--On Wednesday, January 18, 2017 10:59 AM +0000 Francesco Sordi f_sordi_1@yahoo.it wrote:
attributeType ( id-at-organizationIdentifier NAME 'organizationIdentifier' DESC 'X520 attribute Organization Identifier' SUP name EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SINGLE-VALUE )
But i cannot understand which objectclass can use this attribute and how to add an object using it.
You would need to create a custom objectClass that allows this attribute.
Regards, Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
Thanks Quanah,Unfortunately ITU did not clarify if this attribute is part of a new class (i.e. legal person) or if it is an attribute for the organization objectclass or another one. I would like to find an exixsting implementation, after all this attribute has been "invented" in 2008.
Il Giovedì 19 Gennaio 2017 0:46, Quanah Gibson-Mount quanah@symas.com ha scritto:
--On Wednesday, January 18, 2017 10:59 AM +0000 Francesco Sordi f_sordi_1@yahoo.it wrote:
attributeType ( id-at-organizationIdentifier NAME 'organizationIdentifier' DESC 'X520 attribute Organization Identifier' SUP name EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SINGLE-VALUE )
But i cannot understand which objectclass can use this attribute and how to add an object using it.
You would need to create a custom objectClass that allows this attribute.
Regards, Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
Francesco Sordi wrote:
Unfortunately ITU did not clarify if this attribute is part of a new class (i.e. legal person) or if it is an attribute for the organization objectclass or another one. I would like to find an exixsting implementation, after all this attribute has been "invented" in 2008.
I look at a lot of different LDAP schema definitions. Until you brought up this I never saw 'organizationIdentifier' in a LDAP schema. So you probably have to use it in your own custom object class. Note that LDAP RFCs (e.g. RFC 4524) have X.501(1993) as normative references.
BTW: I can imagine a lot of diffent IDs for companies, educational/governmental organizations, etc. So the more interesting question is: What's the _exact_ semantics of that attribute?
Ciao, Michael.
Il Giovedì 19 Gennaio 2017 0:46, Quanah Gibson-Mount quanah@symas.com ha scritto:
--On Wednesday, January 18, 2017 10:59 AM +0000 Francesco Sordi <f_sordi_1@yahoo.it mailto:f_sordi_1@yahoo.it> wrote:
attributeType ( id-at-organizationIdentifier NAME 'organizationIdentifier' DESC 'X520 attribute Organization Identifier' SUP name EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SINGLE-VALUE )
But i cannot understand which objectclass can use this attribute and how to add an object using it.
You would need to create a custom objectClass that allows this attribute.
Regards, Quanah
Thanks a lot Michael. The organizationIdentifier attribute would become very used in the very recent future, for PKIs implementation in Europe. Qualified CA would use thtat attribute for legal person certificate. In the ETSI documents, it would be something like organizationName, but different from it. Teoretically would be something of more distinctive for the organization, i.e. the VAT number with the county code. By this, I think it could not be such an internal definition for a company. Thanks again for your kind answer
Il Lunedì 23 Gennaio 2017 10:05, Michael Ströder michael@stroeder.com ha scritto:
Francesco Sordi wrote:
Unfortunately ITU did not clarify if this attribute is part of a new class (i.e. legal person) or if it is an attribute for the organization objectclass or another one. I would like to find an exixsting implementation, after all this attribute has been "invented" in 2008.
I look at a lot of different LDAP schema definitions. Until you brought up this I never saw 'organizationIdentifier' in a LDAP schema. So you probably have to use it in your own custom object class. Note that LDAP RFCs (e.g. RFC 4524) have X.501(1993) as normative references.
BTW: I can imagine a lot of diffent IDs for companies, educational/governmental organizations, etc. So the more interesting question is: What's the _exact_ semantics of that attribute?
Ciao, Michael.
Il Giovedì 19 Gennaio 2017 0:46, Quanah Gibson-Mount quanah@symas.com ha scritto:
--On Wednesday, January 18, 2017 10:59 AM +0000 Francesco Sordi <f_sordi_1@yahoo.it mailto:f_sordi_1@yahoo.it> wrote:
attributeType ( id-at-organizationIdentifier NAME 'organizationIdentifier' DESC 'X520 attribute Organization Identifier' SUP name EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SINGLE-VALUE )
But i cannot understand which objectclass can use this attribute and how to add an object using it.
You would need to create a custom objectClass that allows this attribute.
