Every Entry in a DIT is identified by a Distinguished Name (DN). Every DN consists of one or more Relative Distinguished Names (RDN) separated by a comma. Every RDN consists of one or more Naming Attributes.
Naming Attribute(s) are used to identify the Entry at each level in the DIT hierarchy. They consist of one or more attribute=value pairs (called Attribute Value Assertions (AVAs) in the LDAP jargon), and appear in the DN of the entry. The combination of attribute and value (AVA) must be unique at its level in the hierarchy, Thus, in an Entry whose DN is:
DN:cn=Charlotte Rampling,ou=stars,dc=example,dc=com
The naming attribute is cn=Charlotte Rampling, cn (commonName) is the attribute and Charlotte Rampling is the value in the AVA. It must be unique (at its point in the DIT hierachy) to appear in a operational DIT - the LDAP server would have rejected the Entry when it was created if this had not been the case.
Any attribute may be selected as a naming attribute, for example, uid=crampling in which case the DN of the entry would be:
DN:uid=crampling,ou=stars,dc=example,dc=com
Note: While any attribute=value can be selected as a naming attribute, if the DIT is being used for authentication then the naming attribute must be the same as that which appears in the authentication DN. For this reason uid (and occasionally mail) is typically chosen as the naming attribute in these applications.
More than one AVA (Attribute Value Assertion) may be selected as the naming attribute. Assume that we decide to select both cn=Charlotte Rampling and uid=crampling as naming attributes then these both appear in the DN separated by +, thus, in this case, the DN would be:
DN:cn=Charlotte Rampling+uid=crampling,ou=stars,dc=example,dc=com
Important Note: Any attribute, and its associated value, that is used in a naming attribute must also exist in the Entry. Any attempt to remove a naming attribute or change the specific value will result in a warning message from LDAPviewer and could result in a renamed Entry (and any children if present).
Every DN consists of one or more comma separated RDNs (Relative Distinguished Names) each of which is the naming attribute at its level. Thus, in the DN:
DN:cn=Charlotte Rampling,ou=stars,dc=example,dc=com
The RDNs are:
cn=Charlotte Rampling ou=stars dc=example,dc=com
Thus, cn=Charlotte Rampling is the naming attribute at its level and ou=stars is the naming attribute at its level and so on up the DIT hierachy.
Naming attributes are typically only visible using the Table Editor. (Though Custom HTML templates can make them visible in HTML forms also.) In pre-existing Entries the naming attribute(s) is shown highlighted in blue.
Making an attribute and its associated value a naming attribute involves selecting the chosen attribute and its value, then right click, and click Make Naming Value from the pop-up menu as shown:
To remove the naming attribute status from an attribute and its associated value, select it, right click and click Remove Naming Value as shown:
Any change to a naming attribute or its values will cause a user prompt to confirm the DN change. The following message is displayed if an attribute has had its naming attribute status changed:
Selecting No will cause the Entry to be left unchanged where it can be re-edited. Selecting Yes will action the name change and copy the Entry (and all its children) to the to DN in the prompt. Depending on how many children are involved this could be a long operation.
© LV Project 2016. Creative Commons Attribution 4.0 International License.