Re: How unique must Distinguished Names be?

Russ Wright (
Thu, 1 Aug 1996 12:13:44 -0700

We just add a number to the end of the DN when multiple names exist (I
believe UMich still does that as well). It is a bit ugly, but not as bad
as having extra attribute in the name (IMHO). Of course the user interface
doesn't have to display the DN (my later ones do not display the DN, they
just display the human readable stuff, which includes enough information to
distinguish between two people w/ the same name.

Hope that helps,


At 08:19 AM -0700 8/1/96, wrote:
>>I am proceeding on the assumption that I must disambiguate the DN by
>>introducing extra attributes, e.g:
>>dn: uid=<unique code>, cn=J Soap, o=BT plc, c=gb
>Absolutely right. The whole point of Distinguished Names is that they
>can be used to distinguish one entry from another with no ambiguity.
>>The trouble is that this makes DNs ugly and I hate it, is there a better
>The only alternative is to add levels of hierachy so that clashes are
>less likely in each department. There is still no guarantee that all
>names in a department will be unique, so some organisations have taken
>the approach of *always* adding a unique ID code to the DN.
>Perhaps your efforts should be directed to getting user interface
>builders to display such multi-valued DNs in an acceptable form :-)
>Doesn't BT have an X.500 directory already?
>| From Andrew Findlay at Brunel University, Uxbridge, UB8 3PH, UK |
>| +44 1895 203066 or +44 1895 274000 x2512 |