Regards, Quanah
Francesco Sordi wrote:
The organizationIdentifier attribute would become very used in the very recent future, for PKIs implementation in Europe. Qualified CA would use thtat attribute for legal person certificate. In the ETSI documents, it would be something like organizationName, but different from it. Teoretically would be something of more distinctive for the organization, i.e. the VAT number with the county code. By this, I think it could not be such an internal definition for a company.
I don't want to sound rude but my impression is that this will lead to yet another attribute with undefined semantics. BTDT.
(Hint: E.g. not every company (legal person) has a EU VAT number.)
Ciao, Michael.
The attribute has been defined by ETSI here:https://www.itu.int/rec/dologin.asp?lang=e&id=T-REC-X.520-201210-S!Cor3!...
as I wrote, I managed to insert into a schema, but OpenLDAP refuses to create an entry which uses it. It seems as OpenLDAP sees this as a node such Organization or OrganizationalUnit
Il Lunedì 23 Gennaio 2017 10:39, Michael Ströder michael@stroeder.com ha scritto:
Francesco Sordi wrote:
The organizationIdentifier attribute would become very used in the very recent future, for PKIs implementation in Europe. Qualified CA would use thtat attribute for legal person certificate. In the ETSI documents, it would be something like organizationName, but different from it. Teoretically would be something of more distinctive for the organization, i.e. the VAT number with the county code. By this, I think it could not be such an internal definition for a company.
I don't want to sound rude but my impression is that this will lead to yet another attribute with undefined semantics. BTDT.
(Hint: E.g. not every company (legal person) has a EU VAT number.)
Ciao, Michael.
2017-01-23 10:48 GMT+01:00 Francesco Sordi f_sordi_1@yahoo.it:
The attribute has been defined by ETSI here: https://www.itu.int/rec/dologin.asp?lang=e&id=T-REC-X. 520-201210-S!Cor3!PDF-E&type=items
This attribute wasn't defined by ETSI, but by the X.500 committee. ETSI uses it for eIDAS purposes.
as I wrote, I managed to insert into a schema, but OpenLDAP refuses to create an entry which uses it.It seems as OpenLDAP sees this as a node such Organization or OrganizationalUnit
This is entirely dependent on your object class definition.
Bonjour,
2017-01-23 8:55 GMT+01:00 Michael Ströder michael@stroeder.com:
Francesco Sordi wrote:
Unfortunately ITU did not clarify if this attribute is part of a new
class (i.e. legal
person) or if it is an attribute for the organization objectclass or
another one.
I would like to find an exixsting implementation, after all this
attribute has been
"invented" in 2008.
I look at a lot of different LDAP schema definitions. Until you brought up this I never saw 'organizationIdentifier' in a LDAP schema. So you probably have to use it in your own custom object class. Note that LDAP RFCs (e.g. RFC 4524) have X.501(1993) as normative references.
And while X.520 introduced this attribute, X.521 hasn't included it in any class.
BTW: I can imagine a lot of diffent IDs for companies, educational/governmental organizations, etc. So the more interesting question is: What's the _exact_ semantics of that attribute?
There is no "exact" semantics for this attribute. ETSI EN 319412-1 has a proposed one that is to be used in the eIDAS context (using national trade register number or a national VAT number), but this semantics is not mandatory.
Francesco, as said, you'll have to create your new class for this. Either you create an auxiliary class so this attribute can be added to any entry, or you create a brand new structural class containing all the bells and whistles you want.
Ciao, Michael.
Il Giovedì 19 Gennaio 2017 0:46, Quanah Gibson-Mount quanah@symas.com
ha scritto:
--On Wednesday, January 18, 2017 10:59 AM +0000 Francesco Sordi <f_sordi_1@yahoo.it mailto:f_sordi_1@yahoo.it> wrote:
attributeType ( id-at-organizationIdentifier NAME 'organizationIdentifier' DESC 'X520 attribute Organization Identifier' SUP name EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SINGLE-VALUE )
But i cannot understand which objectclass can use this attribute and how to add an object using it.
You would need to create a custom objectClass that allows this attribute.
Regards, Quanah
Erwann Abalea wrote:
There is no "exact" semantics for this attribute. ETSI EN 319412-1 has a proposed one that is to be used in the eIDAS context (using national trade register number or a national VAT number), but this semantics is not mandatory.
Especially this definition is not complete because at least here in Germany not every company has a trade register number (no "Handelsregistereintrag") or has a EU VAT number. And regarding uniqueness german tax numbers for companies are a different story...
Ciao, Michael.
openldap-technical@openldap.org
-
Erwann Abalea -
Francesco Sordi -
Michael Ströder -
Quanah Gibson-Mount