<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoPlainText, li.MsoPlainText, div.MsoPlainText
{mso-style-priority:99;
mso-style-link:"Plain Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.5pt;
font-family:Consolas;}
span.PlainTextChar
{mso-style-name:"Plain Text Char";
mso-style-priority:99;
mso-style-link:"Plain Text";
font-family:Consolas;}
.MsoChpDefault
{mso-style-type:export-only;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=EN-US link=blue vlink=purple>
<div class=Section1>
<p class=MsoPlainText>Andrew,<o:p></o:p></p>
<p class=MsoPlainText><o:p> </o:p></p>
<p class=MsoPlainText>Thank you for bringing these OID conflicts to our
attention. <o:p></o:p></p>
<p class=MsoPlainText><o:p> </o:p></p>
<p class=MsoPlainText>The following table summarizes the known list of OIDs
that Microsoft uses in Active Directory that have conflicting allocations
between AD and either the OID allocation hierarchy. <o:p></o:p></p>
<p class=MsoPlainText><span style='color:black'> </span><o:p></o:p></p>
<table class=MsoNormalTable border=0 cellspacing=0 cellpadding=0
style='border-collapse:collapse'>
<tr>
<td width=158 valign=top style='width:94.95pt;border:solid black 1.0pt;
background:#CCCCCC;padding:0in 5.4pt 0in 5.4pt'>
<p class=MsoPlainText style='line-height:115%'>Name in AD <o:p></o:p></p>
</td>
<td width=186 valign=top style='width:111.75pt;border:solid black 1.0pt;
border-left:none;background:#CCCCCC;padding:0in 5.4pt 0in 5.4pt'>
<p class=MsoPlainText style='line-height:115%'>OID in MS-ADA*<o:p></o:p></p>
</td>
<td width=109 valign=top style='width:65.45pt;border:solid black 1.0pt;
border-left:none;background:#CCCCCC;padding:0in 5.4pt 0in 5.4pt'>
<p class=MsoPlainText style='line-height:115%'>Organization <o:p></o:p></p>
</td>
<td width=158 valign=top style='width:94.9pt;border:solid black 1.0pt;
border-left:none;background:#CCCCCC;padding:0in 5.4pt 0in 5.4pt'>
<p class=MsoPlainText style='line-height:115%'>Name registered<o:p></o:p></p>
</td>
<td width=186 valign=top style='width:111.75pt;border:solid black 1.0pt;
border-left:none;background:#CCCCCC;padding:0in 5.4pt 0in 5.4pt'>
<p class=MsoPlainText style='line-height:115%'>OID (if different from AD)<o:p></o:p></p>
</td>
</tr>
<tr>
<td width=158 valign=top style='width:94.95pt;border:solid black 1.0pt;
border-top:none;padding:0in 5.4pt 0in 5.4pt'>
<p class=MsoPlainText style='line-height:115%'>middleName<o:p></o:p></p>
</td>
<td width=186 valign=top style='width:111.75pt;border-top:none;border-left:
none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
padding:0in 5.4pt 0in 5.4pt'>
<p class=MsoPlainText style='line-height:115%'>2.16.840.1.113730.3.1.34<o:p></o:p></p>
</td>
<td width=109 valign=top style='width:65.45pt;border-top:none;border-left:
none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
padding:0in 5.4pt 0in 5.4pt'>
<p class=MsoPlainText style='line-height:115%'>Netscape<o:p></o:p></p>
</td>
<td width=158 valign=top style='width:94.9pt;border-top:none;border-left:
none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
padding:0in 5.4pt 0in 5.4pt'>
<p class=MsoPlainText style='line-height:115%'>ref <o:p></o:p></p>
</td>
<td width=186 valign=top style='width:111.75pt;border-top:none;border-left:
none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
padding:0in 5.4pt 0in 5.4pt'>
<p class=MsoPlainText style='line-height:115%'> <o:p></o:p></p>
</td>
</tr>
<tr>
<td width=158 valign=top style='width:94.95pt;border:solid black 1.0pt;
