<meta charset="UTF-8">
<meta name="robots" content="noindex,nofollow" />
<link rel="shortcut icon" type="image/x-icon" href="/wiki/images/favicon.ico" />
<link rel="icon" type="image/x-icon" href="/wiki/images/favicon.ico" />

<pre>
!!! Overview
CN  ([CommonName] in [X.500]) [AttributeType] contains names of an [LDAP Entry].  \\Each name is one value of this multi-valued attribute.  If the object corresponds to a [person], it is typically the [person]'s [full name].


!! [Microsoft Active Directory] [Anomaly][1]
On the ldap-nis mailing list (discussing PADL Software's software projects) it has come to light that naming attributes (particularly &quot;cn&quot; - &quot;commonName&quot;, also &quot;CN&quot; in NDS) in AD are always single-valued; the current definition of the attribute in AD is: 

http://msdn.microsoft.com/library/sdkdoc/adschema/attrdetl_0yed.htm 

Note the Attribute-ID (OID), &quot;[2.5.4.3]&quot;. The page also indicates that the information is subject to change (let's hope it does so). 

Various members of the list (and off-list) have checked the standards and reported that the following all define the attribute (same OID) to be multi-valued (not single-valued): 
* IETF [RFC 2256] 
* DMTF DEN (most interesting because [Microsoft] was one of the founders of the DEN effort...) 
* ITU-T X.520(93) 

Testing against some existing [LDAPv3] servers Netscape Directory 4.0 and Novell [EDirectory] [LDAPv3] shows that they accept &quot;cn&quot; as multi-valued. 

The discussion was in relation to RFC 2307 (and whether or not AD could really be compliant with the existing schema given this - and other - limitations and [namespace] clashes). 


