Overview#
CN (CommonName in X.500) AttributeType contains names of an LDAP Entry.Each name is one value of this multi-valued attribute. If the object corresponds to a person, it is typically the person's full name.
Microsoft Active Directory Anomaly[1]#
On the ldap-nis mailing list (discussing PADL Software's software projects) it has come to light that naming attributes (particularly "cn" - "commonName", also "CN" in NDS) in AD are always single-valued; the current definition of the attribute in AD is:http://msdn.microsoft.com/library/sdkdoc/adschema/attrdetl_0yed.htm
Note the Attribute-ID (OID), "2.5.4.3". The page also indicates that the information is subject to change (let's hope it does so).
Various members of the list (and off-list) have checked the standards and reported that the following all define the attribute (same OID) to be multi-valued (not single-valued):
- IETF RFC 2256
- DMTF DEN (most interesting because Microsoft was one of the founders of the DEN effort...)
- ITU-T X.520(93)
Testing against some existing LDAPv3 servers Netscape Directory 4.0 and Novell EDirectory LDAPv3 shows that they accept "cn" as multi-valued.
The discussion was in relation to RFC 2307 (and whether or not AD could really be compliant with the existing schema given this - and other - limitations and namespace clashes).
LDAP Attribute Definition#
The Cn AttributeTypes is defined as:- OID of 2.5.4.3
- NAME: Cn
- DESC:
- EQUALITY:
- ORDERING:
- SYNTAX: 1.3.6.1.4.1.1466.115.121.1.15 DirectoryString
- USAGE: UserApplications
- Extended Flags:
- X-ORIGIN: X.520
- X-NDS_NAME: CN
- X-NDS_LOWER_BOUND: 1
- X-NDS_UPPER_BOUND: 64
- X-NDS_NONREMOVABLE: 1
- Used as MUST in:
- Used MAY in:
- sambaSamAccount
- 2.16.840.1.113719.1.27.6.1
- ldapGroup
- applicationProcess
- applicationEntity
- httpServer
- sASSecurity
- ndspkiContainer
- ndspkiCRLConfiguration
- cRLDistributionPoint
- nDSPKICertificateAuthority
- nDSPKIKeyMaterial
- nDSPKITrustedRoot
- nDSPKISDKeyAccessPartition
- nDSPKISDKeyList
- mASVSecurityPolicy
- sASLoginMethodContainer
- sASLoginPolicy
- sASNMASBaseLoginMethod
- sasPostLoginMethodContainer
- sasPostLoginMethod
- snmpGroup
- nspmPasswordPolicyContainer
- DirXML-DriverSet
- DirXML-Driver
- nspmPasswordPolicy
- auditFileObject
- nCSNetWareCluster
- DFS-Junction
- bhPortal
- bhGadget
- bhPortalGroup
- bhPage
- bhTheme
- bhPageSet
- bhCommunity
- bhModule
- rbsCollection2
- rbsModule2
- rbsRole2
- rbsTask2
- iscsiTarget
- iscsiInitiator
- uamPosixWorkstation
- uamPosixConfig
- ipService
- ipProtocol
- ipNetwork
- apchadmnServer
- apchadmnModule
- apchadmnVirtualHost
- apchadmnConfigurationBlock
- rbsCategory2
- NAuditLogApp
- NAuditFilter
- NAuditHeartbeat
- NAuditChannel
- encryptionPolicy
- notfTemplateCollection
- notfMergeTemplate
