An LDAP distinguished name (DN) is a string representation for an entry in your file directory. You use distinguished names to organize and navigate your data.

A DN typically consists of the following items in the following order:

• A common name.
  
  
• A list of regional or organizational attributes.
  
  
• A country/region designation.
  
  

This string of identifying attributes uniquely locates the entry within your directory. Because a DN represents a path through the directory tree, the DN parts are order-dependent. For example, the following DNs do not represent the same entry:

CN=Danielle Tiedt, OU=Engineering, O=Microsoft, C=US

CN=Danielle Tiedt, O=Microsoft, OU=Engineering, C=US

The DN attributes you use, and the order in which you choose to specify them, is up to you and how you want to organize your directory. The only requirement is that DN attributes must be separated by a comma (,) and can optionally use a space following the comma.

To create an LDAP structure using DNs, you need to organize the entries in an inverted tree structure. The top of this tree-like structure consists of a root directory, which branches out to countries/regions. The countries/regions are divided into organizations, which are split into smaller organizational units, such as divisions or departments. The organizational units branch out to individuals including people, files, and shared resources such as printers.

Therefore, a worker in the Kenyan branch office might have a contact entry named:

CN=John Wood, OU=Corporate Sales, OU=Marketing, C=Kenya, O=Microsoft, DN=Microsoft.com

For more information about LDAP distinguished names, refer to RFC 2253.

See Also