ApacheDS 2.0
Downloads
Documentation
- Basic User Guide
- Advanced User Guide
- Developer Guide
- Kerberos User Guide
- Configuration
- JavaDocs
- Cross-Reference
Support
Community
About Apache
4.2.10 - ACI grammar
The ACI attributes store data following a specific structure, which is define by this grammar :
<wrapperEntryPoint> ::= <SP*> '{' <SP*> <mainACIItemComponent> <SP*>
<mainACIItemComponents> '}' <SP*> EOF
<mainACIItemComponents> ::= ',' <SP*> <mainACIItemComponent> <SP*>
<mainACIItemComponents> | e
** Note : we have to allow only one of each option
<mainACIItemComponent> ::=
"identificationTag" <SP+> SAFEUTF8STRING
| "precedence" <SP+> INTEGER
| "authenticationLevel" <SP+> <authenticationLevel>
| "itemOrUserFirst" <SP+> <itemOrUserFirst>
<authenticationLevel> ::= "none" | "simple" | "strong"
<itemOrUserFirst> ::=
"itemFirst" <SP*> ':' <SP*> '{' <SP*> <itemType> <SP*>
'}'
|
"userFirst" <SP*> ':' <SP*> '{' <SP*> <userType> <SP*>
'}'
<itemType> ::=
"protectedItems" <SP*> '{' <SP*> <protectedItem?> '}' <SP*>
',' <SP*> '{' <SP*> <anyItemPermission> <SP*>
<anyItemPermission*> '}'
|
"itemPermissions" <SP+> '{' <SP*> <itemPermissions?> '}' <SP*>
',' <SP*> "protectedItems" <SP*> '{' <SP*>
<protectedItem?> '}'
<userType> ::=
"userClasses" <SP+> '{' <SP*> <userClass?> '}' <SP*> ','
<SP*> '{' <SP*> <anyUserPermission> <SP*>
<anyUserPermission*> '}'
|
"userPermissions" <SP+> '{' <SP*> <userPermissions?> '}'
<SP*> ','
<SP*> "userClasses" <SP+> '{' <SP*>
<userClass?> '}'
<protectedItem?> ::= <protectedItem> <SP*> <protectedItem*> | e
<protectedItem*> ::= ',' <SP*> <protectedItem> <SP*> <protectedItem*> | e
<protectedItem> ::=
"entry"
| "allUserAttributeTypes"
| "attributeType" <SP+> '{' <SP*> <oid> <SP*> <oids> '}'
| "allAttributeValues" <SP+> '{' <SP*> <oid> <SP*> <oids> '}'
| "allUserAttributeTypesAndValues"
| ATTRIBUTE_VALUE_CANDIDATE
| "selfValue" <SP+> '{' <SP*> <oid> <SP*> <oids> '}'
| RANGE_OF_VALUES_CANDIDATE
| "maxValueCount" <SP+> '{' <SP*> '{' <SP*> <valueCountType> <SP*> '}'
<SP*> <maxValueCount*> '}'
| "maxImmSub" <SP+> INTEGER
| "restrictedBy" <SP+> '{' <SP*> '{' <SP*> <typeValueIn> <SP*> '}'
<SP*> <restrictedValue*> '}'
| "classes" <SP+> <refinement>
<maxValueCount*> ::= ',' <SP*> '{' <SP*> <valueCountType> <SP*> '}' <SP*>
<maxValueCount*> | e
<valueCountType> ::=
"type" <SP+> <oid> <SP*> ',' <SP*> "maxCount" <SP+>
INTEGER
|
"maxCount" <SP+> INTEGER <SP*> ',' <SP*> "type" <SP+>
<oid>
<restrictedValue*> ::= ',' <SP*> '{' <SP*> <typeValueIn> <SP*> '}' <SP*>
<restrictedValue*> | e
<typeValueIn> ::=
"type" <SP+> <oid> <SP*> ',' <SP*> "valuesIn" <SP+> <oid>
|
"valuesIn" <SP+> <oid> <SP*> ',' <SP*> "type" <SP+> <oid>
<oids> ::= ',' <SP*> <oid> <SP*> <oids> | e
<itemPermissions?> ::= '{' <SP*> <anyItemPermission> <SP*>
<anyItemPermission*> '}' <SP*> <itemPermissions*> | e
<itemPermissions*> ::=
',' <SP*> '{' <SP*> <anyItemPermission> <SP*>
<anyItemPermission*> '}' <SP*> <itemPermissions*> | e
<anyItemPermission*> ::= ',' <SP*> <anyItemPermission> <SP*>
<anyItemPermission*> | e
<anyItemPermission> :
"precedence" <SP+> <INTEGER>
| "userClasses" <SP+> '{' <SP*> <userClass?> '}'
| "grantsAndDenials" <SP+> '{' <SP*> <grantAndDenial?> '}'
<grantAndDenial?> ::= <grantAndDenial> <SP*> <grantAndDenial*> | e
<grantAndDenial*> ::= ',' <SP*> <grantAndDenial> <SP*> <grantAndDenial*>
<grantAndDenial> :
"grantAdd"
| "denyAdd"
| "grantDiscloseOnError"
| "denyDiscloseOnError"
| "grantRead"
| "denyRead"
| "grantRemove"
| "denyRemove"
| "grantBrowse"
| "denyBrowse"
| "grantExport"
