Symantec Access Management

Hi,

We are using CA Directory server and are planning to obtain Object IDentifier(OID) for our organization. Anybody obtained it earlier? If so, can you let me know the exact procedure followed to get OID?

IANA keeps a registry of private enterprise numbers which you can apply for: Private Enterprise Number (PEN) Application Form

You can check the existing list of numbers in case your organization already has been assigned one: http://www.iana.org/assignments/enterprise-numbers/enterprise-numbers. If your enterprise already has one, then the associated contact can provide you with a unique sub-arc under your existing OID for your application.

After registration, the PEN supplied can then be used under the IANA private enterprise arc 1.3.6.1.4.1. for your OIDs.

For example,

If you are allocated 770000 you can create arcs under 1.3.6.1.4.1.770000. when creating your schema.

schema set oid-prefix myapplication-attr = (1.3.6.1.4.1.770000.1);

schema set oid-prefix myapplication-oc = (1.3.6.1.4.1.770000.2);

Thanks for the reply. In one of our customized schema i see "oid-prefix <compnay>attributeType = (2.5.4.79);". Do we still need to obtain OID?

The 2.5.4 arc is reserved for X.500 directory services (DXHOME/config/schema/x500.dxc defines these objects).

It is fine to take a sub-arc from an existing arc and many customers do this for convenience, though, the idea of an OID is to uniquely define an object globally. This can't be guaranteed when existing arcs are purposed.

Choosing a sub-arc from 2.5.4 should be ok given that the X.500 standard hasn't changed for 20 years. If your application is purely internal then I can't foresee any future OID conflicts.

ok. Thats a good piece of information mcdju01.

In CA directory server, for default schema and for customized schema, which arc we have to use? is it 1.3.6.1.4.1.xxxx or 2.5.4.xx? which schema uses which arc?

If you using 2.5.4.79 then stick with that. You only need to use 1.3.6.1.4.1.*** if you wish to have an OID assigned by IANA.

Hi mcdju01, we are setting up directory from scratch for the organization. So, we wanted to know which i arc i have to use? Right now nothing is there and i wanted to set it up properly by knowign the facts.

(1) In CA directory server, for default schema and for customized schema, which arc we have to use? is it 1.3.6.1.4.1.xxxx or 2.5.4.xx? which schema uses which arc?

(2) I read your first reply and you mentioned that "Choosing a sub-arc from 2.5.4 should be ok given that the X.500 standard hasn't changed for 20 years. If your application is purely internal then I can't foresee any future OID conflicts."

We have internal applications as well external applications. In that case which arc should be used?

As per the original response, we recommend you register a private enterprise number with IANA and use 1.3.6.1.4.1.*** where *** is the number assigned.

You shouldn't really use 2.5.4.xx as this is reserved by X.500 (default schema), however, you indicated that you had customized schema under 2.5.4.79 (under the X.500 reserved arc) and I suggested that you can just continue adding customized schema to the 2.5.4.79 arc if this is already occurring. Your latest reply seems to indicate that this isn't the case.

The default schema that ships with directory is defined by Internet standards and should not be modified. However, you can use attributes defined in custom object classes as long as the schema is sourced before you custom schema is sourced.

Customized schema should not conflict with the default schema, that is why we recommend registering your own arc under 1.3.6.1.4.1.xxxx.

In summary,

* Register the organization: Private Enterprise Number (PEN) Application Form

* Create attributes, object-classes, name-bindings using 1.3.6.1.4.1.*** where *** is the number assigned above

* If object-classes use default schema shipped with directory, ensure this is sourced before your customized schema