| Title: 4.2.10 - ACI grammar |
| NavPrev: 4.2.9-migration-from-other-ldap-servers.html |
| NavPrevText: 4.2.9 - Migration from other LDAP servers |
| NavUp: 4.2-authorization.html |
| NavUpText: 4.2 - Authorization |
| NavNext: 4.2.11-links-and-references.html |
| NavNextText: 4.2.11 - Links and references |
| Notice: Licensed to the Apache Software Foundation (ASF) under one |
| or more contributor license agreements. See the NOTICE file |
| distributed with this work for additional information |
| regarding copyright ownership. The ASF licenses this file |
| to you under the Apache License, Version 2.0 (the |
| "License"); you may not use this file except in compliance |
| with the License. You may obtain a copy of the License at |
| . |
| http://www.apache.org/licenses/LICENSE-2.0 |
| . |
| Unless required by applicable law or agreed to in writing, |
| software distributed under the License is distributed on an |
| "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| KIND, either express or implied. See the License for the |
| specific language governing permissions and limitations |
| under the License. |
| |
| # 4.2.10 - ACI grammar |
| |
| The ACI attributes store data following a specific structure, which is |
| define by this grammar : |
| |
| :::text |
| <wrapperEntryPoint> ::= <SP*> '{' <SP*> <mainACIItemComponent> <SP*> |
| <mainACIItemComponents> '}' <SP*> EOF |
| |
| <mainACIItemComponents> ::= ',' <SP*> <mainACIItemComponent> <SP*> |
| <mainACIItemComponents> | e |
| |
| ** Note : we have to allow only one of each option |
| <mainACIItemComponent> ::= |
| "identificationTag" <SP+> SAFEUTF8STRING |
| | "precedence" <SP+> INTEGER |
| | "authenticationLevel" <SP+> <authenticationLevel> |
| | "itemOrUserFirst" <SP+> <itemOrUserFirst> |
| |
| <authenticationLevel> ::= "none" | "simple" | "strong" |
| |
| <itemOrUserFirst> ::= |
| "itemFirst" <SP*> ':' <SP*> '{' <SP*> <itemType> <SP*> |
| '}' |
| | |
| "userFirst" <SP*> ':' <SP*> '{' <SP*> <userType> <SP*> |
| '}' |
| |
| <itemType> ::= |
| "protectedItems" <SP*> '{' <SP*> <protectedItem?> '}' <SP*> |
| ',' <SP*> '{' <SP*> <anyItemPermission> <SP*> |
| <anyItemPermission*> '}' |
| | |
| "itemPermissions" <SP+> '{' <SP*> <itemPermissions?> '}' <SP*> |
| ',' <SP*> "protectedItems" <SP*> '{' <SP*> |
| <protectedItem?> '}' |
| |
| <userType> ::= |
| "userClasses" <SP+> '{' <SP*> <userClass?> '}' <SP*> ',' |
| <SP*> '{' <SP*> <anyUserPermission> <SP*> |
| <anyUserPermission*> '}' |
| | |
| "userPermissions" <SP+> '{' <SP*> <userPermissions?> '}' |
| <SP*> ',' |
| <SP*> "userClasses" <SP+> '{' <SP*> |
| <userClass?> '}' |
| |
| <protectedItem?> ::= <protectedItem> <SP*> <protectedItem*> | e |
| |
| <protectedItem*> ::= ',' <SP*> <protectedItem> <SP*> <protectedItem*> | e |
| |
| <protectedItem> ::= |
| "entry" |
| | "allUserAttributeTypes" |
| | "attributeType" <SP+> '{' <SP*> <oid> <SP*> <oids> '}' |
| | "allAttributeValues" <SP+> '{' <SP*> <oid> <SP*> <oids> '}' |
| | "allUserAttributeTypesAndValues" |
