASN.1.
--   
--   Various hacks are employed because "asn1-encoding" only encodes to
--   DER, but LDAP demands BER-encoding. So, when a definition looks
--   suspiciously different from the spec in the comment, that's why. I
--   hope all that will be fixed eventually.
module Ldap.Asn1.ToAsn1

-- | Convert a LDAP type to ASN.1.
--   
--   When it's relevant, instances include the part of RFC describing the
--   encoding.
class ToAsn1 a
toAsn1 :: ToAsn1 a => a -> Endo [ASN1]
instance Ldap.Asn1.ToAsn1.ToAsn1 op => Ldap.Asn1.ToAsn1.ToAsn1 (Ldap.Asn1.Type.LdapMessage op)
instance Ldap.Asn1.ToAsn1.ToAsn1 Ldap.Asn1.Type.Id
instance Ldap.Asn1.ToAsn1.ToAsn1 Ldap.Asn1.Type.LdapString
instance Ldap.Asn1.ToAsn1.ToAsn1 Ldap.Asn1.Type.LdapOid
instance Ldap.Asn1.ToAsn1.ToAsn1 Ldap.Asn1.Type.LdapDn
instance Ldap.Asn1.ToAsn1.ToAsn1 Ldap.Asn1.Type.RelativeLdapDn
instance Ldap.Asn1.ToAsn1.ToAsn1 Ldap.Asn1.Type.AttributeDescription
instance Ldap.Asn1.ToAsn1.ToAsn1 Ldap.Asn1.Type.AttributeValue
instance Ldap.Asn1.ToAsn1.ToAsn1 Ldap.Asn1.Type.AttributeValueAssertion
instance Ldap.Asn1.ToAsn1.ToAsn1 Ldap.Asn1.Type.AssertionValue
instance Ldap.Asn1.ToAsn1.ToAsn1 Ldap.Asn1.Type.PartialAttribute
instance Ldap.Asn1.ToAsn1.ToAsn1 Ldap.Asn1.Type.Attribute
instance Ldap.Asn1.ToAsn1.ToAsn1 Ldap.Asn1.Type.MatchingRuleId
instance Ldap.Asn1.ToAsn1.ToAsn1 Ldap.Asn1.Type.Controls
instance Ldap.Asn1.ToAsn1.ToAsn1 Ldap.Asn1.Type.Control
instance Ldap.Asn1.ToAsn1.ToAsn1 Ldap.Asn1.Type.ProtocolClientOp
instance Ldap.Asn1.ToAsn1.ToAsn1 Ldap.Asn1.Type.AuthenticationChoice
instance Ldap.Asn1.ToAsn1.ToAsn1 Ldap.Asn1.Type.AttributeSelection
instance Ldap.Asn1.ToAsn1.ToAsn1 Ldap.Asn1.Type.Filter
instance Ldap.Asn1.ToAsn1.ToAsn1 Ldap.Asn1.Type.SubstringFilter
instance Ldap.Asn1.ToAsn1.ToAsn1 Ldap.Asn1.Type.MatchingRuleAssertion
instance Ldap.Asn1.ToAsn1.ToAsn1 Ldap.Asn1.Type.AttributeList
instance Ldap.Asn1.ToAsn1.ToAsn1 a => Ldap.Asn1.ToAsn1.ToAsn1 [a]
instance Ldap.Asn1.ToAsn1.ToAsn1 a => Ldap.Asn1.ToAsn1.ToAsn1 (Data.List.NonEmpty.NonEmpty a)


-- | This module contains convertions from ASN.1 to LDAP types.
module Ldap.Asn1.FromAsn1

-- | Convert a part of ASN.1 stream to a LDAP type returning the remainder
--   of the stream.
parseAsn1 :: FromAsn1 a => [ASN1] -> Maybe ([ASN1], a)

