[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
[ldapext] BER encoding of PasswordPolicyResponseValue?
- To: ldapext@ietf.org
- Subject: [ldapext] BER encoding of PasswordPolicyResponseValue?
- From: mcs@netscape.com (Mark C Smith)
- Date: Thu, 27 Mar 2003 16:52:06 -0500
- Organization: Netscape Communications Corp.
- User-agent: Mozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:1.3b) Gecko/20030211
Someone asked me this week what the correct BER encoding is for a
PasswordPolicyResponseValue (from
http://www.ietf.org/internet-drafts/draft-behera-ldap-password-policy-06.txt).
The ASN.1 from section 5.2 of the I-D is:
PasswordPolicyResponseValue ::= SEQUENCE {
warning [0] CHOICE OPTIONAL {
timeBeforeExpiration [0] INTEGER (0 .. maxInt),
graceLoginsRemaining [1] INTEGER (0 .. maxInt) }
error [1] ENUMERATED OPTIONAL {
passwordExpired (0),
accountLocked (1),
changeAfterReset (2),
passwordModNotAllowed (3),
mustSupplyOldPassword (4),
invalidPasswordSyntax (5),
passwordTooShort (6),
passwordTooYoung (7),
passwordInHistory (8) } }
Notice that the warning element is both OPTIONAL (with a context
specific tag of 0) and a CHOICE with embedded context specific tags (0
timeBeforeExpiration and 1 for graceLoginsRemaining). Normally, a CHOICE
is encoded simply as whatever element as chosen, e.g., if
timeBeforeExpiration is chosen one would just encode an INTEGER with a
context specific primitive tag of 0. But the tag associated with the
outer element (warning) also needs to be included so the decoder can
tell that a warning element was included (remember, it is optional).
What is the right way to encode this?
One ASN.1 compiler I used encoded the warning element as a constructed
element that contains one integer (which allows two tags to be encoded,
one associated with the constructed/container element and one with the
integer itself). Is that the right thing to do? Can any of the ASN.1
experts out there help?
Thanks.
-Mark Smith
Netscape
_______________________________________________
Ldapext mailing list
Ldapext@ietf.org
https://www1.ietf.org/mailman/listinfo/ldapext