Complete Contents
Introduction
Chapter 1 Introducing Netscape Console
Chapter 2 The Netscape Server Family Setup Program
Chapter 3 Using Netscape Console
Chapter 4 User and Group Administration
Chapter 5 Using SSL
Chapter 6 Delegating Server Administration
Chapter 7 Using SNMP to Monitor Services
Chapter 8 Administration Server Basics
Chapter 9 Administration Server Configuration
Appendix A Distinguished Name Attributes and Syntax
Appendix B Administration Server Command Line Tools
Appendix C FORTEZZA
Appendix D Introduction to Public-Key Cryptography
Appendix E Introduction to SSL
Managing Servers with Netscape Console: Distinguished Name Attributes
Previous Next Contents Index


Appendix A Distinguished Name Attributes and Syntax


Attributes
Distinguished Name (DN) attributes uniquely identify a user or group so that it can be located in the directory server. A DN customarily contains at least three attributes:

Most companies use many more attributes in order to store additional user and group information. For example, the DNs for three employees or users in the same company might look like this:

cn=Ben Hurst, ou=Operations, o=Klondike Corp, st=CA, c=US

cn=Jeff Lee, ou=Marketing, o=Klondike Corp, st=CA, c=US

cn=Mary Smith, ou=Sales, o=Klondike Corp, st=MN, c=US

In these examples, all three users work in different departments (ou) for the same company (o), Klondike Corp. The third user works in a different state (st) than the first two users.

These and other common attributes are summarized in this table:

Table A.1 Frequently Used Attributes for Distinguished Names
Attribute Name
Syntax
Description
country
c
Country in which the user or group resides. Examples:
c=US
c=GB
common name or full name
cn
Full name of person or object defined by the entry.
Examples:
cn=Wally Henderson
cn=Database Administrators
cn=printer 3b
email address
mail
User's or group's email address.
given name
givenName
User's first name.
locality
l
Locality in which the user or group resides. This can be the name of a city, country, township, or other geographic regions.
Examples:
l=Tucson
l=Pacific Northwest
l=Anoka County
organization
o
Organization to which the user or group belongs.
Examples:
o=Netscape Communications Corp.
o=Public Power & Gas
organizational unit
ou
Unit within an organization.
Examples:
ou=Sales
ou=Manufacturing
state or province
st
State or province in which the user or group resides.
Examples:
st=Iowa
st=British Columbia
password
userPassword
Password created by a user.
street
streetAddress
Street number and address of user or group defined by the entry.
Example: street=494 Rice Creek Terrace
surname
sn
User's last name.
telephone
telephoneNumber
User's or group's telephone number.
title
title
User's job title.
Examples:
title=writer
title=manager
user ID
uid
Name that uniquely identifies the person or object defined by the entry.

You can use or create whatever attributes you want to use to meet your company's needs. However, the attributes you use ultimately depend upon how your directory is set up. All attributes you specify when using the Netscape Console must be identical to the attributes used by your directory server. See your directory server documentation for information on setting up your directory.


DN Guidelines and Syntax
As you create and modify DNs, you should follow these guidelines:

Separate attributes with a comma. If a distinguished name contains a comma, then the part of the name that uses the comma must also be enclosed in double-quotation marks. For example, to include the string Ace Industry, Corp in a distinguished name, use the form

o="Ace Industry, Corp", c=US

Attributes must match directory schema. If you are using the Netscape Directory Server and schema checking is turned on, then use attributes that can be recognized by the Directory Server and are allowed by the entry's object classes.

Specify attributes in the same sequence or path. Remember that a DN represents a path through a directory tree. For example, the directory server does not recognize these two entries as representing the same user:

cn=Ralph Swenson, ou=Accounting, o=Ace Industry, c=US

cn=Ralph Swenson, o=Ace Industry, ou=Accounting, c=US

The organizational unit (ou) and organization (o) attributes are listed in a different sequence.

User ID must be unique. If duplicate user IDs exist in your directory, the affected users will not be able to authenticate to the directory. If you use the ldapmodify command line utility to create a user, the utility will not check for duplicate user IDs.

 

©Copyright 1999 Netscape Communications Corporation