- nsimChallengeSet
- sssServerPolicies
- DirXML-Publisher
- DirXML-Subscriber
- StyleSheet
- DirXML-Library
- DirXML-Rule
- DirXML-pbxSite
- DirXML-pbxExtension
- DirXML-nwoWorkOrder
- DirXML-SharedProfileSet
- DirXML-SharedProfile
- ASAM-enterpriseUser
- ASAM-enterpriseGroup
- ASAM-auditServices
- ASAM-eventJournalServices
- ASAM-objectServices
- ASAM-webServices
- ASAM-certificateServices
- ASAM-eventListener
- ASAM-agent
- ASAM-searchObject
- ASAM-platform
- dNIPLocator
- dNIPSubnet
- dNIPSubnetPool
- dNIPDHCPServer
- dNIPSubnetAddressRange
- dNIPIPAddressConfiguration
- dNIPDNSZone
- dNIPDNSRRset
- dNIPDNSServer
- suseModuleConfiguration
- suseObjectTemplate
- suseUserTemplate
- suseGroupTemplate
- nCSClusterResource
- nCSNCPServer
- nCSResourceTemplate
- nCSVolumeResource
- nDSPKITrustedRootObject
- ndspkiCertificate
- nisNetgroup
- nisObject
- nisServer
- nspmPolicyAgent
- oncRpc
- prSyncPolicy
- rADIUSDialAccessSystem
- rADIUSProfile
- rbsCollection
- rbsModule
- rbsTask
- rbsExternalScope
- rbsExternalScope2
- rbsRole
- sLPDirectoryAgent
- sLPService
- sssServerPolicyOverride
- Template
- wANMANLANArea
- DirXML-Resource
- DirXML-Entitlement
- srvprvAppConfig
- srvprvRequestDefs
- srvprvWorkflowDefs
- srvprvResourceDefs
- srvprvServiceDefs
- srvprvDirectoryModel
- srvprvAppDefs
- srvprvEntityDefs
- srvprvRelationshipDefs
- srvprvChoiceDefs
- srvprvRequest
- srvprvWorkflow
- srvprvResource
- srvprvService
- srvprvEntity
- srvprvRelationship
- srvprvChoice
- srvprvDirectoryModelConfig
- srvprvWebAppConfig
- srvprvTheme
- srvprvProxyDefs
- srvprvDelegateeDefs
- srvprvProxyAssignment
- srvprvDelegateeAssignment
- DirXML-Job
- DirXML-pbxAudixSubscriber
- DirXML-WorkOrder
- DirXML-WorkToDo
- groupWiseDomain
- groupWiseDistributionList
- srvprvDelegationDefs
- srvprvDelegationAssignment
- srvprvDelegatorAssignment
- srvprvQueryDefs
- srvprvQuery
- srvprvTeamDefs
- srvprvTeam
- srvprvTeamRequest
- authsamlAffiliate
- srvprvRecipResourceDefs
- srvprvRecipReportDefs
- srvprvRecipReport
- groupWiseAgent
- nrfConfig
- nrfConfiguration
- nrfReportDefs
- nrfReport
- nrfRequests
- nrfRequest
- nrfRoleDefs
- nrfRole
- nrfSODDefs
- nrfSOD
- nrfTeamRole
- srvprvRecipResource
- srvprvRecipResourceBinding
- srvprvRecipResourceCollection
- xTier-StorageLocation
- automount
- ipHost
- DirXML-Processes
- DirXML-Process
- DirXML-idPolicyContainer
- DirXML-idPolicy
- DirXML-sapDMRoot
- DirXML-sapOMRoot
- DirXML-sapOContainer
- DirXML-sapSContainer
- DirXML-sapCContainer
- DirXML-sapC
- DirXML-sapO
- DirXML-sapS
- DirXML-RequestRecord
- nrfAttestations
- nrfAttestation
- srvprvRbpmTeam
- dhcpService
- dhcpSharedNetwork
- dhcpSubnet
- dhcpPool
- dhcpGroup
- dhcpHost
- dhcpClass
- dhcpSubClass
- dhcpOptions
- dhcpLeases
- dhcpLog
- dhcpServer
- dhcpLocator
- dhcpTSigKey
- dhcpdnsZone
- dhcpFailOverPeer
More Information#
There might be more information for this subject on one of the following:- 1.3.6.1.1.1.2.2
- 1.3.6.1.1.1.2.5
- 1.3.6.1.1.1.2.7
- 1.3.6.1.1.1.2.8
- 1.3.6.1.4.1.7057.10.1.2.2.2
- 1.3.6.1.4.1.7057.10.1.2.2.4
- 1.3.6.1.4.1.7057.10.1.2.2.5
- 1.3.6.1.4.1.7057.10.1.2.2.6
- 1.3.6.1.4.1.7165.2.2.6
- 2.16.840.1.113719.1.1.6.1.19
- 2.16.840.1.113719.1.1.6.1.2
- 2.16.840.1.113719.1.1.6.1.22
- 2.16.840.1.113719.1.1.6.1.29
- 2.16.840.1.113719.1.1.6.1.30
- 2.16.840.1.113719.1.1.6.1.49
- 2.16.840.1.113719.1.1.6.1.50
- 2.16.840.1.113719.1.12.6.1.0
- 2.16.840.1.113719.1.135.6.30.1
- 2.16.840.1.113719.1.135.6.31.1
- 2.16.840.1.113719.1.135.6.32.1
- 2.16.840.1.113719.1.135.6.33.1
- 2.16.840.1.113719.1.135.6.37.1
- 2.16.840.1.113719.1.135.6.38.1
- 2.16.840.1.113719.1.135.6.39.1
- 2.16.840.1.113719.1.135.6.40.1
- 2.16.840.1.113719.1.135.6.41.1
- 2.16.840.1.113719.1.135.6.45.1
- 2.16.840.1.113719.1.135.6.46.1
- 2.16.840.1.113719.1.138.6.1.1
- 2.16.840.1.113719.1.14.6.1.1
- 2.16.840.1.113719.1.14.6.1.10
- 2.16.840.1.113719.1.14.6.1.2
- 2.16.840.1.113719.1.14.6.1.2010
- 2.16.840.1.113719.1.14.6.1.2011
- 2.16.840.1.113719.1.14.6.1.2012
- 2.16.840.1.113719.1.14.6.1.2013
- 2.16.840.1.113719.1.14.6.1.2014
- 2.16.840.1.113719.1.14.6.1.2020
- 2.16.840.1.113719.1.14.6.1.2021
- 2.16.840.1.113719.1.14.6.1.2023
- 2.16.840.1.113719.1.14.6.1.2040
- 2.16.840.1.113719.1.14.6.1.2041
- 2.16.840.1.113719.1.14.6.1.2050
- 2.16.840.1.113719.1.14.6.1.2051
- 2.16.840.1.113719.1.14.6.1.2071
- 2.16.840.1.113719.1.14.6.1.2072
- 2.16.840.1.113719.1.14.6.1.2074
- 2.16.840.1.113719.1.14.6.1.2075
- 2.16.840.1.113719.1.14.6.1.2076
- 2.16.840.1.113719.1.14.6.1.2077
- 2.16.840.1.113719.1.14.6.1.2078
- 2.16.840.1.113719.1.14.6.1.2079
- 2.16.840.1.113719.1.14.6.1.2090
- 2.16.840.1.113719.1.14.6.1.3
- 2.16.840.1.113719.1.14.6.1.4
- 2.16.840.1.113719.1.14.6.1.5
- 2.16.840.1.113719.1.14.6.1.8
- 2.16.840.1.113719.1.14.6.1.9
- 2.16.840.1.113719.1.167.6.1.1
- 2.16.840.1.113719.1.167.6.4.1
- 2.16.840.1.113719.1.196.6.0
- 2.16.840.1.113719.1.196.6.1
- 2.16.840.1.113719.1.200.6.10
- 2.16.840.1.113719.1.200.6.14
- 2.16.840.1.113719.1.200.6.4
- 2.16.840.1.113719.1.200.6.5
- 2.16.840.1.113719.1.200.6.6
- 2.16.840.1.113719.1.200.6.7
- 2.16.840.1.113719.1.200.6.8
- 2.16.840.1.113719.1.200.6.9
- 2.16.840.1.113719.1.203.6.1
- 2.16.840.1.113719.1.203.6.10
- 2.16.840.1.113719.1.203.6.11
- 2.16.840.1.113719.1.203.6.12
- 2.16.840.1.113719.1.203.6.13
- 2.16.840.1.113719.1.203.6.14
- 2.16.840.1.113719.1.203.6.15
- 2.16.840.1.113719.1.203.6.16
- 2.16.840.1.113719.1.203.6.2
- 2.16.840.1.113719.1.203.6.3
- 2.16.840.1.113719.1.203.6.4
- 2.16.840.1.113719.1.203.6.5
- 2.16.840.1.113719.1.203.6.6
- 2.16.840.1.113719.1.203.6.7
- 2.16.840.1.113719.1.203.6.8
- 2.16.840.1.113719.1.203.6.9
- 2.16.840.1.113719.1.245.1.1
- 2.16.840.1.113719.1.245.1.2
- 2.16.840.1.113719.1.245.1.3
- 2.16.840.1.113719.1.245.1.4
- 2.16.840.1.113719.1.25.6.1.1
- 2.16.840.1.113719.1.25.6.1.2
- 2.16.840.1.113719.1.25.6.1.3
- 2.16.840.1.113719.1.25.6.1.4
- 2.16.840.1.113719.1.25.6.1.5
- 2.16.840.1.113719.1.25.6.1.6
- 2.16.840.1.113719.1.25.6.1.7
- 2.16.840.1.113719.1.25.6.1.8
- 2.16.840.1.113719.1.25.6.1.9
- 2.16.840.1.113719.1.266.6.1
- 2.16.840.1.113719.1.266.6.2
- 2.16.840.1.113719.1.27.6.3
- 2.16.840.1.113719.1.280.6.1010.1
- 2.16.840.1.113719.1.280.6.1020.1
- 2.16.840.1.113719.1.280.6.1030.1
- 2.16.840.1.113719.1.280.6.1040.1
- 2.16.840.1.113719.1.280.6.1050.1
- 2.16.840.1.113719.1.280.6.1060.1
- 2.16.840.1.113719.1.280.6.1080.1
- 2.16.840.1.113719.1.280.6.1090.1
- 2.16.840.1.113719.1.280.6.1190.1
- 2.16.840.1.113719.1.280.6.930.1
- 2.16.840.1.113719.1.280.6.970.1
- 2.16.840.1.113719.1.3.6.1
- 2.16.840.1.113719.1.31.6.2.1
- 2.16.840.1.113719.1.33.6.1
- 2.16.840.1.113719.1.33.6.13
- 2.16.840.1.113719.1.33.6.14
- 2.16.840.1.113719.1.33.6.18
- 2.16.840.1.113719.1.33.6.19
- 2.16.840.1.113719.1.33.6.2
- 2.16.840.1.113719.1.33.6.20
- 2.16.840.1.113719.1.33.6.3
- 2.16.840.1.113719.1.33.6.4
- 2.16.840.1.113719.1.33.6.5
- 2.16.840.1.113719.1.33.6.7
- 2.16.840.1.113719.1.33.6.8
- 2.16.840.1.113719.1.33.6.9
- 2.16.840.1.113719.1.334.6.1
- 2.16.840.1.113719.1.334.6.2
- 2.16.840.1.113719.1.347.6.17
- 2.16.840.1.113719.1.347.6.5
- 2.16.840.1.113719.1.347.6.6
- 2.16.840.1.113719.1.347.6.7
- 2.16.840.1.113719.1.38.6.1.4
- 2.16.840.1.113719.1.39.42.2.0.1
- 2.16.840.1.113719.1.39.42.2.0.10
- 2.16.840.1.113719.1.39.42.2.0.11
- 2.16.840.1.113719.1.39.42.2.0.12
- 2.16.840.1.113719.1.39.42.2.0.4
- 2.16.840.1.113719.1.39.42.2.0.7
- 2.16.840.1.113719.1.39.42.2.0.9
- 2.16.840.1.113719.1.39.42.36.2.1.1
- 2.16.840.1.113719.1.39.43.6.1
- 2.16.840.1.113719.1.39.43.6.2
- 2.16.840.1.113719.1.39.43.6.3
- 2.16.840.1.113719.1.39.44.6.1
- 2.16.840.1.113719.1.39.6.1.1
- 2.16.840.1.113719.1.450.6.100
- 2.16.840.1.113719.1.450.6.101
- 2.16.840.1.113719.1.450.6.102
- 2.16.840.1.113719.1.450.6.103
- 2.16.840.1.113719.1.450.6.104
- 2.16.840.1.113719.1.450.6.105
- 2.16.840.1.113719.1.450.6.106
- 2.16.840.1.113719.1.450.6.107
- 2.16.840.1.113719.1.450.6.108
- 2.16.840.1.113719.1.450.6.109
- 2.16.840.1.113719.1.450.6.110
- 2.16.840.1.113719.1.450.6.111
- 2.16.840.1.113719.1.450.6.112
- 2.16.840.1.113719.1.450.6.113
- 2.16.840.1.113719.1.450.6.114
- 2.16.840.1.113719.1.450.6.115
- 2.16.840.1.113719.1.450.6.116
- 2.16.840.1.113719.1.450.6.118
- 2.16.840.1.113719.1.450.6.120
- 2.16.840.1.113719.1.450.6.121
- 2.16.840.1.113719.1.450.6.122
- 2.16.840.1.113719.1.450.6.123
- 2.16.840.1.113719.1.450.6.124
