A user is an individual in your LDAP database, such as an employee of your company. A group is two or more users who share a common attribute. An organizational unit is a subdivision within your company.
Each user and group in your enterprise is represented by a Distinguished Name (DN) attribute. A DN attribute is a text string that contains identifying information for an associated user, group, or object. You use DNs whenever you make changes to a user or group directory entry. For example, you need to specify DN information each time you create or modify directory entries, set up access controls, and set up user accounts for applications such as mail or publishing.
The preceding figure shows a sample DN representation. The following example represents a typical DN for an employee of Sun Microsystems:
uid=doe,email@example.com,cn=John Doe,o=Sun Microsystems Inc.,c=US
The abbreviations before each equal sign in this example have the following meanings:
uid: user ID
e: email address
cn: the user’s common name
DNs may include a variety of name-value pairs. They are used to identify both certificate subjects and entries in directories that support LDAP.