Turn on the heater… It’s chilling… BERRRR..

We love BER for two simple reasons.

  1. It is very simple (that’s why we understand it)
  2. Being a standard ‘language’ used to code protocols.

Once you understand BER, understanding the overlying protocol becomes very easy. (Hence this tutorial) In this chapter we will look at the ‘BER implementation for LDAP’. The rules of the game remain the same. The first two bits of the BER identifier define the class, the next bit defines the type of variable, whereas the remaining bits define the actual datatype. Let’s look at each of them. In this case we will use a `bottoms-up’ approach (don’t get the glasses please) We only meant that let do the last bits first.


When it comes to the datatypes, LDAP is a cousin of SNMP i.e. it uses a few datatypes. Some of them are as shown below

INTEGER Used to store number (same as SNMP)
OCTET string Handles all character string
SEQUENCE Mother of all datatypes. Denotes
the list of data, datatypes and sequence.
Similar to ‘structures’ in high level program language.
SEQUENCE OF Same as SEQUENCE but contains an array
of similar datatypes
CHOICE Allows the user to select any one of the
various options available

Type of variable:

The function of the fifth bit of the BER identifier remains the same i.e. it is used to differentiate the datatype which is to appear next. As this is a one bit number, only two possibilities are available.

  1. Primitive or basic datatypes: Integers and Octet strings fall into this category. This is represented by the number 0
  2. Constructed or Non-primitive datatypes: Sequences and choices belong to this breed. They are represented by number 1


Now lets focus on the most important classifications of BER identifier in LDAP-the classes. Class of a datatype is denoted by the first two bits of the BER identifier. These also follow the same rules as applicable to other BER identifiers. The 4 classes available are as shown.

D8 D7 Implication
0 0 Universal
0 1 Application
1 0 Context
1 1 Private

The reader (or should we call them viewers or surfers) by now, will be familiar with the Universal and Private data classes. The conservationist in us does not let us waste disk space in explaining the above classes again.

Application are the most crucial of all classes in case of LDAP. Application basically refers to the ‘type of service’ required by the end users. These services have been assigned a unique number. This number is called the Application number’ ( The designers probably felt ‘Type of service number’ was to long and unglamorous) The application available under LDAP, along with their application no. Have been summarized in the look up table shown below

Application number Application
0 BindRequest
1 BindResponse
2 UnbindRequest
3 SearchRequest
4 SearchResponse
5 ModifyRequest
6 ModifyResponse
7 AddRequest
8 AddResponse
9 DelRequest
10 DelResponse
11 ModifyRDNRequest
12 ModifyRDNResponse
13 CompareRequest
14 CompareResponse
15 AbandonRequest

The application number is used as a key when coding a BER identifier for example – When querying for data use the ‘SearchRequest’ application. The BER identifier is as shown below.

0 1 0 0 0 0 1 1
0 1 Application
0 Primitive
0 0011 Application Number (SearchRequest)

You would have realized how simple encoding can be.

Context Specific : –

Options available under an applications are known as `contexts’ For example consider the following ex. When searching for a person called ‘vijay mukhi’ we may search a directory for a person whose first name is ‘vijay’ AND whose surname is mukhi. In this case ‘AND’ becomes an option (Context) under the application searchRequest. We would love to present the entire listing of all options available under LDAP. The only thing that stops us from doing so is the fact that the options available are innumerable and listing here may necessitate us to buy a new server (not extra disk space) to host it. This is extremely difficult proposition in the absence of any support from Microsoft.

We hope that this small introduction to the rudimentary concepts of the BER implementation for LDAP was useful. It is definitely sufficient for understanding the programs that we have used in the tutorial. So don’t waste time by staring at the screen, go ahead and check out the programs

The above tutorial is a joint effort of

Mr. Vijay Mukhi
Ms. Sonal Kotecha
Mr. Arsalan Zaidi
Mr. Vinesh Kurup

(This blog appeared in Vijay Mukhi Technology Cornucopia website in 1996)


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s