jspωiki
OctetString

Overview#

A value of the OctetString LDAPSyntaxes is a sequence of zero, one, or more arbitrary octets.

An octet is a byte, and an OctetString is simply zero or more bytes strung together.

OctetString and LDAP#

OctetString has an OID of 1.3.6.1.4.1.1466.115.121.1.40 or Microsoft Active Directory 2.5.5.10

OctetString bytes can represent Plaintext in LDAP, which is usually the bytes that comprise the UTF-8 representation of that text, or they can just make up some arbitrary blob of binary data.

LDAP uses octet strings all over the place, including for DNs, attribute names and values, diagnostic messages, and to hold the encoded values of controls, extended requests and responses, and SASL credentials.

In LDAP, OctetString are always primitive where BER allows for the possibility of constructed octet strings, but RFC 4511 section 5.1 forbids constructed octet strings use in LDAP. The universal BER type for an octet string element is 0x04, and the hexadecimal bytes that correspond to the UTF-8 Encoding text string “Hello!” are:

 48 65 6c 6c 6f 21
, so the encoding for a universal octet string element meant to hold the text string “Hello!” is:
 04 06 48 65 6c 6c 6f 21 

The LDAP-specific encoding of a value of this syntax is the unconverted sequence of octets, which conforms to the following ABNF:

OctetString = *OCTET

The <OCTET> rule is defined in RFC 4512. Values of this syntax are not generally human-readable.

The LDAP definition for the Octet String syntax is:

( 1.3.6.1.4.1.1466.115.121.1.40 DESC 'Octet String' )

OctetString syntax corresponds to the OCTET STRING ASN.1 type from ASN.1.

More Information#

There might be more information for this subject on one of the following: