Overview#A matched DN is an element of an LDAP Result object that can provide additional information about the closest matching entry found in the server. It is generally used when a request targets an entry that does not exist, in which case the matched DN should contain the DN of an entry that does exist in the server and is the closest ancestor of the specified entry. For example, if an operation targeted an entry "uid=doesnt.exist,ou=People,dc=example,dc=com" that did not exist but the entry "ou=People,dc=example,dc=com" does exist in the server, then that may be returned as the matched DN.
There is no guarantee that a matched DN will be returned from an operation targeting an entry that does not exist, in which case the matched DN element of the LDAP result will be an empty string. This may be used, for example, if the request targeted an entry that does not have any hierarchical relationship with any other entry in the server.