| "denyExport"
| "grantImport"
| "denyImport"
| "grantModify"
| "denyModify"
| "grantRename"
| "denyRename"
| "grantReturnDN"
| "denyReturnDN"
| "grantCompare"
| "denyCompare"
| "grantFilterMatch"
| "denyFilterMatch"
| "grantInvoke"
| "denyInvoke"
<userClass?> ::= <userClass> <SP*> <userClass*> | e
<userClass*> ::= ',' <SP*> <userClass> <SP*> <userClass*> | e
<userClass> :
"allUsers"
| "thisEntry"
| "parentOfEntry"
| "name" <SP+> '{' <SP*> <distinguishedName> <SP*> <name*> '}'
| "userGroup" <SP+> '{' <SP*> <distinguishedName> <SP*> <userGroup*>
'}'
| "subtree" <SP+> '{' <SP*> '{' <SP*> <subtreeSpecificationComponent?>
'}' <SP*> <subTree*> '}'
<name*> ::= ',' <SP*> <distinguishedName> <SP*> <name*> | e
<userGroup*> ::= ',' <SP*> <distinguishedName> <SP*> <userGroup*> | e
<subTree*> ::= ',' <SP*> '{' <SP*> <subtreeSpecificationComponent?> '}'
<SP*> <subTree*> | e
<userPermissions?> ::= '{' <SP*> <anyUserPermission> <SP*>
<anyUserPermission*> '}' <SP*> <userPermissions*> | e
<userPermissions*> ::=
',' <SP*> '{' <SP*> <anyUserPermission> <SP*>
<anyUserPermission*> '}' <SP*> <userPermissions*> | e
<anyUserPermission*> ::= ',' <SP*> <anyUserPermission> <SP*>
<anyUserPermission*> | e
<anyUserPermission> :
"precedence" <SP+> <INTEGER>
| "protectedItems" <SP*> '{' <SP*> <protectedItem?> '}'
| "grantsAndDenials" <SP+> '{' <SP*> <grantAndDenial?> '}'
<subtreeSpecificationComponent?> ::= <subtreeSpecificationComponent> <SP*>
<subtreeSpecificationComponent*> | e
<subtreeSpecificationComponent*> ::= ',' <SP*>
<subtreeSpecificationComponent> <SP*> <subtreeSpecificationComponent*> | e
<subtreeSpecificationComponent> :
"base" <SP+> <distinguishedName>
| "specificExclusions" <SP+> '{' <SP*> <specificExclusion?> '}'
| "minimum" <SP+> INTEGER
| "maximum" <SP+> INTEGER
<specificExclusion?> ::= <specificExclusion> <SP*> <specificExclusion*> | e
<specificExclusion*> ::= ',' <SP*> <specificExclusion> <SP*>
<specificExclusion*> | e
<specificExclusion> ::=
"chopBefore" <SP*> ':' <SP*> <distinguishedName>
|
"chopAfter" <SP*> ':' <SP*> <distinguishedName>
<refinement> ::=
"item" <SP*> ':' <SP*> <oid>
|
"and" <SP*> ':' <SP*> '{' <refinements?> '}'
|
"or" <SP*> ':' <SP*> '{' <refinements?> '}'
|
"not" <SP*> ':' <SP*> '{' <refinements?> '}'
<refinements?> ::= <SP*> <refinements?> <SP*> <refinement*> | e
<refinement*> ::= ',' <SP*> <refinement> <SP*> <refinement*> | e
<distinguishedName> ::= SAFEUTF8STRING
<oid> ::= DESCR | NUMERICOID
SAFEUTF8CHAR :
'\u0001'..'\u0021' |
'\u0023'..'\u007F' |
'\u00c0'..'\u00d6' |
'\u00d8'..'\u00f6' |
'\u00f8'..'\u00ff' |
'\u0100'..'\u1fff' |
'\u3040'..'\u318f' |
'\u3300'..'\u337f' |
'\u3400'..'\u3d2d' |
'\u4e00'..'\u9fff' |
'\uf900'..'\ufaff' ;
<SP+> ::= <SP> <SP*>
<SP*> ::= <SP> <SP*> | e
<SP> ::= ' ' | '\t' | '\n' | '\r' ;
ALPHA : 'A'..'Z' | 'a'..'z' ;
<INTEGER> ::= <DIGIT> | <LDIGIT> <DIGIT> <DIGIT*>
<DIGIT> ::= '0' | <LDIGIT> ;
<LDIGIT> ::= '1'..'9' ;
<DIGIT*> ::= <DIGIT> <DIGIT*> | e
HYPHEN : '-' ;
NUMERICOID : INTEGER ( DOT INTEGER )+ ;
DOT : '.' ;
INTEGER_OR_NUMERICOID
:
( INTEGER DOT ) => NUMERICOID
|
INTEGER
SAFEUTF8STRING : '"'! ( SAFEUTF8CHAR )* '"'! ;
DESCR
:
( "attributeValue" ( SP! )+ '{' ) =>
"attributeValue"! ( SP! )+ '{'! ( options : . )* '}'!
| ( "rangeOfValues" ( SP! )+ '(' ) =>
"rangeOfValues"! ( SP! )+ FILTER
| ALPHA ( ALPHA | DIGIT | HYPHEN )*
;
FILTER : '(' ( ( '&' (SP)* (FILTER)+ ) | ( '|' (SP)* (FILTER)+ ) | ( '!'
(SP)* FILTER ) | FILTER_VALUE ) ')' (SP)* ;
FILTER_VALUE : (options: ~( ')' | '(' | '&' | '|' | '!' ) ( ~(')') )* ) ;