[cifs-protocol] Conflicting OIDs

Edgar Olougouna edgaro at microsoft.com
Mon Jan 25 12:51:28 MST 2010 

Andrew,



Thank you for bringing these OID conflicts to our attention.



The following table summarizes the known list of OIDs that Microsoft uses in Active Directory that have conflicting allocations between AD and either the OID allocation hierarchy.



Name in AD


OID in MS-ADA*


Organization


Name registered


OID (if different from AD)


middleName


2.16.840.1.113730.3.1.34


Netscape


ref





thumbnailLogo


2.16.840.1.113730.3.1.36


Netscape


nsLicensedFor





thumbnailPhoto


2.16.840.1.113730.3.1.35


Netscape


changeLog





userSMIMECertificate


2.16.840.1.113730.3.140


Netscape


userSMIMECertificate


2.16.840.1.113730.3.1.40




Our assignment of these OIDs has been around since AD inception in Windows Server 2000. It would not feasible to retroactively change the OIDs due to the resulting compatibility issues. As a result, the OIDs provided in the protocol documents do accurately describe system behaviors and are sufficient to facilitate development of compatible implementations.



In retrospective, the product team has recognized the need for a change in the process for allocating OIDs and avoiding conflicts in the future and has the necessary processes in place to avoid further occurrences.



Best regards,

Edgar





-----Original Message-----
From: Edgar Olougouna
Sent: Wednesday, December 09, 2009 11:35 AM
To: Andrew Bartlett
Cc: cifs-protocol at samba.org; pfif at tridgell.net; Endi Sukma Dewata
Subject: RE: Conflicting OIDs



Andrew,



I am taking care of this and will be updating you as soon as I have news.



Best regards,



Edgar





-----Original Message-----

From: Bill Wesse

Sent: Wednesday, December 09, 2009 7:51 AM

To: Andrew Bartlett; Interoperability Documentation Help

Cc: cifs-protocol at samba.org; pfif at tridgell.net; Endi Sukma Dewata

Subject: RE: Conflicting OIDs



Good morning Andrew - thanks for your question - I have created the below case for us to track our efforts regarding that. One of my colleagues will take ownership and contact you shortly.



SRX091209600017 : [MS-ADA3] Conflicting OIDs



Regards,

Bill Wesse

MCSE, MCTS / Senior Escalation Engineer, US-CSS DSC PROTOCOL TEAM

8055 Microsoft Way

Charlotte, NC 28273

TEL:  +1(980) 776-8200

CELL: +1(704) 661-5438

FAX:  +1(704) 665-9606



-----Original Message-----

From: Andrew Bartlett [mailto:abartlet at samba.org]

Sent: Tuesday, December 08, 2009 8:44 PM

To: Interoperability Documentation Help

Cc: cifs-protocol at samba.org; pfif at tridgell.net; Endi Sukma Dewata

Subject: Conflicting OIDs



MS-ADA3 2.305 Attribute thumbnailLogo has:



cn: Logo

ldapDisplayName: thumbnailLogo

attributeId: 2.16.840.1.113730.3.1.36



However, this OID is allocated, according to http://www.alvestrand.no/objectid/2.16.840.1.113730.3.1.36.html to Netscape (now Red Hat), and is used for nsLicensedFor.



It appears the official OID for thumbnailLogo is

1.3.6.1.4.1.1466.101.120.36 according to



http://tools.ietf.org/html/draft-ietf-asid-schema-pilot-00





So far, we have found the following OIDs that are allocated to different names between Microsoft's AD implementation and the official

allocations:



#MiddleName has a conflicting OID

2.16.840.1.113730.3.1.34:1.3.6.1.4.1.7165.4.255.1

#defaultGroup has a conflicting OID

1.2.840.113556.1.4.480:1.3.6.1.4.1.7165.4.255.2

#thumbnailPhoto has a conflicting OID

2.16.840.1.113730.3.1.35:1.3.6.1.4.1.7165.4.255.10

#thumbnailLogo has a conflicting OID

2.16.840.1.113730.3.1.36:1.3.6.1.4.1.7165.4.255.11



What I want to know is:  What is the full list of OIDs that Microsoft uses in Active Directory that have conflicting allocations between AD and either the OID allocation hierarchy or common practice?



This will assist us as we aim for interoperability, as for each conflict, we must manually remap.



In the long term, we would like to see the AD schema documents annotated with this conflict (both as as summary table and on each attribute), and a process put in place to avoid these kinds of problems in future.



Thanks,



Andrew Bartlett



--

Andrew Bartlett                                http://samba.org/~abartlet/

Authentication Developer, Samba Team           http://samba.org

Samba Developer, Cisco Inc.




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.samba.org/pipermail/cifs-protocol/attachments/20100125/5b328d54/attachment.html>

More information about the cifs-protocol mailing list