| | ATTRIBUTE_VALUE_CANDIDATE |
| | "selfValue" <SP+> '{' <SP*> <oid> <SP*> <oids> '}' |
| | RANGE_OF_VALUES_CANDIDATE |
| | "maxValueCount" <SP+> '{' <SP*> '{' <SP*> <valueCountType> <SP*> '}' |
| <SP*> <maxValueCount*> '}' |
| | "maxImmSub" <SP+> INTEGER |
| | "restrictedBy" <SP+> '{' <SP*> '{' <SP*> <typeValueIn> <SP*> '}' |
| <SP*> <restrictedValue*> '}' |
| | "classes" <SP+> <refinement> |
| |
| <maxValueCount*> ::= ',' <SP*> '{' <SP*> <valueCountType> <SP*> '}' <SP*> |
| <maxValueCount*> | e |
| |
| <valueCountType> ::= |
| "type" <SP+> <oid> <SP*> ',' <SP*> "maxCount" <SP+> |
| INTEGER |
| | |
| "maxCount" <SP+> INTEGER <SP*> ',' <SP*> "type" <SP+> |
| <oid> |
| |
| <restrictedValue*> ::= ',' <SP*> '{' <SP*> <typeValueIn> <SP*> '}' <SP*> |
| <restrictedValue*> | e |
| |
| <typeValueIn> ::= |
| "type" <SP+> <oid> <SP*> ',' <SP*> "valuesIn" <SP+> <oid> |
| | |
| "valuesIn" <SP+> <oid> <SP*> ',' <SP*> "type" <SP+> <oid> |
| |
| <oids> ::= ',' <SP*> <oid> <SP*> <oids> | e |
| |
| <itemPermissions?> ::= '{' <SP*> <anyItemPermission> <SP*> |
| <anyItemPermission*> '}' <SP*> <itemPermissions*> | e |
| |
| <itemPermissions*> ::= |
| ',' <SP*> '{' <SP*> <anyItemPermission> <SP*> |
| <anyItemPermission*> '}' <SP*> <itemPermissions*> | e |
| |
| <anyItemPermission*> ::= ',' <SP*> <anyItemPermission> <SP*> |
| <anyItemPermission*> | e |
| |
| <anyItemPermission> : |
| "precedence" <SP+> <INTEGER> |
| | "userClasses" <SP+> '{' <SP*> <userClass?> '}' |
| | "grantsAndDenials" <SP+> '{' <SP*> <grantAndDenial?> '}' |
| |
| <grantAndDenial?> ::= <grantAndDenial> <SP*> <grantAndDenial*> | e |
| |
| <grantAndDenial*> ::= ',' <SP*> <grantAndDenial> <SP*> <grantAndDenial*> |
| |
| <grantAndDenial> : |
| "grantAdd" |
| | "denyAdd" |
| | "grantDiscloseOnError" |
| | "denyDiscloseOnError" |
| | "grantRead" |
| | "denyRead" |
| | "grantRemove" |
| | "denyRemove" |
| | "grantBrowse" |
| | "denyBrowse" |
| | "grantExport" |
| | "denyExport" |
| | "grantImport" |
| | "denyImport" |
| | "grantModify" |
| | "denyModify" |
| | "grantRename" |
| | "denyRename" |
| | "grantReturnDN" |
| | "denyReturnDN" |
| | "grantCompare" |
| | "denyCompare" |
| | "grantFilterMatch" |
| | "denyFilterMatch" |
| | "grantInvoke" |
| | "denyInvoke" |
| |
| <userClass?> ::= <userClass> <SP*> <userClass*> | e |
| |
| <userClass*> ::= ',' <SP*> <userClass> <SP*> <userClass*> | e |
| |
| <userClass> : |
| "allUsers" |
| | "thisEntry" |
| | "parentOfEntry" |
| | "name" <SP+> '{' <SP*> <distinguishedName> <SP*> <name*> '}' |
| | "userGroup" <SP+> '{' <SP*> <distinguishedName> <SP*> <userGroup*> |
| '}' |
| | "subtree" <SP+> '{' <SP*> '{' <SP*> <subtreeSpecificationComponent?> |
| '}' <SP*> <subTree*> '}' |
| |
| <name*> ::= ',' <SP*> <distinguishedName> <SP*> <name*> | e |
| |
| <userGroup*> ::= ',' <SP*> <distinguishedName> <SP*> <userGroup*> | e |
| |
| <subTree*> ::= ',' <SP*> '{' <SP*> <subtreeSpecificationComponent?> '}' |
| <SP*> <subTree*> | e |
| |
| <userPermissions?> ::= '{' <SP*> <anyUserPermission> <SP*> |
