OID when extending schema to include customer attributes and objects

This topic has 5 replies, 3 voices, and was last updated 4 years, 11 months ago by GuyPaddock.

  • Author
  • #14629

    is there any best practices to be followed on how to come up with OIDs for creating custom attributes and objects?
    I cant find any reasonable documentation to describe the same.

    I dont want to use the GUI to add objects and attributes. I want to import them from an ldif file.

    For Example,

    attributeTypes: ( 0.9.2342.19200300.100.1.3 NAME ( 'mail' 'rfc822Mailbox' )
      EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch
      SYNTAX{256} X-ORIGIN 'RFC 4524' )

    How do you come up with an OID like that, or is it can be a random string?

    • This topic was modified 5 years, 10 months ago by bhonnegowda.

    When you want to use custom attributes you can simple make a attribute ldapmodify operation with given ldif file.

    for example to add new string attribute accountType you can create ldif like this.

    dn: cn=schema
    changetype: modify
    add: attributeTypes
    attributeTypes: ( accountType-oid NAME 'accountType' DESC 'custom attribute accountType' EQUALITY caseIgnoreMatch SYNTAX SINGLE-VALUE)

    after that if you want to add new objectclass which will have this attribute as part of it you cand than make another modification.

    dn: cn=schema
    changetype: modify
    add: objectClasses
    objectClasses: ( myObject-oid NAME 'myObject' DESC 'my custom object with customAttribute'
    AUXILIARY MUST (someMandatoryAttribute1 $ someMandatoryAttribute2)
    MAY (someOptionalAttribute $ accountType))

    Important information for you:
    when you are using OpenDJ version less then 3.xxx first you update some objectclass (before you add attribute to it) you have to delete it first but you must use whole definition of the object exactly like my second example for adding objectclass but using delete instead of add operation.

    Hope it can help you.

    • This reply was modified 5 years, 10 months ago by Frotonis.
    • This reply was modified 5 years, 10 months ago by Frotonis.

    Addressing the OPs actual question regarding the scheme for OID numbering with custom attributes: it used to be the case that you had to register OIDs before using them, because you never wanted to risk OID collisions.

    However, the 2005 ITU-T X.667 standard defined a way to generate UUIDs and then convert them over to OIDs, since it’s nearly impossible that two UUIDs would be the same value. The new OID would then show up under the 2.25 portion of the OID hierarchy.

    You can use this tool to convert UUIDs to OIDs:

    And, you can generate UUIDs using this tool:

    Please note that if you’re going to be sharing an attribute with another system — for example, your custom attribute will show up in an API spec you publish to another company — it would still be beneficial to get a registered OID. The main benefit is that the consumers of your attribute can look it up in a common point of reference, and you can use that as an opportunity to associate it with docs.

    The IANA is one place you can register one:


    This is exactly what i was looking for. thanks @guypaddock.


    Thanks for the detailed info. But, i was really looking at how to create unique OIDs.


    FYI The UUID to OID tool moved. It is now here:

    (I am not the maintainer, and just now realized that the original site was down. Archive.org was able to show me the last post from the maintainer about the URL change).

Viewing 6 posts - 1 through 6 (of 6 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?