mail us  |  mail this page

products  |  company  |  support  |  training  |  contact us

ZYTRAX OPEN LOGO

Appendix A - LDAP: OID

An OID (Object Identifier) is a globally unique number that identifies objects. Globally Unique means there exists a single authority in the known universe that is responsible for the definition of the object and its functionality - this authority can be a international standards group, national organization or a private enterprise as discussed below. The OID definition, when followed to its source, will contain two pieces of information. A textual description and some ASN.1 SYNTAX which provides a formal definition of the object.

OIDs are defined within the ITU-T's Abstract Syntax Notation One (ASN.1.

OIDs are used in LDAP (X.500) to identify objectclass, attribute, syntaxes (data types), matchingrules, protocol mechanisms, controls, extended operation and supported features.

An OID is a tree structured series of numbers separated with '.' (dot) and is read from LEFT to RIGHT. OID Examples:

2.5.6 # OID of x.500 objectclasses
2.5.6.2 # OID of country objectclass
1.3.6.1.4.1.1446 # Critical Angle - used in many LDAP definitions 
1.3.6.1.4.1.311 # microsoft's enterprise OID
1.2.840.113556 # microsoft's us OID
2.16.840.1.113730 # Netscape - used in many LDAP definitions

The OID tree is organised from the LEFT so the left-most character is the highest level in the tree and indicates the international organisation that is responsible for delegating assignment of the following numbers. The highest level may take one of the following values:

Number Assignment
0 itu (IU-T)
1 iso ISO
2 joint itu-iso

The whole numbering assignment process may be found using this site. This note only reviews the more significant OIDs used in LDAP and their delegation route.

2.5.x OIDs

The base OID 2.5 was assigned by itu-iso (from the table above) to the X.500 study group so that numbers starting with 2.5 e.g. 2.5.6.x or 2.5.4.x are allocated (and defined) by this standardization group.

1.3.6.1.4.1.x OIDs

The base OID of 1.3.6.1.4.1 is the internet's private enterprise numbering sequence which is assigned by IANA. Any organisation can apply for an enterprise number. Values to the RIGHT of this number may then be assigned by the delegated organisation at its own discretion. This number can be written as iso.org.dod.internet.private.enterprise which substitutes names for the numbers and makes more sense - the translation is defined in RFCs 2578 - 2580.

OIDs of 1.3.6.1.4.1.4203 are assigned by OpenLDAP. Many OIDs used by OpenLDAP are of the form 1.3.6.1.4.1.1446 which one assumes are historical and date back to the original LDAP specifications before establishment of the OpenLDAP organization. Just another of life's mysteries.

If new objectclasses or attributes are required this delegation route is most commonly used. It is a Very Bad Thing™ to re-use existing OIDs or to invent a number - one day it will catch you out.

OIDs are used by a number of IETF protocols including SNMP. There is no rule for allocating OIDs within namespace but we suggest that the first digit within an enterprise number (the arc) be used to identify the protocol and then assign objects within the protocol e.g.:


# X below is the enterprise number assigned by IANA
1.3.6.1.4.1.X.1 - assign to SNMP objects
1.3.6.1.4.1.X.2 - assign to LDAP objects
1.3.6.1.4.1.X.2.1 - assign to LDAP syntaxes
1.3.6.1.4.1.X.2.2 - assign to LDAP matchingrules
1.3.6.1.4.1.X.2.3 - assign to LDAP attributes
1.3.6.1.4.1.X.2.4 - assign to LDAP objectclasses
1.3.6.1.4.1.X.2.5 - assign to LDAP supported features
1.3.6.1.4.1.X.2.9 - assign to LDAP protocol mechanisms
1.3.6.1.4.1.X.2.10 - assign to LDAP controls
1.3.6.1.4.1.X.2.11 - assign to LDAP extended operations

While many of the above categories may never be used - think big!

1.2.840.x and 2.16.840.x OIDs

The base OID 1.2.840 was assigned by iso to a member-country (2) and then usa (840) which can then assign values to organizations.

The base OID 2.16.840 is a variation of country allocation and derives from joint- iso-itu (2), county (16) and usa (840).

Using this wonderful site the OID delegation route and the object definition may be identified. Note: Many of the OIDs at the site reference additional information at oid.elibel.tm.fr - this site seems to have been discontinued and morphed into a re-incarnation at www.oid-info.com. To get from an invalid URL reference to the new site simply edit the URL beginning with oid.elibel.tm.fr and replace this string with www.oid-info.com/get and remove the .html from the end of the URL. Alternatively - and perhaps quicker - use the basic search page (using previous link) and repeat the search!

Copyright © 1994 - 2014 ZyTrax, Inc.
All rights reserved. Legal and Privacy
site by zytrax
Hosted by super.net.sg
web-master at zytrax
Page modified: September 17 2013.

Contents

tech info
guides home
intro
contents
1 objectives
big picture
2 concepts
3 ldap objects
quickstart
4 install ldap
5 samples
6 configuration
7 replica & refer
reference
8 ldif
9 protocol
10 ldap api
operations
11 howtos
12 trouble
13 performance
14 ldap tools
security
15 security
appendices
notes & info
ldap resources
rfc's & x.500
glossary
ldap objects
change log

Creative Commons License
This work is licensed under a Creative Commons License.

If you are happy it's OK - but your browser is giving a less than optimal experience on our site. You could, at no charge, upgrade to a W3C STANDARDS COMPLIANT browser such as Firefox

web zytrax.com

Share Page

share page via facebook tweet this page submit page to stumbleupon submit page to reddit.com

Page Features

Page comment feature Send to a friend feature print this page Decrease font size Increase font size

RSS Feed Icon RSS Feed

Resources

Systems

FreeBSD
NetBSD
OpenBSD
DragonFlyBSD
Linux.org
Debian Linux

Applications

LibreOffice
OpenOffice
Mozilla
SourceForge
GNU-Free SW Foundation

Organisations

Open Source Initiative
Creative Commons

Misc.

Ibiblio - Library
Open Book Project
Open Directory
Wikipedia

SPF Resources

Draft RFC
SPF Web Site
SPF Testing
SPF Testing (member only)

Display full width page Full width page

Print this page Print this page

SPF Record Conformant Domain Logo