border-top:none;padding:0in 5.4pt 0in 5.4pt'>
<p class=MsoPlainText style='line-height:115%'>thumbnailLogo<o:p></o:p></p>
</td>
<td width=186 valign=top style='width:111.75pt;border-top:none;border-left:
none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
padding:0in 5.4pt 0in 5.4pt'>
<p class=MsoPlainText style='line-height:115%'>2.16.840.1.113730.3.1.36<o:p></o:p></p>
</td>
<td width=109 valign=top style='width:65.45pt;border-top:none;border-left:
none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
padding:0in 5.4pt 0in 5.4pt'>
<p class=MsoPlainText style='line-height:115%'>Netscape<o:p></o:p></p>
</td>
<td width=158 valign=top style='width:94.9pt;border-top:none;border-left:
none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
padding:0in 5.4pt 0in 5.4pt'>
<p class=MsoPlainText style='line-height:115%'>nsLicensedFor<o:p></o:p></p>
</td>
<td width=186 valign=top style='width:111.75pt;border-top:none;border-left:
none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
padding:0in 5.4pt 0in 5.4pt'>
<p class=MsoPlainText style='line-height:115%'> <o:p></o:p></p>
</td>
</tr>
<tr>
<td width=158 valign=top style='width:94.95pt;border:solid black 1.0pt;
border-top:none;padding:0in 5.4pt 0in 5.4pt'>
<p class=MsoPlainText style='line-height:115%'>thumbnailPhoto<o:p></o:p></p>
</td>
<td width=186 valign=top style='width:111.75pt;border-top:none;border-left:
none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
padding:0in 5.4pt 0in 5.4pt'>
<p class=MsoPlainText style='line-height:115%'>2.16.840.1.113730.3.1.35<o:p></o:p></p>
</td>
<td width=109 valign=top style='width:65.45pt;border-top:none;border-left:
none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
padding:0in 5.4pt 0in 5.4pt'>
<p class=MsoPlainText style='line-height:115%'>Netscape<o:p></o:p></p>
</td>
<td width=158 valign=top style='width:94.9pt;border-top:none;border-left:
none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
padding:0in 5.4pt 0in 5.4pt'>
<p class=MsoPlainText style='line-height:115%'>changeLog<o:p></o:p></p>
</td>
<td width=186 valign=top style='width:111.75pt;border-top:none;border-left:
none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
padding:0in 5.4pt 0in 5.4pt'>
<p class=MsoPlainText style='line-height:115%'> <o:p></o:p></p>
</td>
</tr>
<tr>
<td width=158 valign=top style='width:94.95pt;border:solid black 1.0pt;
border-top:none;padding:0in 5.4pt 0in 5.4pt'>
<p class=MsoPlainText style='line-height:115%'>userSMIMECertificate<o:p></o:p></p>
</td>
<td width=186 valign=top style='width:111.75pt;border-top:none;border-left:
none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
padding:0in 5.4pt 0in 5.4pt'>
<p class=MsoPlainText style='line-height:115%'>2.16.840.1.113730.3.140<o:p></o:p></p>
</td>
<td width=109 valign=top style='width:65.45pt;border-top:none;border-left:
none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
padding:0in 5.4pt 0in 5.4pt'>
<p class=MsoPlainText style='line-height:115%'>Netscape<o:p></o:p></p>
</td>
<td width=158 valign=top style='width:94.9pt;border-top:none;border-left:
none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
padding:0in 5.4pt 0in 5.4pt'>
<p class=MsoPlainText style='line-height:115%'>userSMIMECertificate<o:p></o:p></p>
</td>
<td width=186 valign=top style='width:111.75pt;border-top:none;border-left:
none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
padding:0in 5.4pt 0in 5.4pt'>
