authentication password syntax
authorization identity control
Common Development and Distribution License
deprecated password storage scheme
Directory Services Markup Language
entry change notification control
extensible match search filter
greater than or equal to search filter
less than or equal to search filter
Lightweight Directory Access Protocol
notice of disconnection unsolicited notification
Password Modify extended operation
Simple Authentication and Security Layer
virtual attributes only control
A relative distinguished name, or RDN, is a single component within a distinguished name. It comprises one or more name-value pairs, in which the name and the value are separated by an equal sign (for example, for an RDN of uid=ann, the name is uid and the value is ann), and if there are multiple name-value pairs then they should be separated by plus signs (for example, for an RDN of cn=Jon Doe+employeeNumber=12345, the name-value pairs are cn=John Doe and employeeNumber=12345). In practice, RDNs containing multiple name-value pairs (called “multivalued RDNs”) are rare, but they can be useful at times when either there is no unique attribute in the entry or you want to ensure that the entry's DN contains some useful identifying information.
Even though a DN may be composed of multiple RDN components, the leftmost component is typically referred to as the entry's RDN. For example, in a DN of uid=john.doe,ou=People,dc=example,dc=com, the RDN would be uid=john.doe. The attribute values specified in an entry's RDN must be contained in that entry, so the entry uid=john.doe,ou=People,dc=example,dc=com must have a uid value of john.doe.