ASCII Smiley Face Daniel Dickinson Mini Headshot
The C Shore
Daniel Dickinson's Website - Experimental

LDAP Distinguished Names


DN stands for Distinguished Name in LDAP-speak


Example Tree

                |                    |
             dc=sub1              dc=sub2 
                |                    |
           +----+-----+          +---+----+
           |          |          |        |
       ou=dept1   ou=dept2    u=dept1  ou=dep2 

Further Notes

A Distinguished Name Is A Container

From the above you might think that a distinguished name is just a pointer to where you are in the LDAP tree. This is not in fact the case; a distinguished is also a container. Every distinguished name has many fields. The primary field is the one used as the distinguished name.

e.g. for ou=dept1,dc=sub1,dc=base, the primary field is

 ou: The organzational unit

A full record might look like:

 dn: ou=dept1,dc=sub1,dc=base
 objectClass: top
 objectClass: organizationalUnit
 ou: dept1