-- | ASN.1 stream parsers.
--   
--   When it's relevant, instances include the part of RFC describing the
--   encoding.
class FromAsn1 a
instance Ldap.Asn1.FromAsn1.FromAsn1 op => Ldap.Asn1.FromAsn1.FromAsn1 (Ldap.Asn1.Type.LdapMessage op)
instance Ldap.Asn1.FromAsn1.FromAsn1 Ldap.Asn1.Type.Id
instance Ldap.Asn1.FromAsn1.FromAsn1 Ldap.Asn1.Type.LdapString
instance Ldap.Asn1.FromAsn1.FromAsn1 Ldap.Asn1.Type.LdapOid
instance Ldap.Asn1.FromAsn1.FromAsn1 Ldap.Asn1.Type.LdapDn
instance Ldap.Asn1.FromAsn1.FromAsn1 Ldap.Asn1.Type.AttributeDescription
instance Ldap.Asn1.FromAsn1.FromAsn1 Ldap.Asn1.Type.AttributeValue
instance Ldap.Asn1.FromAsn1.FromAsn1 Ldap.Asn1.Type.PartialAttribute
instance Ldap.Asn1.FromAsn1.FromAsn1 Ldap.Asn1.Type.LdapResult
instance Ldap.Asn1.FromAsn1.FromAsn1 Ldap.Asn1.Type.ReferralUris
instance Ldap.Asn1.FromAsn1.FromAsn1 Ldap.Asn1.Type.Uri
instance Ldap.Asn1.FromAsn1.FromAsn1 Ldap.Asn1.Type.ProtocolServerOp
instance Ldap.Asn1.FromAsn1.FromAsn1 Ldap.Asn1.Type.PartialAttributeList
instance (Ldap.Asn1.FromAsn1.FromAsn1 a, Ldap.Asn1.FromAsn1.FromAsn1 b) => Ldap.Asn1.FromAsn1.FromAsn1 (a, b)
instance GHC.Base.Functor (Ldap.Asn1.FromAsn1.Parser s)
instance GHC.Base.Applicative (Ldap.Asn1.FromAsn1.Parser s)
instance GHC.Base.Alternative (Ldap.Asn1.FromAsn1.Parser s)
instance GHC.Base.Monad (Ldap.Asn1.FromAsn1.Parser s)
instance GHC.Base.MonadPlus (Ldap.Asn1.FromAsn1.Parser s)


-- | This module is intended to be imported qualified
--   
--   <pre>
--   import qualified Ldap.Client as Ldap
--   </pre>
module Ldap.Client

-- | The entrypoint into LDAP.
--   
--   It catches all LDAP-related exceptions.
with :: Host -> PortNumber -> (Ldap -> IO a) -> IO (Either LdapError a)

-- | LDAP host.
data Host

-- | Plain LDAP.
Plain :: String -> Host

-- | LDAP over TLS.
Tls :: String -> TLSSettings -> Host
defaultTlsSettings :: TLSSettings
insecureTlsSettings :: TLSSettings

-- | Use the <tt>Num</tt> instance (i.e. use a literal) to create a
--   <tt>PortNumber</tt> value with the correct network-byte-ordering. You
--   should not use the PortNum constructor. It will be removed in the next
--   release.
--   
--   <pre>
--   &gt;&gt;&gt; 1 :: PortNumber
--   1
--   
--   &gt;&gt;&gt; read "1" :: PortNumber
--   1
--   </pre>
data PortNumber :: *

-- | A token. All functions that interact with the Directory require one.
data Ldap

-- | Various failures that can happen when working with LDAP.
data LdapError

-- | Network failure.
IOError :: !IOError -> LdapError

-- | Invalid ASN.1 data received from the server.
ParseError :: !ASN1Error -> LdapError

-- | An LDAP operation failed.
ResponseError :: !ResponseError -> LdapError

-- | Notice of Disconnection has been received.
DisconnectError :: !Disconnect -> LdapError

-- | Response indicates a failed operation.
data ResponseError

-- | LDAP server did not follow the protocol, so <tt>ldap-client</tt>
--   couldn't make sense of the response.
ResponseInvalid :: !Request -> !Response -> ResponseError

-- | The response contains a result code indicating failure and an error
--   message.
ResponseErrorCode :: !Request -> !ResultCode -> !Dn -> !Text -> ResponseError

