An OID (Object Identifier) is a globally unique number that identifies objects. Globally Unique means there exists a single authority in the known universe that is responsible for the definition of the object and its functionality - this authority can be a international standards group, national organization or a private enterprise as discussed below. The OID definition, when followed to its source, will contain two pieces of information. A textual description and some ASN.1 SYNTAX which provides a formal definition of the object.
OIDs are defined within the ITU-T's Abstract Syntax Notation One (ASN.1.
OIDs are used in LDAP (X.500) to identify objectclass, attribute, syntaxes (data types), matchingrules, protocol mechanisms, controls, extended operation and supported features.
An OID is a tree structured series of numbers separated with '.' (dot) and is read from LEFT to RIGHT. OID Examples:
2.5.6 # OID of x.500 objectclasses 220.127.116.11 # OID of country objectclass 18.104.22.168.4.1.1446 # Critical Angle - used in many LDAP definitions 22.214.171.124.4.1.311 # microsoft's enterprise OID 1.2.840.113556 # microsoft's us OID 2.16.840.1.113730 # Netscape - used in many LDAP definitions
The OID tree is organised from the LEFT so the left-most character is the highest level in the tree and indicates the international organisation that is responsible for delegating assignment of the following numbers. The highest level may take one of the following values:
The whole numbering assignment process may be found using this site. This note only reviews the more significant OIDs used in LDAP and their delegation route.
The base OID 2.5 was assigned by itu-iso (from the table above) to the X.500 study group so that numbers starting with 2.5 e.g. 2.5.6.x or 2.5.4.x are allocated (and defined) by this standardization group.
The base OID of 126.96.36.199.4.1 is the internet's private enterprise numbering sequence which is assigned by IANA. Any organisation can apply for an enterprise number. Values to the RIGHT of this number may then be assigned by the delegated organisation at its own discretion. This number can be written as iso.org.dod.internet.private.enterprise which substitutes names for the numbers and makes more sense - the translation is defined in RFCs 2578 - 2580.
OIDs of 188.8.131.52.4.1.4203 are assigned by OpenLDAP. Many OIDs used by OpenLDAP are of the form 184.108.40.206.4.1.1446 which one assumes are historical and date back to the original LDAP specifications before establishment of the OpenLDAP organization. Just another of life's mysteries.
If new objectclasses or attributes are required this delegation route is most commonly used. It is a Very Bad Thing™ to re-use existing OIDs or to invent a number - one day it will catch you out.
OIDs are used by a number of IETF protocols including SNMP. There is no rule for allocating OIDs within namespace but we suggest that the first digit within an enterprise number (the arc) be used to identify the protocol and then assign objects within the protocol e.g.:
# X below is the enterprise number assigned by IANA 220.127.116.11.4.1.X.1 - assign to SNMP objects 18.104.22.168.4.1.X.2 - assign to LDAP objects 22.214.171.124.4.1.X.2.1 - assign to LDAP syntaxes 126.96.36.199.4.1.X.2.2 - assign to LDAP matchingrules 188.8.131.52.4.1.X.2.3 - assign to LDAP attributes 184.108.40.206.4.1.X.2.4 - assign to LDAP objectclasses 220.127.116.11.4.1.X.2.5 - assign to LDAP supported features 18.104.22.168.4.1.X.2.9 - assign to LDAP protocol mechanisms 22.214.171.124.4.1.X.2.10 - assign to LDAP controls 126.96.36.199.4.1.X.2.11 - assign to LDAP extended operations
While many of the above categories may never be used - think big!
The base OID 1.2.840 was assigned by iso to a member-country (2) and then usa (840) which can then assign values to organizations.
The base OID 2.16.840 is a variation of country allocation and derives from joint- iso-itu (2), county (16) and usa (840).
Using this wonderful site the OID delegation route and the object definition may be identified. Note: Many of the OIDs at the site reference additional information at oid.elibel.tm.fr - this site seems to have been discontinued and morphed into a re-incarnation at www.oid-info.com. To get from an invalid URL reference to the new site simply edit the URL beginning with oid.elibel.tm.fr and replace this string with www.oid-info.com/get and remove the .html from the end of the URL. Alternatively - and perhaps quicker - use the basic search page (using previous link) and repeat the search!
Problems, comments, suggestions, corrections (including broken links) or something to add? Please take the time from a busy life to 'mail us' (at top of screen), the webmaster (below) or info-support at zytrax. You will have a warm inner glow for the rest of the day.
3 ldap objects
4 install ldap
7 replica & refer
10 ldap api
14 ldap tools
notes & info
rfc's & x.500
This work is licensed under a Creative Commons License.
If you are happy it's OK - but your browser is giving a less than optimal experience on our site. You could, at no charge, upgrade to a W3C STANDARDS COMPLIANT browser such as Firefox