Understanding the LDAP Binding Component

Distinguished Names and Relative Distinguished Names

An entry is made up of a collection of attributes that have a unique identifier called a Distinguished Name (DN). A DN has a unique name that identifies the entry at the respective hierarchy. In the example above, John Doe and Jane Doe are different common names (cn) that identify different entries at that same level.

A DN is also a fully qualified path of names that trace the entry back to the root of the tree. For example, the distinguished name of the John Doe entry is:

cn=John Doe, ou=People, dc=sun.com

A Relative Distinguished Name (RDN) is a component of the distinguished name.

For example, cn=John Doe, ou=People is a RDN relative to the root RDN dc=sun.com.

Note –

DNs describe the fully qualified path to an entry

RDN describe the partial path to the entry relative to another entry in the tree.

The figure illustrates an example of an LDAP directory structure with distinguished names and relative distinguished names.

LDAP Directory Structure

LDAP Directory Structure