SyntaxFix

[active-directory] What are CN, OU, DC in an LDAP search?

I have a search query in LDAP like this. What exactly does this query mean?

("CN=Dev-India,OU=Distribution Groups,DC=gp,DC=gl,DC=google,DC=com");

This question is related to active-directory ldap ldap-query

The answer is

I want to add somethings different from definitions of words. Most of them will be visual.

Technically, LDAP is just a protocol that defines the method by which directory data is accessed.Necessarily, it also defines and describes how data is represented in the directory service

Data is represented in an LDAP system as a hierarchy of objects, each of which is called an entry. The resulting tree structure is called a Directory Information Tree (DIT). The top of the tree is commonly called the root (a.k.a base or the suffix).the Data (Information) Model

To navigate the DIT we can define a path (a DN) to the place where our data is (cn=DEV-India,ou=Distrubition Groups,dc=gp,dc=gl,dc=google,dc=com will take us to a unique entry) or we can define a path (a DN) to where we think our data is (say, ou=Distrubition Groups,dc=gp,dc=gl,dc=google,dc=com) then search for the attribute=value or multiple attribute=value pairs to find our target entry (or entries).

enter image description here

If you want to get more depth information, you visit here

At least with Active Directory, I have been able to search by DistinguishedName by doing an LDAP query in this format (assuming that such a record exists with this distinguishedName):

"(distinguishedName=CN=Dev-India,OU=Distribution Groups,DC=gp,DC=gl,DC=google,DC=com)"

What are CN, OU, DC?

From RFC2253 (UTF-8 String Representation of Distinguished Names):

String  X.500 AttributeType
------------------------------
CN      commonName
L       localityName
ST      stateOrProvinceName
O       organizationName
OU      organizationalUnitName
C       countryName
STREET  streetAddress
DC      domainComponent
UID     userid


What does the string from that query mean?

The string ("CN=Dev-India,OU=Distribution Groups,DC=gp,DC=gl,DC=google,DC=com") is a path from an hierarchical structure (DIT = Directory Information Tree) and should be read from right (root) to left (leaf).

It is a DN (Distinguished Name) (a series of comma-separated key/value pairs used to identify entries uniquely in the directory hierarchy). The DN is actually the entry's fully qualified name.

Here you can see an example where I added some more possible entries.
The actual path is represented using green.

LDAP tree

The following paths represent DNs (and their value depends on what you want to get after the query is run):

  • "DC=gp,DC=gl,DC=google,DC=com"
  • "OU=Distribution Groups,DC=gp,DC=gl,DC=google,DC=com"
  • "OU=People,DC=gp,DC=gl,DC=google,DC=com"
  • "OU=Groups,DC=gp,DC=gl,DC=google,DC=com"
  • "CN=QA-Romania,OU=Distribution Groups,DC=gp,DC=gl,DC=google,DC=com"
  • "CN=Dev-India,OU=Distribution Groups,DC=gp,DC=gl,DC=google,DC=com"
  • "CN=Diana Anton,OU=People,DC=gp,DC=gl,DC=google,DC=com"

Source: Stackoverflow.com

Examples related to active-directory

Powershell: A positional parameter cannot be found that accepts argument "xxx" How to switch to another domain and get-aduser How can I verify if an AD account is locked? Powershell script to see currently logged in users (domain and machine) + status (active, idle, away) Querying Windows Active Directory server using ldapsearch from command line How to list AD group membership for AD users using input list? Import-Module : The specified module 'activedirectory' was not loaded because no valid module file was found in any module directory What are CN, OU, DC in an LDAP search? PowerShell script to return members of multiple security groups How do I get specific properties with Get-AdUser

Examples related to ldap

LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1 Querying Windows Active Directory server using ldapsearch from command line What are CN, OU, DC in an LDAP search? LDAP server which is my base dn Easy way to test an LDAP User's Credentials LDAP filter for blank (empty) attribute LDAP Authentication using Java How to create and add users to a group in Jenkins for authentication? Query to list all users of a certain group using wildcards in LDAP search filters/queries

Examples related to ldap-query

What are CN, OU, DC in an LDAP search? Query to list all users of a certain group Active Directory LDAP Query by sAMAccountName and Domain

Tags

Shopify Clash Optionmenu X87 Rounding Sequential-number Fulfillment Online-repository Apache-roller Richtextediting Gist Negation Syntax-error Greenhopper Code-design Framework-caching Amortization Cpan Netbios Subscribe Quickreports Splitcontainer Color-mapping Raster Dynamic-compilation Matrix-storage Seh Static-import Preset Progressive Dbf Procrun Higher-kinded-types Stratus Custom-headers Factor-analysis Pprint Enterprise Notsupportedexception Securid Metacity String-search Srp-protocol Overloading Ipv6 Hadoop Delphi4php Clone Nintendo Google-gears Rethrow Dynamic-import Subst Customtypedescriptor Containable Substr Implicit Livescribe Run-app Netfilter Convex Privilege Wildcard-subdomain Filesystems Infovis Cxml Enum-flags Salt Anonymous-class Snipmate Data-uri Drupal-cache Compiler-constants Xcode3.2 Jinternalframe Mod-jk Dde External Authorizationservices Pywin Portal-server Elasticlayout Turnkeylinux.org Callcc Swfaddress Joomfish Grammar Suexec Flip-flop Sigils Text-extraction Ushort Crc16 Scorm Lexicon Multiple-select Buildr Blackboard Cmake Alsb