Why full name has two ldap attributes cn and name?


  • Now I was wondering why full name has two ldap attributes, cn and name. Full name is even used in Distinguished name.

    Where this two names cn and name is used. And why some ldap attributes have same names as the user properties and others have different. For example, Initials in user properties has the ldap attribute as initials (same). But first name has the ldap attribute givenName. Why?

    Thanks and Regards, Radhakrishnan

    Friday, June 15, 2012 5:56 AM

All replies

  • CN is canonical name & it has to be unique where as display name is a name. Display name can be same where as CN should be unique. The dissimilarity in the attribute/ldap new is to maintain uniqueness among all the attribute/objects.

    Awinish Vishwakarma - MVP - Directory Services

    My Blog:

    Disclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights.

    • Proposed as answer by iSiek Friday, June 15, 2012 7:27 AM
    Friday, June 15, 2012 7:13 AM
  • But there is a ldap attribute "name" which has the same value as "cn". Yes, there is the display name which can be changed at any time and it need not be unique and same as the full name. Now both cn and name has the same value as full name. Why? And when and where these two names are used?

    Thanks and Regards, Radhakrishnan

    Friday, June 15, 2012 7:28 AM
  • Hi,

    We can check the third link provided by Awinish regarding the difference between LDAP attributes "CN" and "NAME".

    The "Name" property method of the LDAP provider is the same as the "cn" property, but with the string "cn=" appended in front. For example, if cn = "TestUser", then Name = "cn=TestUser". The "Name" property method returns the Relative Distinguished Name (RDN) of the object.



    TechNet Community Support

    Monday, June 18, 2012 8:08 AM
  • But in the attribute editor tab of user properties, the full name that I have given to the user is the same for both cn and name. I created a user called "testuser1" with full name as "testuser". Now both cn and name attributes hold the same value "testuser".

    Thanks and Regards, Radhakrishnan

    Monday, June 18, 2012 9:41 AM
  • Yeah, same when querying the properties through a DirectoryEntry in .NET.
    • Edited by Appserv Sunday, May 21, 2017 10:54 PM
    Sunday, May 21, 2017 10:53 PM