LDAP Distinguished Names


DN stands for Distinguished Name in LDAP-speak


Example Tree

                |                    |
             dc=sub1              dc=sub2 
                |                    |
           +----+-----+          +---+----+
           |          |          |        |
       ou=dept1   ou=dept2    u=dept1  ou=dep2 

Further Notes

A Distinguished Name Is A Container

From the above you might think that a distinguished name is just a pointer to where you are in the LDAP tree. This is not in fact the case; a distinguished is also a container. Every distinguished name has many fields. The primary field is the one used as the distinguished name.

e.g. for ou=dept1,dc=sub1,dc=base, the primary field is

 ou: The organzational unit

A full record might look like:

 dn: ou=dept1,dc=sub1,dc=base
 objectClass: top
 objectClass: organizationalUnit
 ou: dept1

© 2005 Daniel Dickinson <cshore@wightman.ca>

This document is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

This document is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should be able to view a copy of the GNU General Public License at http://www.gnu.org/copyleft/gpl.html. If not, you can write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA to obtain a copy.