[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: [ldapext] BER encoding of PasswordPolicyResponseValue?
I bet you're right. (Now where is that LDAP extensions guidelines
document...?)
>>> Mark C Smith <mcs@netscape.com> 3/28/03 7:32:16 AM >>>
Thank you for your helpful response.
One follow up question: in the absence of any indication, the default
in
ASN.1 is EXPLICIT tagging, right? I suspect many LDAP extension
documents intend to use IMPLICIT (which for example is specified in
Appendix A of RFC 2251) but that fact may not be mentioned. One
example:
http://www.ietf.org/internet-drafts/draft-ietf-ldapext-ldapv3-vlv-09.txt
-Mark
Steven Legg wrote:
>Mark,
>
>Mark C Smith wrote:
>
>
>>Someone asked me this week what the correct BER encoding is for a
>>PasswordPolicyResponseValue (from
>>
>>
>>
>http://www.ietf.org/internet-drafts/draft-behera-ldap-password-policy-06.txt
>).
>
>
>>The ASN.1 from section 5.2 of the I-D is:
>>
>> PasswordPolicyResponseValue ::= SEQUENCE {
>> warning [0] CHOICE OPTIONAL {
>> timeBeforeExpiration [0] INTEGER (0 .. maxInt),
>> graceLoginsRemaining [1] INTEGER (0 .. maxInt) }
>> error [1] ENUMERATED OPTIONAL {
>> passwordExpired (0),
>> accountLocked (1),
>> changeAfterReset (2),
>> passwordModNotAllowed (3),
>> mustSupplyOldPassword (4),
>> invalidPasswordSyntax (5),
>> passwordTooShort (6),
>> passwordTooYoung (7),
>> passwordInHistory (8) } }
>>
>>
>
>First up, there are syntax errors in this type definition.
>It should read:
>
> PasswordPolicyResponseValue ::= SEQUENCE {
> warning [0] CHOICE {
> timeBeforeExpiration [0] INTEGER (0 .. maxInt),
> graceLoginsRemaining [1] INTEGER (0 .. maxInt) }
OPTIONAL,
> error [1] ENUMERATED {
> passwordExpired (0),
> accountLocked (1),
> changeAfterReset (2),
> passwordModNotAllowed (3),
> mustSupplyOldPassword (4),
> invalidPasswordSyntax (5),
> passwordTooShort (6),
> passwordTooYoung (7),
> passwordInHistory (8) } OPTIONAL }
>
>
>
>
>>Notice that the warning element is both OPTIONAL (with a context
>>specific tag of 0) and a CHOICE with embedded context specific tags
(0
>>timeBeforeExpiration and 1 for graceLoginsRemaining).
>>Normally, a CHOICE
>>is encoded simply as whatever element as chosen, e.g., if
>>timeBeforeExpiration is chosen one would just encode an INTEGER with
a
>>context specific primitive tag of 0. But the tag associated with the
>>outer element (warning) also needs to be included so the decoder can
>>tell that a warning element was included (remember, it is optional).
>>What is the right way to encode this?
>>
>>
>
>If the tag default is IMPLICIT TAGS then the encoding is as
>you've stated above. The implicit tagging suppresses the universal
tag
>of the INTEGER, but there is no universal tag (or length) for CHOICE
>and implicit tagging never applies to a CHOICE.
>
>With IMPLICIT tags the warning element, when present, is encoded as
>
> [constructed 0] length [primitive 0] length integer-value-octets
>
>With EXPLICIT tags the warning element, when present, is encoded as
>
> [constructed 0] length [constructed 0] length
> [primitive UNIVERSAL 2] length integer-value-octets
>
>
>
>>One ASN.1 compiler I used encoded the warning element as a
constructed
>>element that contains one integer (which allows two tags to
>>be encoded,
>>one associated with the constructed/container element and one with
the
>>integer itself). Is that the right thing to do?
>>
>>
>
>Yes, if the tag default is IMPLICIT TAGS, though the draft doesn't
say
>whether EXPLICIT or IMPLICIT tagging should apply.
>
>Regards,
>Steven
>
_______________________________________________
Ldapext mailing list
Ldapext@ietf.org
https://www1.ietf.org/mailman/listinfo/ldapext
_______________________________________________
Ldapext mailing list
Ldapext@ietf.org
https://www1.ietf.org/mailman/listinfo/ldapext