I'm reading two (link1, link2) articles on LDAP and they make mention of Relative Distinguished Name (RDN), Distinguished Name (DN) and CN which is supposed to be the same thing as an RDN.
I understand an RDN to be a key in a key-values pair for a node in an LDAP directed graph, but the author doesn't say much about what these terms mean...
I can recommend LDAP for rocket scientists, very nice and thorough intro to the protocol
To answer your question:
distinguishedname: full path of the object in the tree. So if the ldap server has a base of
dc=domain,dc=tldand the object is in the containerou=users, then the dn could becn=object,ou=users,dc=domain,dc=tldrdn is in the example
cn=object, because it is relative toou=users,dc=domain,dc=tld.If the object was in
ou=otherusers,dc=domain,dc=tld, then the rdn would still becn=object, but then it would have a different dn:cn=object,ou=otherusers,dc=domain,dc=tld.So the rdn is relative to its parent.
And the canonicalname cn is just an attribute. Sometimes the cn and the rdn have the same value. Other times, the rdn is uid=user (instead of cn=user), like most unix ldap servers do. So the dn would then be
uid=user,ou=users,dc=domain,dc=tld. And that object could have a cn attribute as well to make it even fuzzier.The differences have to do on what kind of object is being referenced, because every type of object has a different set of objectclasses that define what attributes it may (or may not) have.
The book is free to read, by the way.