PPT Slide
DIT Design: Selecting a Distinguished Name
uid=smithMJ, ou=Certificates, o=Perot Systems, c=US
cn=smithMJ, ou=People, o=Perot Systems, c=US
+ DN Guaranteed to be unique
+ More robust searching using name components
+ Directly maps to a user’s logon ID (can be used for single signon)
+ commonName (cn) field contains a real name
+ commonName (cn) is part of the DN
- DN has the potential to change
- Problems with X.500 aliases:
- no built-in referential integrity - will LDAPv3 support them?