- 2.16.840.1.113719.1.450.6.125
- 2.16.840.1.113719.1.450.6.126
- 2.16.840.1.113719.1.450.6.131
- 2.16.840.1.113719.1.450.6.132
- 2.16.840.1.113719.1.450.6.133
- 2.16.840.1.113719.1.450.6.134
- 2.16.840.1.113719.1.450.6.137
- 2.16.840.1.113719.1.450.6.138
- 2.16.840.1.113719.1.450.6.139
- 2.16.840.1.113719.1.450.6.140
- 2.16.840.1.113719.1.450.6.141
- 2.16.840.1.113719.1.450.6.142
- 2.16.840.1.113719.1.450.6.20
- 2.16.840.1.113719.1.450.6.21
- 2.16.840.1.113719.1.48.6.1.1
- 2.16.840.1.113719.1.48.6.1.101
- 2.16.840.1.113719.1.48.6.1.102
- 2.16.840.1.113719.1.48.6.1.2
- 2.16.840.1.113719.1.48.6.1.3
- 2.16.840.1.113719.1.48.6.1.4
- 2.16.840.1.113719.1.48.6.1.5
- 2.16.840.1.113719.1.48.6.1.6
- 2.16.840.1.113719.1.48.6.1.7
- 2.16.840.1.113719.1.49.6.1.2
- 2.16.840.1.113719.1.49.6.1.3
- 2.16.840.1.113719.1.6.6.1
- 2.16.840.1.113719.1.64.6.1.1
- 2.16.840.1.113719.1.67.6.1
- 2.16.840.1.113719.1.67.6.2
- 2.16.840.1.113719.1.67.6.3
- 2.16.840.1.113719.1.67.6.4
- 2.16.840.1.113719.1.67.6.5
- 2.16.840.1.113719.1.7.6.1
- 2.16.840.1.113719.1.7.6.2
- 2.16.840.1.113719.2.252.6.3
- 2.16.840.113719.1.450.6.117
- 2.5.4.3
- 2.5.6.11
- 2.5.6.12
- 2.5.6.19
- 2.5.6.8
- 2.5.6.9
- AccountExpires
- AccountNameHistory
- AllowedAttributesEffective
- Ambiguous Name Resolution
- ApplicationEntity
- Assistant
- AttributeSchema
- AttributeSecurityGUID
- AttributeSyntax
- Automount
- CN
- Certificate Validation
- ClassDisplayName
- CommonName
- Container
- CrossRef
- DUAConfigProfileProfileAttributes
- DefaultHidingValue
- DefaultObjectCategory
- Device
- DirXML-Driver
- DirXML-Rule
- DirectReports
- Edirectory Indexes
- ExtendedCharsAllowed
- GroupOfNames
- GroupOfUniqueNames
- IpProtocol
- IpService
- IsDefunct
- IsEphemeral
- LDAP Authentication
- LDAP Object Identifier Descriptors
- LDAP schema used by autofs
- LDAPAdminLimits
- LDAP_CONSTRAINT_VIOLATION
- LdapGroup
- LdapServer
- LinkID
- MAD Naming Attributes
- ManagedBy
- Manager
- MapiID
- Member
- MemberOf
- Microsoft Active Directory Anomalies
- ModifyTimestamp
- MsDS-GroupManagedServiceAccount
- MsDS-TrustForestTrustInfo
- MsDS-User-Account-Control-Computed
- NDSPKISDKeyAccessPartition
- NDSPKISDKeyList
- Netgroup
- NisNetgroup
- NisObject
- NsimChallengeSet
- NspmPasswordPolicy
- OMObjectClass
- OMSyntax
- ObjectGUID
- OncRpc
- Original Mailgroup Schema From Netscape
- Person
- PosixAccount
- Profile
- QueryPolicyObject
- RdnAttId
- Resource
- SASLoginPolicy
- SASSecurity
- SASService
- SOAPDSMLDriver
- Server
- ServiceConnectionPoint
- Site
- TokenGroups
- UnixHomeDirectory
- UsnChanged
- WhenChanged
- groupwiseagent-oid
- groupwisedistributionlist-oid
- groupwisedomain-oid
- [#1] - http://msdn.microsoft.com/library/sdkdoc/adschema/attrdetl_0yed.htm
- based on information obtained 2014-05-26-