RdnMatch is a Component Matching Rule
defined in RFC 3687
allows component Relative Distinguished Name
) of a DistinguishedName
) to be evaluated.
RdnMatch MatchingRule evaluates to TRUE if the component value and Assertion Value are the same RDN, using the same RDN comparison method as distinguishedNameMatch.
The LDAP-specific encoding for a value of the RDN syntax is given by the RelativeDistinguishedNameValue Generic String Encoding Rules (GSER) for ASN.1 rule.
RdnMatch when used to match components of DNs it is important to note that the LDAP-specific encoding of a DN reverses the order of the RDNs. So for the DN represented in LDAP as "cn=Steven Legg,o=Adacel,c=AU", the RDN "cn=Steven Legg" corresponds to the component reference "3", or alternatively, "-1".
The LDAP definition for the RdnMatch Matching Rule
There might be more information for this subject on one of the following: