Directory Server (LDAP) - Object identifier (OID)

Object identifier (OID)

An object identifier (OID) is a string, of decimal numbers, that uniquely identifies an object. These objects are typically an object class or an attribute.

If you do not have an OID, you can specify the object class or attribute name appended with -oid. For example, if you create the attribute tempID, you can specify the OID as tempID-oid.

It is absolutely critical that private OIDs are obtained from legitimate authorities. There are two basic strategies for obtaining legitimate OIDs:

Register the objects with an authority. This strategy can be convenient, for example, if you need a small number of OIDs.
Obtain an arc (an arc is an individual subtree of the OID tree) from an authority and assign your own OIDs as needed. This strategy might be preferred if many OIDs are needed, or OID assignments are not stable.

The American National Standards Institute (ANSI) is the registration authority for organization names in the United States under the global registration process established by International Standards Organization (ISO) and International Telecommunication Union (ITU). More information about organization name registration can be found at the ANSI Web site Link outside the Information Center (www.ansi.org). The ANSI OID arc for organizations is 2.16.840.1. ANSI will assign a number (NEWNUM), creating a new OID arc: 2.16.840.1.NEWNUM.

In most countries or regions, the national standards association maintains an OID registry. As with the ANSI arc, these are generally arcs assigned under the OID 2.16. It might take some investigation to find the OID authority for a particular country or region. The national standards organization for your country or region might be an ISO member. The names and contact information of ISO members can be found at the ISO Web site Link outside the Information Center (www.iso.ch).

The Internet Assigned Numbers Authority (IANA) assigns private enterprise numbers, which are OIDs, in the arc 1.3.6.1.4.1. IANA will assign a number (NEWNUM) so that the new OID arc will be 1.3.6.1.4.1.NEWNUM. These numbers can be obtained from the IANA Web site Link outside the Information Center (www.iana.org).

Once your organization has been assigned an OID, you can define your own OIDs by appending to the end of the OID. For example, suppose your organization has been assigned the fictional OID 1.1.1. No other organization will be assigned an OID that starts with "1.1.1". You might create a range for LDAP by appending ".1" to form 1.1.1.1. You might further subdivide this into ranges for objectclasses (1.1.1.1.1), attribute types (1.1.1.1.2), and so on, and assign OID 1.1.1.1.2.34 to the attribute "foo".