0

LDAP models often has this format (here, the definition for an attribute):

olcAttributeTypes: (  1.3.6.1.4.1.40805.2.1.3 NAME 'authzAccessTokenEncoding'
        DESC 'OAuth 2.0 access token encoding'
        EQUALITY caseExactMatch 
        ORDERING caseExactOrderingMatch 
        SUBSTR caseExactSubstringsMatch 
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 
        SINGLE-VALUE 
        USAGE userApplications 
        X-ORIGIN 'OAuth 2.0' )

I am interested in the object OIDs: here the attribute name has the OID 1.3.6.1.4.1.40805.2.1.3, and have a reference to the syntax object with OID 1.3.6.1.4.1.1466.115.121.1.15, that refers to a string.

Wikipedia states that:

Each node in the tree is controlled by an assigning authority, which may define child nodes under the node and delegate assigning authority for the child nodes.

Also it seems easy to register a Private Enterprise Number on the IANA website.

However, all of this seems a bit overkill to me.

  • What are the risks to just pick random OIDs and use them?
  • What is the risk if a OID collision occur?
  • Are those OIDs checked by LDAP client or servers?
azmeuk
  • 4,026
  • 3
  • 37
  • 64
  • I don't think picking a random available OID is an issue unless you want to standardize whatever it is you're assigning an OID to. – scottysseus Aug 12 '20 at 20:13

1 Answers1

1

Yes those OIDs are used by servers, and LDAP client libraries, to ensure uniqueness of schema elements, especially when schemas are evolving. Therefore, there should be no collisions with OIDs, otherwise the server will not start. As long as you are working within a private perimeter, you are free to use random OIDs under your own tree. But because OIDs are structured and used by many other IETF protocols than LDAP, you must never create a random OID tree, nor use an OID that was registered by an other company.

Ludovic Poitou
  • 4,788
  • 2
  • 21
  • 30