Using Domains in LDAP/X.500 Distinguished Names (RFC2247)
Original Publication Date: 1998-Jan-01
Included in the Prior Art Database: 2000-Sep-13
Internet Society Requests For Comment (RFCs)
S. Kille: AUTHOR [+5]
The Lightweight Directory Access Protocol (LDAP) uses X.500- compatible distinguished names  for providing unique identification of entries.
Network Working Group S. Kille
Request for Comments: 2247 Isode Ltd.
Category: Standards Track M. Wahl
Critical Angle Inc.
Using Domains in LDAP/X.500 Distinguished Names
Status of this Memo
This document specifies an Internet standards track protocol for the
Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.
Copyright (C) The Internet Society (1998). All Rights Reserved.
The Lightweight Directory Access Protocol (LDAP) uses X.500-
compatible distinguished names  for providing unique
identification of entries.
This document defines an algorithm by which a name registered with
the Internet Domain Name Service  can be represented as an LDAP
The Domain (Nameserver) System (DNS) provides a hierarchical resource
labeling system. A name is made up of an ordered set of components,
each of which are short strings. An example domain name with two
components would be "CRITICAL-ANGLE.COM".
LDAP-based directories provide a more general hierarchical naming
framework. A primary difference in specification of distinguished
names from domain names is that each component of an distinguished
name has an explicit attribute type indication.
X.500 does not mandate any particular naming structure. It does
contain suggested naming structures which are based on geographic and
national regions, however there is not currently an established
registration infrastructure in many regions which would be able to
assign or ensure uniqueness of names.
The mechanism described in this document automatically provides an
enterprise a distinguished name for each domain name it has obtained
for use in the Internet. These distinguished names may be used to
identify objects in an LDAP directory.
An example distinguished name represented in the LDAP string format
 is "DC=CRITICAL-ANGLE,DC=COM". As with a domain name, the most
significant component, closest to the root of the namespace, is
This document does not define how to represent objects which do no...