Multi-valued RDNs: what are the options?

Ed Oskiewicz (
Wed, 21 Aug 1996 11:18:41 +0100

I have also had to tackle the problem of disambiguating entries in a large
corporate directory. I think the solution I used works but is illegal (or at
least immoral). We have unique Employee Id Numbers and I constructed entries
looking like:

dn: cn=Joe Soap (123456), o=BT plc, c=gb (1)
cn: Joe Soap
ein: 123456
objectclass: BTperson

The number at the right is for reference and is not part of the dn. It seems
I should have actually used a dn like:

dn: cn=Joe Soap+ein=123456, o=BT plc, c=gb (2)

However, given that dns only exist to uniquely label entries then the
following would suffice:

dn: ein=123456, o=BT plc, c=gb (3)

My questions/comments are:

I believe the following to be true: In all three cases queries of the form
cn=*soap* would return the same results (because you query the entry not the
dn). Is this correct?

If dns are never displayed, then the third form would seem to be preferable
because it is most compact.

Is the second form of multi-valued RDN actually part of some standard? If so
where is it documented and what is the advantage over simple concatenation
as in the first form?.


Ed Oskiewicz

      B54/76, BT Labs, Martlesham Heath, Ipswich, Suffolk, UK, IP5 7RE,
		  Tel +44 1473 640896, Fax +44 1473 640929