[Date Prev][Date Next] [Chronological] [Thread] [Top]

[ldapext] BER encoding of PasswordPolicyResponseValue?

Someone asked me this week what the correct BER encoding is for a
PasswordPolicyResponseValue (from
http://www.ietf.org/internet-drafts/draft-behera-ldap-password-policy-06.txt).

The ASN.1 from section 5.2 of the I-D is:

   PasswordPolicyResponseValue ::= SEQUENCE {
      warning   [0] CHOICE OPTIONAL {
          timeBeforeExpiration  [0] INTEGER (0 .. maxInt),
          graceLoginsRemaining  [1] INTEGER (0 .. maxInt) }
      error     [1] ENUMERATED OPTIONAL {
          passwordExpired       (0),
          accountLocked         (1),
          changeAfterReset      (2),
          passwordModNotAllowed (3),
          mustSupplyOldPassword (4),
          invalidPasswordSyntax (5),
          passwordTooShort      (6),
          passwordTooYoung      (7),
          passwordInHistory     (8) } }

Notice that the warning element is both OPTIONAL (with a context
specific tag of 0) and a CHOICE with embedded context specific tags (0
timeBeforeExpiration and 1 for graceLoginsRemaining). Normally, a CHOICE
is encoded simply as whatever element as chosen, e.g., if
timeBeforeExpiration is chosen one would just encode an INTEGER with a
context specific primitive tag of 0. But the tag associated with the
outer element (warning) also needs to be included so the decoder can
tell that a warning element was included (remember, it is optional).
What is the right way to encode this?

One ASN.1 compiler I used encoded the warning element as a constructed
element that contains one integer (which allows two tags to be encoded,
one associated with the constructed/container element and one with the
integer itself). Is that the right thing to do? Can any of the ASN.1
experts out there help?

Thanks.

-Mark Smith
 Netscape


_______________________________________________
Ldapext mailing list
Ldapext@ietf.org
https://www1.ietf.org/mailman/listinfo/ldapext