openldap: is dn an alias for distinguishedName?

Question

If I run ldapsearch (CentOS 7.4, slapd 2.4.44) command against an Active Directory Windows 2012 server:

[root@myserver ~]# ldapsearch -LLL -x -h openldap.company.com -D "[email protected]" -w mypassword -s sub -b 'dc=company,dc=com' "(cn=Administrator)"

I get:

dn: CN=Administrator,CN=Users,DC=company,DC=com

But if I run the equivalent in Softerra LDAP Browser, I don't see dn but distinguishedName:

distinguishedName: CN=Users,DC=company,DC=com

To determine if dn was an alias of distinguishedName or vice-versa, I checked the definition in openLDAP, and I see this:

[root@openldap schema]# grep -r 'NAME '"'"'distinguished' /etc/openldap/schema
./core.ldif:#olcAttributeTypes: ( 2.5.4.49 NAME 'distinguishedName'
./core.schema:#attributetype ( 2.5.4.49 NAME 'distinguishedName'

but both of those results are commented out anyway:

# system schema
#attributetype ( 2.5.4.49 NAME 'distinguishedName'
#       EQUALITY distinguishedNameMatch
#       SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )

So, some basic questions:

Why is distinguishedName commented out?
How can we use a dn attribute in an LDIF file if dn is not defined in any schema?
Is dn an alias of distinguishedName or vice-versa?

user207421 user207421 · Accepted Answer · 2017-11-13T21:46:45

Why is distinguishedName commented out?

It's probably hard-wired into the server.

How can we use a dn attribute in an LDIF file if dn is not defined in any schema?

See (1).

Is dn an alias of distinguishedName or vice-versa?

Both.

openldap: is dn an alias for distinguishedName?

1 Answers