| <anyUserPermission*> '}' <SP*> <userPermissions*> | e |
| |
| <userPermissions*> ::= |
| ',' <SP*> '{' <SP*> <anyUserPermission> <SP*> |
| <anyUserPermission*> '}' <SP*> <userPermissions*> | e |
| |
| <anyUserPermission*> ::= ',' <SP*> <anyUserPermission> <SP*> |
| <anyUserPermission*> | e |
| |
| <anyUserPermission> : |
| "precedence" <SP+> <INTEGER> |
| | "protectedItems" <SP*> '{' <SP*> <protectedItem?> '}' |
| | "grantsAndDenials" <SP+> '{' <SP*> <grantAndDenial?> '}' |
| |
| <subtreeSpecificationComponent?> ::= <subtreeSpecificationComponent> <SP*> |
| <subtreeSpecificationComponent*> | e |
| <subtreeSpecificationComponent*> ::= ',' <SP*> |
| <subtreeSpecificationComponent> <SP*> <subtreeSpecificationComponent*> | e |
| |
| <subtreeSpecificationComponent> : |
| "base" <SP+> <distinguishedName> |
| | "specificExclusions" <SP+> '{' <SP*> <specificExclusion?> '}' |
| | "minimum" <SP+> INTEGER |
| | "maximum" <SP+> INTEGER |
| |
| <specificExclusion?> ::= <specificExclusion> <SP*> <specificExclusion*> | e |
| |
| <specificExclusion*> ::= ',' <SP*> <specificExclusion> <SP*> |
| <specificExclusion*> | e |
| |
| <specificExclusion> ::= |
| "chopBefore" <SP*> ':' <SP*> <distinguishedName> |
| | |
| "chopAfter" <SP*> ':' <SP*> <distinguishedName> |
| |
| <refinement> ::= |
| "item" <SP*> ':' <SP*> <oid> |
| | |
| "and" <SP*> ':' <SP*> '{' <refinements?> '}' |
| | |
| "or" <SP*> ':' <SP*> '{' <refinements?> '}' |
| | |
| "not" <SP*> ':' <SP*> '{' <refinements?> '}' |
| |
| <refinements?> ::= <SP*> <refinements?> <SP*> <refinement*> | e |
| |
| <refinement*> ::= ',' <SP*> <refinement> <SP*> <refinement*> | e |
| |
| <distinguishedName> ::= SAFEUTF8STRING |
| |
| <oid> ::= DESCR | NUMERICOID |
| |
| SAFEUTF8CHAR : |
| '\u0001'..'\u0021' | |
| '\u0023'..'\u007F' | |
| '\u00c0'..'\u00d6' | |
| '\u00d8'..'\u00f6' | |
| '\u00f8'..'\u00ff' | |
| '\u0100'..'\u1fff' | |
| '\u3040'..'\u318f' | |
| '\u3300'..'\u337f' | |
| '\u3400'..'\u3d2d' | |
| '\u4e00'..'\u9fff' | |
| '\uf900'..'\ufaff' ; |
| |
| <SP+> ::= <SP> <SP*> |
| <SP*> ::= <SP> <SP*> | e |
| <SP> ::= ' ' | '\t' | '\n' | '\r' ; |
| |
| |
| ALPHA : 'A'..'Z' | 'a'..'z' ; |
| |
| <INTEGER> ::= <DIGIT> | <LDIGIT> <DIGIT> <DIGIT*> |
| <DIGIT> ::= '0' | <LDIGIT> ; |
| <LDIGIT> ::= '1'..'9' ; |
| <DIGIT*> ::= <DIGIT> <DIGIT*> | e |
| |
| HYPHEN : '-' ; |
| |
| NUMERICOID : INTEGER ( DOT INTEGER )+ ; |
| |
| DOT : '.' ; |
| |
| INTEGER_OR_NUMERICOID |
| : |
| ( INTEGER DOT ) => NUMERICOID |
| | |
| INTEGER |
| |
| SAFEUTF8STRING : '"'! ( SAFEUTF8CHAR )* '"'! ; |
| |
| DESCR |
| : |
| ( "attributeValue" ( SP! )+ '{' ) => |
| "attributeValue"! ( SP! )+ '{'! ( options : . )* '}'! |
| | ( "rangeOfValues" ( SP! )+ '(' ) => |
| "rangeOfValues"! ( SP! )+ FILTER |
| | ALPHA ( ALPHA | DIGIT | HYPHEN )* |
| ; |
| |
| FILTER : '(' ( ( '&' (SP)* (FILTER)+ ) | ( '|' (SP)* (FILTER)+ ) | ( '!' |
| (SP)* FILTER ) | FILTER_VALUE ) ')' (SP)* ; |
| |
| FILTER_VALUE : (options: ~( ')' | '(' | '&' | '|' | '!' ) ( ~(')') )* ) ; |
| |