Designing Your Directory Tree68 Netscape Directory Server Deployment Guide • October 2004Naming Person EntriesThe person entry’s name, the DN, must be unique. Traditionally, distinguishednames use the commonName, or cn, attribute to name their person entries. That is,an entry for a person named Babs Jensen might have the distinguished name of:cn=Babs Jensen,dc=example,dc=comWhile allowing you to recognize instantly the person associated with the entry, itmight not be unique enough to exclude people with identical names. This quicklyleads to a problem known as DN name collisions, multiple entries with the samedistinguished name.You can avoid common name collisions by adding a unique identifier to thecommon name. For example:cn=Babs Jensen+employeeNumber=23,dc=example,dc=comHowever, this can lead to awkward common names for large directories and canbe difficult to maintain.A better method is to identify your person entries with some attribute other thancn. Consider using one of the following attributes:• uidUse the uid (userID) attribute to specify some unique value of the person.Possibilities include a user login ID or an employee number. A subscriber in ahosting environment should be identified by the uid attribute.• mailUse the mail attribute to contain the value for the person’s email address.This option can lead to awkward DNs that include duplicate attribute values(for example: mail=bjensen@example.com, dc=example,dc=com), so youshould use this option only if you cannot find some unique value that you canuse with the uid attribute. For example, you would use the mail attributeinstead of the uid attribute if your enterprise does not assign employeenumbers or user IDs for temporary or contract employees.• employeeNumberFor employees of the inetOrgPerson object class, consider using anemployer assigned attribute value such as employeeNumber.
