Menu
I have a search query in LDAP like this. What exactly does this query mean?
("CN=Dev-India,OU=Distribution Groups,DC=gp,DC=gl,DC=google,DC=com"); 
557
The moniker "ou" means organizational unit. The component "cn=Test2" is an object whose Common Name is "Test2". The moniker "cn" means Common Name. Similarly, the moniker "dc" means domain component. The component "dc=MyDomain" is a domain component with the name "MyDomain".
CN (CommonName in X. 500) AttributeType contains names of an LDAP Entry. Each name is one value of this multi-valued attribute. If the object corresponds to a person, it is typically the person's full name.
Domain Component (DC). DC objects represent the top of an LDAP tree that uses DNS to define its namespace. Active Directory is an example of such an LDAP tree. The designator for an Active Directory domain with the DNS name Company.com would be dc=Company,dc=com.
Each class of object in AD has one attribute that is the Relative Distinguished Name (RDN) of the object. This is the name of the object in it's parent OU/Container. For user, group, computer, and container objects, the RDN is the value of the cn attribute (the Common Name).
CN = Common NameOU = Organizational UnitDC = Domain ComponentThese are all parts of the X.500 Directory Specification, which defines nodes in a LDAP directory.
You can also read up on LDAP data Interchange Format (LDIF), which is an alternate format.
You read it from right to left, the right-most component is the root of the tree, and the left most component is the node (or leaf) you want to reach.
Each = pair is a search criteria.
With your example query
("CN=Dev-India,OU=Distribution Groups,DC=gp,DC=gl,DC=google,DC=com"); In effect the query is:
From the com Domain Component, find the google Domain Component, and then inside it the gl Domain Component and then inside it the gp Domain Component.
In the gp Domain Component, find the Organizational Unit called Distribution Groups and then find the object that has a common name of Dev-India.
198
What are CN, OU, DC?
From RFC2253 (UTF-8 String Representation of Distinguished Names):
String X.500 AttributeType
------------------------------ CN commonName L localityName ST stateOrProvinceName O organizationName OU organizationalUnitName C countryName STREET streetAddress DC domainComponent UID userid The string ("CN=Dev-India,OU=Distribution Groups,DC=gp,DC=gl,DC=google,DC=com") is a path from an hierarchical structure (DIT = Directory Information Tree) and should be read from right (root) to left (leaf).
It is a DN (Distinguished Name) (a series of comma-separated key/value pairs used to identify entries uniquely in the directory hierarchy). The DN is actually the entry's fully qualified name.
Here you can see an example where I added some more possible entries.
The actual path is represented using green.
The following paths represent DNs (and their value depends on what you want to get after the query is run):
"DC=gp,DC=gl,DC=google,DC=com""OU=Distribution Groups,DC=gp,DC=gl,DC=google,DC=com""OU=People,DC=gp,DC=gl,DC=google,DC=com""OU=Groups,DC=gp,DC=gl,DC=google,DC=com""CN=QA-Romania,OU=Distribution Groups,DC=gp,DC=gl,DC=google,DC=com""CN=Dev-India,OU=Distribution Groups,DC=gp,DC=gl,DC=google,DC=com""CN=Diana Anton,OU=People,DC=gp,DC=gl,DC=google,DC=com"
34
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
