3.1.1.3.1.2.1 Naming Attributes

As with [RFC2253] section 2.3, Active Directory permits any attribute to be used as the AttributeType in an RDN. However, Active Directory imposes the additional restriction that the AttributeType used MUST be of String(Unicode) syntax. Furthermore, all objects of the same class use the same attribute in their RDN. The attribute to be used in the RDN is specified by the rDNAttID attribute in the classSchema object that defines the class. The rDNAttID attribute contains the attribute to be used in the RDN. Multivalued RDNs are not permitted (see section 3.1.1.3.1.2.3), so if the attribute A specified by rDNAttID is multivalued, an attempt to add an additional value to A on an object O for which O!rDNAttID = A is rejected with the error invalidDNSyntax / ERROR_DS_BAD_NAME_SYNTAX if it takes place at the time of the object's creation, or the error notAllowedOnRDN / <unrestricted> if it takes place in a subsequent LDAP Modify operation.

The AttributeValue of the RDN MUST be unique among sibling objects. For example, the following two DNs cannot coexist in the directory, because two identical AttributeValues ("Abc") would exist in the same container ("OU=Users,DC=Fabrikam,DC=com"):

• CN=Abc,OU=Users,DC=Fabrikam,DC=com

• L=Abc,OU=Users,DC=Fabrikam,DC=com

The server will reject an attempt to create such a non-uniquely named object with the error entryAlreadyExists / <unrestricted>. This requirement for unique AttributeValues guarantees the uniqueness of canonical names.