Table of Contents
Advertisement
What Is a Distinguished Name?
Distinguished Name Components
A DN identifies an entry in an LDAP directory. Because directories are
hierarchical, DNs identify the entry by its location as a path in a hierarchical tree
(much as a path in a file system identifies a file). Generally, a DN begins with a
specific common name, and proceeds with increasingly broader areas of
identification until the country name is specified. DNs are typically made up of the
following components (which are defined in the X.520 standard):
CN=common name, OU=organizational unit, O=organization, L=locality,
ST=state or province, C=country name
These components are described in Table A-1. For more information on
distinguished names, see RFC 2253 (which replaces RFC 1779). You can find RFC
2253 at this URL:
Note that if used in conjunction with an LDAP-compliant directory, Certificate
Management System by default recognizes components that are listed in Table A-2.
Definitions of standard DN components
Table A-1
Component
Name
CN
Common name
E
Email address
(deprecated)
OU
Organizational unit
O
Organization
310
Netscape Certificate Management System Plug-Ins Guide • May 2002
http://www.ietf.org/rfc/rfc2253.txt
Definition
A required component that identifies the person or object defined
by the entry. For example:
• CN=Jane Doe
• CN=corpDirectory.example.com
Identifies the email address of the entry. For example:
jdoe@example.com
The use of this component is discouraged by the PKIX standard;
instead, it recommends the use of Subject Alternative Name Extension
to associate an email address with a certificate; see
"SubjectAltNameExt Plug-in Module" on page 232. The reason for
this is because it is usually too hard to have a E in a directory
structure; email addresses change too frequently.
Identifies a unit within the organization. For example:
• OU=Sales
• OU=Manufacturing
Identifies the organization in which the entry resides. For example:
• O=Example Corporation
• O=Public Power & Gas
Advertisement
Table of Contents
