What is the LDAP Distinguished Name (DN)?


The Distinguished Name (DN) is the unique identifier for an entry in the ldap tree.

The Distinguished Name (DN) is the combination of all relative distinguished names ancestors (ie from the standard: the concatenation of the relative distinguished names of the sequence of entries from a particular entry to an immediate subordinate of the root of the tree).

What is the Principal of a user in Authentication? ?



The world { relative name = 'dc=com' , description = 'The world' }
    ---- A company { relative name = 'o=foo bar ', web address = 'www.gerardnico.com'  }
            ----- A person { relative name = 'cn=foo', favorite drink = 'martini' }
            ----- A person { relative name = 'cn=Trudi', favorite drink = 'beer' }
            ----- A person { relative name = 'cn=Jay', favorite drink = 'mineral water' }

The DN of foo would be:

cn=foo,o=foo bar,dc=com

where the DN is composed of:

Two (from the standard)

An example of a Distinguished Name is

CN=Steve Kille, O=Isode Limited, C=GB

where the DN is composed of:


When adding owner information, you need to define a DN in a certificate signing request.

The distinguished name may be defined as the concatenation of all this fields or a subset of them in hierachical order.


[email protected], CN=KeyName, OU=Programs Partners, O=Organisation, L=Town, C=NL

CN=Bytle, O=Bytle, C=NL

Documentation / Reference

Discover More
Ldap Member Attribute
(Weblogic|OBIEE) - Active Directory (ADSI) Configuration

This article show how to configure Weblogic in order to let OBIEE authenticate against Active Directory. Once the AD domain is recognise as a valid user store to authenticate Oracle BI, users will be...
Certificate Validity Period Not Before Not After Portecle
CA Certificate

A CA certificate is a certificate used by a certificate authority to sign certificate. In the chain, it's the Root certificate or the intermediate certificates. Most organizations create an intermediate...
Csr Ldap Dn Properties
Cryptography - Certificate Signing Request

When requesting a signed certificate, an additional file must be created. This file is called Certificate Signing Request, generated from the Private Key. See the procedure at signed certificate procedure...
Portecle New Keystore
Cryptography - Keystore (KS)

A keystore is a database of key material. ie: key LDAP identity You only need it: if you are a server that want to implements SSL, or if the server requires client authentication. A keystore...
Certificate Validity Period Not Before Not After Portecle
Cryptography Certificate - How to self-signed a Certificate (for a test or internal server)

When a certificate is used to sign itself, it is called a self signed certificate. All root CA certificates of the certificate chain are self signed. This article shows you how to create a self-signed...
400 Default Page No Required Ssl Certificate
How to configure certification based client authentication with Nginx ?

This article shows you how to configure a client authentication via the ownership of a certificat on a Nginx web server. The server should be already configured for HTTPS as client certificate (client...
Public Key Crypto Pair Key Creation
Keypair (public and a private key)

A keypair is a pair of keys: a public key: Used for encryption or signature verification; and a private one: The decryption key which is kept secret decrypt and sign. They are a component of the...
LDAP - (LDIF fields|LDAP Attribute)

Attributes of an entry See 4519Lightweight Directory Access Protocol (LDAP): Schema for User Applications The attribute type is identified by: a short descriptive name and an OID (object identifier)....
LDAP - Entry

Entry are the content of a LDAP directory and they represents entity or objects such as: people, organizational units, printers, documents, groups of people or anything else LDAP deployments...
Map Of Internet 1973
Network - (Internet) Apex Domain (also known as Zone domain)

An apex domain is the domain name that: is composed of the two top-level label of a name (the first being the top level domain) does not contain a subdomain For example: example.com is an apex domain....

Share this page:
Follow us:
Task Runner