Zdenek Styblik writes:
My biggest concern is about numbering [OID/PEN ?]. I've
PEN from IANA, no problem here. But how should I divide numbers to
attributes? Does it matter? Can I run out of space? Do something
[utterly] wrong? I just haven't seen this [numbering] explained to
the last bit anywhere.
When you have been delegated an oid X, that includes all OIDs
X.<anything>. You can delegate further - give X.123 to one
department unit, which then owns the X.123.* OID space, and so on.
You can't run out of space, but you can make a bit of a mess of it,
as we did. It's basically a matter of administration. You need to
remember that you are now wearing several hats:
Presumably you wanted the OID for some project or application, but IANA
gave the OID to your organization, not to your project. Maybe some
other project of yours will want its own OIDs later, without worries
about coordinating with your current project. If so, the first thing
to do is to delegate an OID from your organization to your project.
I.e. if your organization has oid X, give your project OID
X.<something>. X.1, or X.12345, X.<internal project number>, whatever.
Or if your organization is bigger than that, first wearing your hat
as the organization's OID admin, delegate OID X.Y to your department.
Then then wearing your new hat as that department's OID admin delegate
X.Y.<something> to your project.
Or if the organization is bigger still, maybe the top hats don't fit on
Also you can run into name conflicts with attribute/object class names
from other schemas, schemas which you'll someday want to include in
addition to your own schema.
So it's good practice to prefix names of schema elements (attributes,
objectclass, ...) with (an abbreviation of) the name of your project or
organization. That doesn't eliminate the possibility of name conflicts,
but does reduce it.
Alternatively, you can reserve your schema element by registering them
Or may be, I've just read wrong.
I mean, should it be like tree structure and eg. class1 =
prefix.PEN.1.X; class2 = prefix.PEN.2.X; ...; classN = prefix.PEN.N.X; ?
But may be there is no "bigger" sense I'm looking for and incremental
numbering (+1 per attribute) is just enough.
Right, there is no ordering. By itself, an OID just needs to be unique
- LDAP doesn't care what your mapping is to attribute types, object
classes, etc. Well, it's best to keep integer components in the range
[0, 2**31 - a slight margin], since some apps may translate components
to machine integers.
Anyway, now that your project (or application) has an OID (I'll call it
Z), wearing your hat as the project's OID admin, you can start using its
OIDs. Maybe just use OIDs Z.* for everything. Another common way is to
use Z.1.* for attributes, Z.2.* for object classes, etc. Or for that
matter, delegate a bit further first, to the particular schema you are
PS: for example, I would like to add JID [jabber ID]/IM [which would
hold whatever Instant Messaging string] attribute and extend
InetOrgPerson with this attribute.
Avoid "extending inetOrgPerson" by modifying the existing object class
definition, if that's what you mean. That invites interoperability and
Create another object class which allows the new attributes. Either an
'AUXILIARY' class to be included in the objectClass attribute along with
inetOrgPerson, or a 'STRUCTURAL' class - a superclass of inetOrgPerson.
# schema for project xyzzy, oid 126.96.36.199.4.1.98765.1.1:
attributeType ( 188.8.131.52.4.1.98765.1.1 NAME 'xyzzyJabberID'
SYNTAX 184.108.40.206.4.1.14220.127.116.11.15 )
objectClass ( 18.104.22.168.4.1.98765.2.1 NAME 'xyzzyPerson'
MAY ( xyzzyJabberID ) )
# ldif entry
xyzzyJabberID: <sorry, i don't know what jabber IDs look like>