Designing Your Directory Tree
Naming Person Entries
The person entry's name, the DN, must be unique. Traditionally, distinguished
names use the
an entry for a person named Babs Jensen might have the distinguished name of:
cn=Babs Jensen,dc=example,dc=com
While allowing you to recognize instantly the person associated with the entry, it
might not be unique enough to exclude people with identical names. This quickly
leads to a problem known as DN name collisions, multiple entries with the same
distinguished name.
You can avoid common name collisions by adding a unique identifier to the
common name. For example:
cn=Babs Jensen+employeeNumber=23,dc=example,dc=com
However, this can lead to awkward common names for large directories and can
be difficult to maintain.
A better method is to identify your person entries with some attribute other than
. Consider using one of the following attributes:
cn
•
uid
Use the
Possibilities include a user login ID or an employee number. A subscriber in a
hosting environment should be identified by the
•
mail
Use the
This option can lead to awkward DNs that include duplicate attribute values
(for example:
should use this option only if you cannot find some unique value that you can
use with the
instead of the
numbers or user IDs for temporary or contract employees.
•
employeeNumber
For employees of the
employer assigned attribute value such as
68
Netscape Directory Server Deployment Guide • October 2004
, or
commonName
cn
(
) attribute to specify some unique value of the person.
uid
userID
attribute to contain the value for the person's email address.
mail
mail=bjensen@example.com, dc=example,dc=com
attribute. For example, you would use the
uid
attribute if your enterprise does not assign employee
uid
inetOrgPerson
, attribute to name their person entries. That is,
uid
object class, consider using an
employeeNumber
attribute.
), so you
attribute
mail
.