<p class=MsoPlainText style='line-height:115%'>2.16.840.1.113730.3.1.40<o:p></o:p></p>
</td>
</tr>
</table>
<p class=MsoPlainText><o:p> </o:p></p>
<p class=MsoPlainText>Our assignment of these OIDs has been around since AD
inception in Windows Server 2000. It would not feasible to retroactively change
the OIDs due to the resulting compatibility issues. As a result, the OIDs
provided in the protocol documents do accurately describe system behaviors and
are sufficient to facilitate development of compatible implementations.<o:p></o:p></p>
<p class=MsoPlainText><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoPlainText>In retrospective, the product team has recognized the
need for a change in the process for allocating OIDs and avoiding conflicts in
the future and has the necessary processes in place to avoid further
occurrences. <o:p></o:p></p>
<p class=MsoPlainText><o:p> </o:p></p>
<p class=MsoPlainText>Best regards,<o:p></o:p></p>
<p class=MsoPlainText>Edgar<o:p></o:p></p>
<p class=MsoPlainText><o:p> </o:p></p>
<p class=MsoPlainText><o:p> </o:p></p>
<p class=MsoPlainText>-----Original Message-----<br>
From: Edgar Olougouna <br>
Sent: Wednesday, December 09, 2009 11:35 AM<br>
To: Andrew Bartlett<br>
Cc: cifs-protocol@samba.org; pfif@tridgell.net; Endi Sukma Dewata<br>
Subject: RE: Conflicting OIDs<o:p></o:p></p>
<p class=MsoPlainText><o:p> </o:p></p>
<p class=MsoPlainText>Andrew,<o:p></o:p></p>
<p class=MsoPlainText><o:p> </o:p></p>
<p class=MsoPlainText>I am taking care of this and will be updating you as soon
as I have news.<o:p></o:p></p>
<p class=MsoPlainText><o:p> </o:p></p>
<p class=MsoPlainText>Best regards,<o:p></o:p></p>
<p class=MsoPlainText><o:p> </o:p></p>
<p class=MsoPlainText>Edgar<o:p></o:p></p>
<p class=MsoPlainText><o:p> </o:p></p>
<p class=MsoPlainText><o:p> </o:p></p>
<p class=MsoPlainText>-----Original Message-----<o:p></o:p></p>
<p class=MsoPlainText>From: Bill Wesse <o:p></o:p></p>
<p class=MsoPlainText>Sent: Wednesday, December 09, 2009 7:51 AM<o:p></o:p></p>
<p class=MsoPlainText>To: Andrew Bartlett; Interoperability Documentation Help<o:p></o:p></p>
<p class=MsoPlainText>Cc: cifs-protocol@samba.org; pfif@tridgell.net; Endi
Sukma Dewata<o:p></o:p></p>
<p class=MsoPlainText>Subject: RE: Conflicting OIDs<o:p></o:p></p>
<p class=MsoPlainText><o:p> </o:p></p>
<p class=MsoPlainText>Good morning Andrew - thanks for your question - I have
created the below case for us to track our efforts regarding that. One of my
colleagues will take ownership and contact you shortly.<o:p></o:p></p>
<p class=MsoPlainText><o:p> </o:p></p>
<p class=MsoPlainText>SRX091209600017 : [MS-ADA3] Conflicting OIDs<o:p></o:p></p>
<p class=MsoPlainText><o:p> </o:p></p>
<p class=MsoPlainText>Regards,<o:p></o:p></p>
<p class=MsoPlainText>Bill Wesse<o:p></o:p></p>
<p class=MsoPlainText>MCSE, MCTS / Senior Escalation Engineer, US-CSS DSC
PROTOCOL TEAM<o:p></o:p></p>
<p class=MsoPlainText>8055 Microsoft Way<o:p></o:p></p>
<p class=MsoPlainText>Charlotte, NC 28273<o:p></o:p></p>
<p class=MsoPlainText>TEL: +1(980) 776-8200<o:p></o:p></p>
<p class=MsoPlainText>CELL: +1(704) 661-5438<o:p></o:p></p>
<p class=MsoPlainText>FAX: +1(704) 665-9606<o:p></o:p></p>
<p class=MsoPlainText><o:p> </o:p></p>
<p class=MsoPlainText>-----Original Message-----<o:p></o:p></p>
<p class=MsoPlainText>From: Andrew Bartlett [mailto:abartlet@samba.org] <o:p></o:p></p>
<p class=MsoPlainText>Sent: Tuesday, December 08, 2009 8:44 PM<o:p></o:p></p>