!! [LDAP] [Attribute] Definition
The [{$pagename}] [AttributeTypes] is defined as:
* [OID] of [2.5.4.3] 
* [NAME|Attribute-Name]: [{$pagename}]
* [DESC]: 
* [EQUALITY]: []
* [ORDERING]: []
* [SYNTAX]: [1.3.6.1.4.1.1466.115.121.1.15] [DirectoryString]
* [USAGE]: [UserApplications] 
* [Extended Flags]: 
** [X-ORIGIN]: [X.520]
** [X-NDS_NAME]: CN
** [X-NDS_LOWER_BOUND]: 1
** [X-NDS_UPPER_BOUND]: 64
** [X-NDS_NONREMOVABLE]: 1
* Used as [MUST] in:
** [organizationalRole]
** [groupOfNames]
** [Person]
** [Device]
** [Resource]
** [Profile]
** [Server]
** [binderyObject]
** [externalEntity]
** [List]
** [ndsPredicateStats]
** [posixAccount]
** [posixGroup]
* Used [MAY] in:
** [sambaSamAccount]
** [2.16.840.1.113719.1.27.6.1]
** [ldapGroup]
** [applicationProcess]
** [applicationEntity]
** [httpServer]
** [sASSecurity]
** [ndspkiContainer]
** [ndspkiCRLConfiguration]
** [cRLDistributionPoint]
** [nDSPKICertificateAuthority]
** [nDSPKIKeyMaterial]
** [nDSPKITrustedRoot]
** [nDSPKISDKeyAccessPartition]
** [nDSPKISDKeyList]
** [mASVSecurityPolicy]
** [sASLoginMethodContainer]
** [sASLoginPolicy]
** [sASNMASBaseLoginMethod]
** [sasPostLoginMethodContainer]
** [sasPostLoginMethod]
** [snmpGroup]
** [nspmPasswordPolicyContainer]
** [DirXML-DriverSet]
** [DirXML-Driver]
** [nspmPasswordPolicy]
** [auditFileObject]
** [nCSNetWareCluster]
** [DFS-Junction]
** [bhPortal]
** [bhGadget]
** [bhPortalGroup]
** [bhPage]
** [bhTheme]
** [bhPageSet]
** [bhCommunity]
** [bhModule]
** [rbsCollection2]
** [rbsModule2]
** [rbsRole2]
** [rbsTask2]
** [iscsiTarget]
** [iscsiInitiator]
** [uamPosixWorkstation]
** [uamPosixConfig]
** [ipService]
** [ipProtocol]
** [ipNetwork]
** [apchadmnServer]
** [apchadmnModule]
** [apchadmnVirtualHost]
** [apchadmnConfigurationBlock]
** [rbsCategory2]
** [NAuditLogApp]
** [NAuditFilter]
** [NAuditHeartbeat]
** [NAuditChannel]
** [encryptionPolicy]
** [notfTemplateCollection]
** [notfMergeTemplate]
** [nsimChallengeSet]
** [sssServerPolicies]
** [DirXML-Publisher]
** [DirXML-Subscriber]
** [StyleSheet]
** [DirXML-Library]
** [DirXML-Rule]
** [DirXML-pbxSite]
** [DirXML-pbxExtension]
** [DirXML-nwoWorkOrder]
** [DirXML-SharedProfileSet]
** [DirXML-SharedProfile]
** [ASAM-enterpriseUser]
** [ASAM-enterpriseGroup]
** [ASAM-auditServices]
** [ASAM-eventJournalServices]
** [ASAM-objectServices]
** [ASAM-webServices]
** [ASAM-certificateServices]
** [ASAM-eventListener]
** [ASAM-agent]
** [ASAM-searchObject]
** [ASAM-platform]
** [dNIPLocator]
** [dNIPSubnet]
** [dNIPSubnetPool]
** [dNIPDHCPServer]
** [dNIPSubnetAddressRange]
** [dNIPIPAddressConfiguration]
** [dNIPDNSZone]
** [dNIPDNSRRset]
** [dNIPDNSServer]
** [suseModuleConfiguration]
** [suseObjectTemplate]
** [suseUserTemplate]
** [suseGroupTemplate]
** [nCSClusterResource]
** [nCSNCPServer]
** [nCSResourceTemplate]
** [nCSVolumeResource]
** [nDSPKITrustedRootObject]
** [ndspkiCertificate]
** [nisNetgroup]
** [nisObject]
** [nisServer]
** [nspmPolicyAgent]
** [oncRpc]
** [prSyncPolicy]
** [rADIUSDialAccessSystem]
** [rADIUSProfile]
** [rbsCollection]
** [rbsModule]
** [rbsTask]
** [rbsExternalScope]
** [rbsExternalScope2]
** [rbsRole]
** [sLPDirectoryAgent]
** [sLPService]
** [sssServerPolicyOverride]
** [Template]
** [wANMANLANArea]
** [DirXML-Resource]
** [DirXML-Entitlement]
** [srvprvAppConfig]
** [srvprvRequestDefs]
** [srvprvWorkflowDefs]
** [srvprvResourceDefs]
** [srvprvServiceDefs]
** [srvprvDirectoryModel]
** [srvprvAppDefs]
** [srvprvEntityDefs]
** [srvprvRelationshipDefs]
** [srvprvChoiceDefs]
** [srvprvRequest]
** [srvprvWorkflow]
** [srvprvResource]
** [srvprvService]
** [srvprvEntity]
** [srvprvRelationship]
** [srvprvChoice]
** [srvprvDirectoryModelConfig]
** [srvprvWebAppConfig]
** [srvprvTheme]
** [srvprvProxyDefs]
** [srvprvDelegateeDefs]
** [srvprvProxyAssignment]
** [srvprvDelegateeAssignment]
** [DirXML-Job]
** [DirXML-pbxAudixSubscriber]
** [DirXML-WorkOrder]
** [DirXML-WorkToDo]
** [groupWiseDomain]
** [groupWiseDistributionList]
** [srvprvDelegationDefs]
** [srvprvDelegationAssignment]
** [srvprvDelegatorAssignment]
** [srvprvQueryDefs]
** [srvprvQuery]
** [srvprvTeamDefs]
** [srvprvTeam]
** [srvprvTeamRequest]
** [authsamlAffiliate]
** [srvprvRecipResourceDefs]
** [srvprvRecipReportDefs]
** [srvprvRecipReport]
** [groupWiseAgent]
** [nrfConfig]
** [nrfConfiguration]
** [nrfReportDefs]
** [nrfReport]
** [nrfRequests]
** [nrfRequest]
** [nrfRoleDefs]
** [nrfRole]
** [nrfSODDefs]
** [nrfSOD]
** [nrfTeamRole]
** [srvprvRecipResource]
** [srvprvRecipResourceBinding]
** [srvprvRecipResourceCollection]
** [xTier-StorageLocation]
** [automount]
** [ipHost]
** [DirXML-Processes]
** [DirXML-Process]
** [DirXML-idPolicyContainer]
** [DirXML-idPolicy]
** [DirXML-sapDMRoot]
** [DirXML-sapOMRoot]
** [DirXML-sapOContainer]
** [DirXML-sapSContainer]
** [DirXML-sapCContainer]
** [DirXML-sapC]
** [DirXML-sapO]
** [DirXML-sapS]
** [DirXML-RequestRecord]
** [nrfAttestations]
** [nrfAttestation]
** [srvprvRbpmTeam]
** [dhcpService]
** [dhcpSharedNetwork]
** [dhcpSubnet]
** [dhcpPool]
** [dhcpGroup]
** [dhcpHost]
** [dhcpClass]
** [dhcpSubClass]
** [dhcpOptions]
** [dhcpLeases]
** [dhcpLog]
** [dhcpServer]
** [dhcpLocator]
** [dhcpTSigKey]
** [dhcpdnsZone]
** [dhcpFailOverPeer]

!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
----
* [#1] - [http://msdn.microsoft.com/library/sdkdoc/adschema/attrdetl_0yed.htm |Wikipedia:http://msdn.microsoft.com/library/sdkdoc/adschema/attrdetl_0yed.htm |target='_blank'] - based on information obtained 2014-05-26- 
</pre>