What is the difference between an RDN, a DN, and a CN in LDAP?

ldap

I can recommend LDAP for rocket scientists, very nice and thorough intro to the protocol

To answer your question:

  • distinguishedname: full path of the object in the tree. So if the ldap server has a base of dc=domain,dc=tld and the object is in the container ou=users, then the dn could be cn=object,ou=users,dc=domain,dc=tld

  • rdn is in the example cn=object, because it is relative to ou=users,dc=domain,dc=tld.

If the object was in ou=otherusers,dc=domain,dc=tld, then the rdn would still be cn=object, but then it would have a different dn: cn=object,ou=otherusers,dc=domain,dc=tld.

So the rdn is relative to its parent.

And the canonicalname cn is just an attribute. Sometimes the cn and the rdn have the same value. Other times, the rdn is uid=user (instead of cn=user), like most unix ldap servers do. So the dn would then be uid=user,ou=users,dc=domain,dc=tld. And that object could have a cn attribute as well to make it even fuzzier.

The differences have to do on what kind of object is being referenced, because every type of object has a different set of objectclasses that define what attributes it may (or may not) have.

The book is free to read, by the way.

Related

how to correctly 'extend' a linux device mapper partition?
How do I issue multiple certificates for the same Common Name?
My GoDaddy! certificate is not trusted by iOS devices but it is trusted by Android and Windows devices
Difference between rpm -ivh <package> and yum install <package>
How can I get a Let's Encrypt certificate for a non-public facing server?
Rubber rectangle with one adhesive side + server mount
Shared storage options for ESXi HA cluster
Nginx: could not build map_hash, you should increase map_hash_bucket_size: 64
Postfix - gmail encryption
I'm getting error: SSL3_GET_RECORD:decryption failed or bad record mac
How to create extra root user? [closed]
Windows: How do I log out of a remote desktop that only gives a disconnect option?