Share this page
Distinguished Name
The LDAP API references objects by its distinguished name (DN). A DN is a sequence of relative distinguished names (RDN) separated by commas.
An RDN is an attribute with an associated value in the form attribute=value. The attribute names are not case-sensitive. The following table lists the most common RDN attribute types.
| String | Attribute Type |
|---|---|
| DC | domainComponent |
| CN | commonName |
| OU | organizationalUnitName |
| O | organizationName |
| STREET | streetAddress |
| L | localityName |
| ST | stateOrProvinceName |
| C | countryName |
| UID | userid |
The following are examples of distinguished names.
DN=CN=John Smith,OU=Accounting,DC=Fabrikam,DC=COM
DN=CN=Tracy White,CN=admin,DC=corp,DC=Fabrikam,DC=COM
The following table lists reserved characters that cannot be used in an attribute value.
| Character | Description Type |
|---|---|
| space or # character at the beginning of a string | |
| space character at the end of a string | |
| , | comma |
| + | plus sign |
| " | double quote |
| \ | backslash |
| < | left angle bracket |
| > | right angle bracket |
| ; | semicolon |
To use a reserved character as part of an attribute value, you must escape it by prefixing it with a backslash (\). If an attribute value contains other reserved characters, such as the equal sign (=) or non-UTF-8 characters, you must encode it in hexadecimal format—a backslash followed by two hex digits.
The following are examples of some distinguished names that include escaped characters. The first example is an organizational unit name with an embedded comma; the second example is a value containing a carriage return.
DN=CN=Bitwise,OU=Docs\, Support,DC=Fabrikam,DC=COM
DN=CN=Before\0DAfter,OU=Test,DC=North America,DC=Fabrikam,DC=COM