-- | LDAP operation's result.
data ResultCode
Success :: ResultCode
OperationError :: ResultCode
ProtocolError :: ResultCode
TimeLimitExceeded :: ResultCode
SizeLimitExceeded :: ResultCode
CompareFalse :: ResultCode
CompareTrue :: ResultCode
AuthMethodNotSupported :: ResultCode
StrongerAuthRequired :: ResultCode
Referral :: ResultCode
AdminLimitExceeded :: ResultCode
UnavailableCriticalExtension :: ResultCode
ConfidentialityRequired :: ResultCode
SaslBindInProgress :: ResultCode
NoSuchAttribute :: ResultCode
UndefinedAttributeType :: ResultCode
InappropriateMatching :: ResultCode
ConstraintViolation :: ResultCode
AttributeOrValueExists :: ResultCode
InvalidAttributeSyntax :: ResultCode
NoSuchObject :: ResultCode
AliasProblem :: ResultCode
InvalidDNSyntax :: ResultCode
AliasDereferencingProblem :: ResultCode
InappropriateAuthentication :: ResultCode
InvalidCredentials :: ResultCode
InsufficientAccessRights :: ResultCode
Busy :: ResultCode
Unavailable :: ResultCode
UnwillingToPerform :: ResultCode
LoopDetect :: ResultCode
NamingViolation :: ResultCode
ObjectClassViolation :: ResultCode
NotAllowedOnNonLeaf :: ResultCode
NotAllowedOnRDN :: ResultCode
EntryAlreadyExists :: ResultCode
ObjectClassModsProhibited :: ResultCode
AffectsMultipleDSAs :: ResultCode
Other :: ResultCode

-- | User's password.
newtype Password
Password :: ByteString -> Password

-- | Perform the Bind operation synchronously. Raises <a>ResponseError</a>
--   on failures.
bind :: Ldap -> Dn -> Password -> IO ()

-- | Perform a SASL EXTERNAL Bind operation synchronously. Raises
--   <a>ResponseError</a> on failures.
externalBind :: Ldap -> Dn -> Maybe Text -> IO ()

-- | Perform the Search operation synchronously. Raises
--   <a>ResponseError</a> on failures.
search :: Ldap -> Dn -> Mod Search -> Filter -> [Attr] -> IO [SearchEntry]

-- | Entry found during the Search.
data SearchEntry
SearchEntry :: !Dn -> !(AttrList []) -> SearchEntry

-- | Search options. Use <a>Mod</a> to change some of those.
data Search

-- | Search modifier. Combine using <a>Semigroup</a> and/or <a>Monoid</a>
--   instance.
data Mod a

-- | Scope of the search to be performed.
data Scope

-- | Constrained to the entry named by baseObject.
BaseObject :: Scope

-- | Constrained to the immediate subordinates of the entry named by
--   baseObject.
SingleLevel :: Scope

-- | Constrained to the entry named by baseObject and to all its
--   subordinates.
WholeSubtree :: Scope

-- | Scope of the search (default: <tt>WholeSubtree</tt>).
scope :: Scope -> Mod Search

-- | Maximum number of entries to be returned as a result of the Search. No
--   limit if the value is <tt>0</tt> (default: <tt>0</tt>).
size :: Int32 -> Mod Search

-- | Maximum time (in seconds) allowed for the Search. No limit if the
--   value is <tt>0</tt> (default: <tt>0</tt>).
time :: Int32 -> Mod Search

-- | Whether Search results are to contain just attribute descriptions, or
--   both attribute descriptions and values (default: <a>False</a>).
typesOnly :: Bool -> Mod Search

-- | An indicator as to whether or not alias entries (as defined in
--   [RFC4512]) are to be dereferenced during stages of the Search
--   operation.
data DerefAliases

-- | Do not dereference aliases in searching or in locating the base object
--   of the Search.
NeverDerefAliases :: DerefAliases

-- | While searching subordinates of the base object, dereference any alias
--   within the search scope.
DerefInSearching :: DerefAliases

-- | Dereference aliases in locating the base object of the Search.
DerefFindingBaseObject :: DerefAliases

-- | Dereference aliases both in searching and in locating the base object
--   of the Search.
DerefAlways :: DerefAliases

