Edward JobsWhen accessing a directory service via LDAP, an LDAP Distinguished Name is used to specify the target entry.
The LDAP Distinguished Name (DN) is also simply referred to as a Distinguished Name. It consists of multiple Relative Distinguished Names (RDNs) separated by commas. “DN” stands for Distinguished Name, and “RDN” stands for Relative Distinguished Name.
For example, a user named “cool” placed under the “Users” container in the domain infraeye.com would be represented as:
cn=cool, cn=Users, dc=infraeye, dc=com
An RDN is defined using the syntax “attribute=value”, but the available attributes may vary depending on the directory service software being used. For example, in Active Directory, the following attribute names are commonly used:
LDAP Attribute Names Used in Active Directory
| LDAP Attribute | Display Name | Applicable Object Types |
|---|---|---|
| cn | Common-Name | User names, group names, computer |
| ou | Organizational-Unit-Name | Organizational Units (OU) |
| dc | Domain-Component | Domains |
An LDAP Distinguished Name is written from the lowest level upward in the Active Directory hierarchy. Let’s look at more examples:
- A user named “cool” placed under the OU “Sales” in the domain infraeye.com:
cn=cool, ou=Sales, dc=infraeye, dc=com
- A computer named “pc5” placed under the container “Computers” in the domain infraeye.com:
cn=pc5, cn=Computers, dc=infraeye, dc=com
