mail us  |  mail this page

contact us
training  | 
tech stuff  | 

Appendix A - LDAP: OID

An OID (Object Identifier) is a globally unique number that identifies objects. Globally Unique means there exists a single authority in the known universe that is responsible for the definition of the object and its functionality - this authority can be a international standards group, national organization or a private enterprise as discussed below. The OID definition, when followed to its source, will contain two pieces of information. A textual description and some ASN.1 SYNTAX which provides a formal definition of the object.

OIDs are defined within the ITU-T's Abstract Syntax Notation One (ASN.1.

OIDs are used in LDAP (X.500) to identify objectclass, attribute, syntaxes (data types), matchingrules, protocol mechanisms, controls, extended operation and supported features.

An OID is a tree structured series of numbers separated with '.' (dot) and is read from LEFT to RIGHT. OID Examples:

2.5.6 # OID of x.500 objectclasses # OID of country objectclass # Critical Angle - used in many LDAP definitions # microsoft's enterprise OID
1.2.840.113556 # microsoft's us OID
2.16.840.1.113730 # Netscape - used in many LDAP definitions

The OID tree is organised from the LEFT so the left-most character is the highest level in the tree and indicates the international organisation that is responsible for delegating assignment of the following numbers. The highest level may take one of the following values:

Number Assignment
0 itu (IU-T)
1 iso ISO
2 joint itu-iso

The whole numbering assignment process may be found using this site. This note only reviews the more significant OIDs used in LDAP and their delegation route.

2.5.x OIDs

The base OID 2.5 was assigned by itu-iso (from the table above) to the X.500 study group so that numbers starting with 2.5 e.g. 2.5.6.x or 2.5.4.x are allocated (and defined) by this standardization group. OIDs

The base OID of is the internet's private enterprise numbering sequence which is assigned by IANA. Any organisation can apply for an enterprise number. Values to the RIGHT of this number may then be assigned by the delegated organisation at its own discretion. This number can be written as which substitutes names for the numbers and makes more sense - the translation is defined in RFCs 2578 - 2580.

OIDs of are assigned by OpenLDAP. Many OIDs used by OpenLDAP are of the form which one assumes are historical and date back to the original LDAP specifications before establishment of the OpenLDAP organization. Just another of life's mysteries.

If new objectclasses or attributes are required this delegation route is most commonly used. It is a Very Bad Thing™ to re-use existing OIDs or to invent a number - one day it will catch you out.

OIDs are used by a number of IETF protocols including SNMP. There is no rule for allocating OIDs within namespace but we suggest that the first digit within an enterprise number (the arc) be used to identify the protocol and then assign objects within the protocol e.g.:

# X below is the enterprise number assigned by IANA - assign to SNMP objects - assign to LDAP objects - assign to LDAP syntaxes - assign to LDAP matchingrules - assign to LDAP attributes - assign to LDAP objectclasses - assign to LDAP supported features - assign to LDAP protocol mechanisms - assign to LDAP controls - assign to LDAP extended operations

While many of the above categories may never be used - think big!

1.2.840.x and 2.16.840.x OIDs

The base OID 1.2.840 was assigned by iso to a member-country (2) and then usa (840) which can then assign values to organizations.

The base OID 2.16.840 is a variation of country allocation and derives from joint- iso-itu (2), county (16) and usa (840).

Using this wonderful site the OID delegation route and the object definition may be identified. Note: Many of the OIDs at the site reference additional information at - this site seems to have been discontinued and morphed into a re-incarnation at To get from an invalid URL reference to the new site simply edit the URL beginning with and replace this string with and remove the .html from the end of the URL. Alternatively - and perhaps quicker - use the basic search page (using previous link) and repeat the search!

Problems, comments, suggestions, corrections (including broken links) or something to add? Please take the time from a busy life to 'mail us' (at top of screen), the webmaster (below) or info-support at zytrax. You will have a warm inner glow for the rest of the day.


tech info
guides home
1 objectives
big picture
2 concepts
3 ldap objects
4 install ldap
5 samples
6 configuration
7 replica & refer
8 ldif
9 protocol
10 ldap api
11 howtos
12 trouble
13 performance
14 ldap tools
15 security
notes & info
ldap resources
rfc's & x.500
ldap objects
change log

Creative Commons License
This work is licensed under a Creative Commons License.

If you are happy it's OK - but your browser is giving a less than optimal experience on our site. You could, at no charge, upgrade to a W3C STANDARDS COMPLIANT browser such as Firefox




share page via facebook tweet this page


email us Send to a friend feature print this page Decrease font size Increase font size Display full width page



Debian Linux


GNU-Free SW Foundation


Open Source Initiative
Creative Commons


Ibiblio - Library
Open Book Project
Open Directory


CSS Technology SPF Record Conformant Domain
Copyright © 1994 - 2015 ZyTrax, Inc.
All rights reserved. Legal and Privacy
site by zytrax
Hosted by
web-master at zytrax
Page modified: October 21 2015.