difference between cn and ou in ldap
Leaf and non-leaf have nothing to do with it.
- CN stands for Common Name and is an attribute of several person-related classes such as inetOrgPerson. But there's nothing stopping it being an attribute of other classes, such as organizationalRole.
- OU stands for Organizational Unit and is an attribute of the organizationalUnit class.
- In both cases the attribute forms part of the DN of an object of those classes.
You would normally expect an object with OU to be a non-leaf, and a person to be a leaf, but there is nothing inherent about it.
Admin
Updated on June 04, 2022Comments
-
Admin almost 2 years
My Directory experience until now was originally Novell's NDS and eDirectory, and more recently, MS Active Directory, but now I'm now having to work directly with ldap (OpenLdap 2.4 on Zimbra.)
I'm more than a little confused with the naming in ldap, and I really haven't been able to find what I'm looking for in numerous google searches:
In eDir and AD, when an object was labeled with the
cn=
it was a leaf object, while an object labeled withou=
was a container object. But that doesn't seem to be the case in ldap.For instace, let's say I want to list the installed schemas in my dit, I can use the command:
ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=schema,cn=config dn
The results returned are:
dn: cn=schema,cn=config dn: cn={0}core,cn=schema,cn=config dn: cn={1}cosine,cn=schema,cn=config dn: cn={2}nis,cn=schema,cn=config dn: cn={3}inetorgperson,cn=schema,cn=config
Is there documentation explaining why the objects
schema
andconfig
, which are clearly container objects, are still labeled ascn
? Or can someone please just explain to me when to use thecn
label on container objects, rather than theou
label?Maybe this is documented in a book I just ordered from Amazon, "The ABCs of LDAP" by R. Voglmaier from Amazon. It should be arriving sometime next week.