Distinguished Names—the unique identifiers for entries

Each entry has a unique name, called the distinguished name (or dn), a label which is used to find and identify that entry. It consists of a list of data values, ordered from small (such as common name) to large (such as country). Some examples:

cn=Janet Smith, c=US
cn="James Smith, Jr.", o=Some Company, c=US
o="Acme, Inc.", c=US
ou=Creative Dept., o="Acme, Inc.", c=US
cn=Andy Jones, ou=Creative Dept., o="Acme, Inc.", c=US

Notice that the last three examples build on each other from right to left. Any entry can be a parent of other entries, if the child entries' dn's are built from the parent's dn by adding a new name on the left. This could be used by a company to list departments ("ou" means organizational unit), which contain people. Although ClickMail supports this kind of parent-child structure, it is not needed for basic email lookups. All you need is an identifier (cn=Janet Smith) followed by your naming context (c=US).

• When a value in a distinguished name contains a comma, it must be wrapped in quotation marks. ClickMail does this automatically.

You can choose what attribute you use for first part of the dn. It's traditional to use the common name, but for large groups where two people may have the same full name, a username (from the email address) or ID number is often used.

You must choose a naming context for the entire directory. This has traditionally been the country your organization is in ("c=US"). Optionally, the organization name ("o=Acme Manufacturing, c=US") is added, but making it an attribute in individual entries is more flexible.

More recently, a domain component (dc) scheme for naming contexts has been used. Example: "dc=acme, dc=com". This might make it possible to join LDAP servers in a large hierarchy. But, like including the organization name above, this implies that your server contains only entries for your organization (not clients, etc.).