Re: organizationIdentifier ATTRIBUTE mapping

To: Michael Ströder <michael@stroeder.com>, "openldap-technical@openldap.org" <openldap-technical@openldap.org>

Subject: Re: organizationIdentifier ATTRIBUTE mapping

From: Francesco Sordi <f_sordi_1@yahoo.it>

Date: Mon, 23 Jan 2017 09:11:27 +0000 (UTC)

Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.it; s=s2048; t=1485162688; bh=FbhXjAOksc1cvnsXVqrNCxQP/z0vAEGrdpPg19k2/WE=; h=Date:From:Reply-To:To:In-Reply-To:References:Subject:From:Subject; b=M63ne6TDf00lq2sB8zbPPxtRxz5JgCORj5ApYSdjUN7+U7Fae1xchhT31PbJ7osxHBun9xTH4jqyWq1zNydgZ7Qn5mW51KNSTaKQJKjZsYy1uuXCxgrDBnQ3SngXWCeqUlbyXlEt1hca84RCXCmjcO9F4hLrHgxFpBiDGi+610qZAi4VrxxmY5tR1kSAMLIJp3GoABQQNq1w2VLgoFAeR/wc4WsyeOKLPtddJF9oTDtqRFYZVm4zqEo2/jN1z0PcJ5dajA//3AgsYQEzTUrC9DadAKGcitRXSgbqSUw3Qyj1/ZN7LV/Hk5gSDKNWjNUHqAzxFcjRdVB7fWukVZErAg==

In-reply-to: <7399b59a-701b-eb95-1765-18e78df5bc41@stroeder.com>

References: <1330905851.13061855.1484737196822.ref@mail.yahoo.com> <1330905851.13061855.1484737196822@mail.yahoo.com> <WM!31a3b0b43874507532ce31bebd097c46755734f6f65f317f75507012c76886eb250c1435d0c3b034947f842efdc29ddd!@mailstronghold-3.zmailcloud.com> <AA0ADB29054CB9BD9345E847@[192.168.1.30]> <643449783.15496129.1484899199499@mail.yahoo.com> <7399b59a-701b-eb95-1765-18e78df5bc41@stroeder.com>

Thanks a lot Michael.
The organizationIdentifier attribute would become very used in the very recent future, for PKIs implementation in Europe.
Qualified CA would use thtat attribute for legal person certificate.
In the ETSI documents, it would be something like organizationName, but different from it.
Teoretically would be something of more distinctive for the organization, i.e. the VAT number with the county code.
By this, I think it could not be such an internal definition for a company.
Thanks again for your kind answer

Il Lunedì 23 Gennaio 2017 10:05, Michael Ströder <michael@stroeder.com> ha scritto:

Francesco Sordi wrote:
> Unfortunately ITU did not clarify if this attribute is part of a new class (i.e. legal
> person) or if it is an attribute for the organization objectclass or another one.
> I would like to find an exixsting implementation, after all this attribute has been
> "invented" in 2008.

I look at a lot of different LDAP schema definitions. Until you brought up this I never
saw 'organizationIdentifier' in a LDAP schema. So you probably have to use it in your own
custom object class. Note that LDAP RFCs (e.g. RFC 4524) have X.501(1993) as normative
references.

BTW: I can imagine a lot of diffent IDs for companies, educational/governmental
organizations, etc. So the more interesting question is:
What's the _exact_ semantics of that attribute?

Ciao, Michael.

> Il Giovedì 19 Gennaio 2017 0:46, Quanah Gibson-Mount <quanah@symas.com> ha scritto:
>
>
> --On Wednesday, January 18, 2017 10:59 AM +0000 Francesco Sordi
> <f_sordi_1@yahoo.it <mailto:f_sordi_1@yahoo.it>> wrote:

>
>> attributeType ( id-at-organizationIdentifier
>> NAME 'organizationIdentifier'
>> DESC 'X520 attribute Organization Identifier'
>> SUP name
>> EQUALITY caseIgnoreMatch
>> SUBSTR caseIgnoreSubstringsMatch SINGLE-VALUE )
>>
>>
>> But i cannot understand which objectclass can use this attribute and how
>> to add an object using it.
>
> You would need to create a custom objectClass that allows this attribute.
>
> Regards,
> Quanah

Follow-Ups:

Re: organizationIdentifier ATTRIBUTE mapping
- From: Michael Ströder <michael@stroeder.com>