<p class=MsoPlainText>To: Interoperability Documentation Help<o:p></o:p></p>
<p class=MsoPlainText>Cc: cifs-protocol@samba.org; pfif@tridgell.net; Endi
Sukma Dewata<o:p></o:p></p>
<p class=MsoPlainText>Subject: Conflicting OIDs<o:p></o:p></p>
<p class=MsoPlainText><o:p> </o:p></p>
<p class=MsoPlainText>MS-ADA3 2.305 Attribute thumbnailLogo has:<o:p></o:p></p>
<p class=MsoPlainText><o:p> </o:p></p>
<p class=MsoPlainText>cn: Logo<o:p></o:p></p>
<p class=MsoPlainText>ldapDisplayName: thumbnailLogo<o:p></o:p></p>
<p class=MsoPlainText>attributeId: 2.16.840.1.113730.3.1.36<o:p></o:p></p>
<p class=MsoPlainText><o:p> </o:p></p>
<p class=MsoPlainText>However, this OID is allocated, according to
http://www.alvestrand.no/objectid/2.16.840.1.113730.3.1.36.html to Netscape
(now Red Hat), and is used for nsLicensedFor. <o:p></o:p></p>
<p class=MsoPlainText><o:p> </o:p></p>
<p class=MsoPlainText>It appears the official OID for thumbnailLogo is<o:p></o:p></p>
<p class=MsoPlainText>1.3.6.1.4.1.1466.101.120.36 according to<o:p></o:p></p>
<p class=MsoPlainText><o:p> </o:p></p>
<p class=MsoPlainText>http://tools.ietf.org/html/draft-ietf-asid-schema-pilot-00<o:p></o:p></p>
<p class=MsoPlainText><o:p> </o:p></p>
<p class=MsoPlainText><o:p> </o:p></p>
<p class=MsoPlainText>So far, we have found the following OIDs that are
allocated to different names between Microsoft's AD implementation and the
official<o:p></o:p></p>
<p class=MsoPlainText>allocations:<o:p></o:p></p>
<p class=MsoPlainText><o:p> </o:p></p>
<p class=MsoPlainText>#MiddleName has a conflicting OID<o:p></o:p></p>
<p class=MsoPlainText>2.16.840.1.113730.3.1.34:1.3.6.1.4.1.7165.4.255.1<o:p></o:p></p>
<p class=MsoPlainText>#defaultGroup has a conflicting OID<o:p></o:p></p>
<p class=MsoPlainText>1.2.840.113556.1.4.480:1.3.6.1.4.1.7165.4.255.2<o:p></o:p></p>
<p class=MsoPlainText>#thumbnailPhoto has a conflicting OID<o:p></o:p></p>
<p class=MsoPlainText>2.16.840.1.113730.3.1.35:1.3.6.1.4.1.7165.4.255.10<o:p></o:p></p>
<p class=MsoPlainText>#thumbnailLogo has a conflicting OID<o:p></o:p></p>
<p class=MsoPlainText>2.16.840.1.113730.3.1.36:1.3.6.1.4.1.7165.4.255.11<o:p></o:p></p>
<p class=MsoPlainText><o:p> </o:p></p>
<p class=MsoPlainText>What I want to know is: What is the full list of OIDs
that Microsoft uses in Active Directory that have conflicting allocations
between AD and either the OID allocation hierarchy or common practice? <o:p></o:p></p>
<p class=MsoPlainText><o:p> </o:p></p>
<p class=MsoPlainText>This will assist us as we aim for interoperability, as
for each conflict, we must manually remap.<o:p></o:p></p>
<p class=MsoPlainText><o:p> </o:p></p>
<p class=MsoPlainText>In the long term, we would like to see the AD schema
documents annotated with this conflict (both as as summary table and on each
attribute), and a process put in place to avoid these kinds of problems in
future. <o:p></o:p></p>
<p class=MsoPlainText><o:p> </o:p></p>
<p class=MsoPlainText>Thanks,<o:p></o:p></p>
<p class=MsoPlainText><o:p> </o:p></p>
<p class=MsoPlainText>Andrew Bartlett<o:p></o:p></p>
<p class=MsoPlainText><o:p> </o:p></p>
<p class=MsoPlainText>-- <o:p></o:p></p>
<p class=MsoPlainText>Andrew Bartlett
http://samba.org/~abartlet/<o:p></o:p></p>
<p class=MsoPlainText>Authentication Developer, Samba Team
http://samba.org<o:p></o:p></p>
<p class=MsoPlainText>Samba Developer, Cisco Inc.<o:p></o:p></p>
<p class=MsoPlainText><o:p> </o:p></p>
<p class=MsoPlainText><o:p> </o:p></p>
</div>
</body>
</html>