-- | Alias dereference policy (default: <tt>NeverDerefAliases</tt>).
derefAliases :: DerefAliases -> Mod Search

-- | Conditions that must be fulfilled in order for the Search to match a
--   given entry.
data Filter

-- | Filter does not match the entry
Not :: !Filter -> Filter

-- | All filters match the entry
And :: !(NonEmpty Filter) -> Filter

-- | Any filter matches the entry
Or :: !(NonEmpty Filter) -> Filter

-- | Attribute is present in the entry
Present :: !Attr -> Filter

-- | Attribute's value is equal to the assertion
(:=) :: !Attr -> !AttrValue -> Filter

-- | Attribute's value is equal to or greater than the assertion
(:>=) :: !Attr -> !AttrValue -> Filter

-- | Attribute's value is equal to or less than the assertion
(:<=) :: !Attr -> !AttrValue -> Filter

-- | Attribute's value approximately matches the assertion
(:~=) :: !Attr -> !AttrValue -> Filter

-- | Glob match
(:=*) :: !Attr -> !(Maybe AttrValue, [AttrValue], Maybe AttrValue) -> Filter

-- | Extensible match
(::=) :: !(Maybe Attr, Maybe Attr, Bool) -> !AttrValue -> Filter

-- | Perform the Modify operation synchronously. Raises
--   <a>ResponseError</a> on failures.
modify :: Ldap -> Dn -> [Operation] -> IO ()

-- | Type of modification being performed.
data Operation

-- | Delete values from the attribute. Deletes the attribute if the list is
--   empty or all current values are listed.
Delete :: !Attr -> ![AttrValue] -> Operation

-- | Add values to the attribute, creating it if necessary.
Add :: !Attr -> ![AttrValue] -> Operation

-- | Replace all existing values of the attribute with the new list.
--   Deletes the attribute if the list is empty.
Replace :: !Attr -> ![AttrValue] -> Operation

-- | Perform the Add operation synchronously. Raises <a>ResponseError</a>
--   on failures.
add :: Ldap -> Dn -> AttrList NonEmpty -> IO ()

-- | Perform the Delete operation synchronously. Raises
--   <a>ResponseError</a> on failures.
delete :: Ldap -> Dn -> IO ()

-- | A component of <a>Dn</a>.
newtype RelativeDn
RelativeDn :: Text -> RelativeDn

-- | Perform the Modify DN operation synchronously. Raises
--   <a>ResponseError</a> on failures.
modifyDn :: Ldap -> Dn -> RelativeDn -> Bool -> Maybe Dn -> IO ()

-- | Perform the Compare operation synchronously. Raises
--   <a>ResponseError</a> on failures.
compare :: Ldap -> Dn -> Attr -> AttrValue -> IO Bool

-- | Globally unique LDAP object identifier.
newtype Oid
Oid :: Text -> Oid

-- | Perform the Extended operation synchronously. Raises
--   <a>ResponseError</a> on failures.
extended :: Ldap -> Oid -> Maybe ByteString -> IO ()

-- | Unique identifier of an LDAP entry.
newtype Dn
Dn :: Text -> Dn

-- | Attribute name.
newtype Attr
Attr :: Text -> Attr

-- | Attribute value.
type AttrValue = ByteString

-- | List of attributes and their values. <tt>f</tt> is the structure these
--   values are in, e.g. <a>NonEmpty</a>.
type AttrList f = [(Attr, f AttrValue)]

-- | Non-empty (and non-strict) list type.
data NonEmpty a :: * -> *
instance GHC.Classes.Eq Ldap.Client.LdapError
instance GHC.Show.Show Ldap.Client.LdapError
instance GHC.Classes.Eq Ldap.Client.Disconnect
instance GHC.Show.Show Ldap.Client.Disconnect
instance GHC.Classes.Eq Ldap.Client.WrappedIOError
instance GHC.Show.Show Ldap.Client.WrappedIOError
instance GHC.Exception.Exception Ldap.Client.WrappedIOError
instance GHC.Exception.Exception Ldap.Client.Disconnect