What are the best practices for choosing an RDN when creating new objectClasses in LDAP? I know you can choose from uid, cn, ou, and so on, but what practices should one follow?
The RDN is essentially (part of) your primary key. The same principles apply:
When using OpenLDAP you can choose any attribute as RDN that is allowed on the object (according to its objectClasses) but on ActiveDirectory the RDN attribute is defined in the appropriate schema - so you don't have a choice when using pre-defined classes.
When you have the choice (using OpenLDAP or using your own schema on ActiveDirectory), I'd suggest to use a RDN that effectively identifies the underlying entry (naturally your RDN must be unique within the children of a given subtree). OpenLDAP also allows for the use of multi-valued RDNs if you determine a single RDN-attribute is not sufficient to uniquely identify a given entry:
cn=Robert Smith+uid=rsmith,ou=people,dc=example,dc=com
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With