0

We are using ldapjs node module to communicate with LDAP servers like Microsoft Active Directory, Apache DS and Open LDAP. As per our understanding from here:

DNs can be comprised of zero or more components, which means that it is legal to have a DN without any components at all.

Is it possible to create entry into LDAP server with only attributes without any RDN in my Base DN?

For example, if I wanted to create inetOrgPerson entry into LDAP server without RDN, creating entry as below:

var ldap = require('ldapjs');
var client = ldap.createClient({  
  url: 'ldap://xxxxxxxx:389'
});
client.bind('xxxxxxxx', 'xxxxxxxxx', function(err) {
  if(err){
      console.log('error',err);
  }else{
      console.log('bind is success');
  }
});

var newDN = "ou=testou,dc=xxxx,dc=com";
var newUser = {    
    objectClass: 'inetOrgPerson',
    sn: 'test'
  }

client.add(newDN, newUser, function(err) {  
  if(err){
      console.log('error',err);
  }else{     
      client.unbind(function(err) {
          if(err){
              console.log('error unbind : ',err);
          }else{
              console.log('unbind is success');
          }
        });
  }
})

After executing above code there should be entry in the OU testou with sn as test. Any inputs will help. Thank you all.

user207421
  • 305,947
  • 44
  • 307
  • 483
prashanthmadduri
  • 63
  • 7
  • What do you mean 'without RDN'? when you are using the RDN 'ou=testou,dc=xxxx,dc=com'? – user207421 Apr 09 '20 at 10:10
  • As per the RFC4514 the RDN will have any one below: CN - commonName (2.5.4.3) L - localityName (2.5.4.7) ST - stateOrProvinceName (2.5.4.8) O - organizationName (2.5.4.10) OU - organizationalUnitName (2.5.4.11) C - countryName (2.5.4.6) STREET - streetAddress (2.5.4.9) DC - domainComponent (0.9.2342.19200300.100.1.25) UID - userId (0.9.2342.19200300.100.1.1) Now when I say without RDN, without any of the attribute type in DN. Thank you. – prashanthmadduri Apr 10 '20 at 06:19

1 Answers1

0

While it is legal to have a DN with zero component, it is reserved for the rootDSE. It is mandatory for any entry to have a non-empty DN, and therefore to have a non-empty RDN.

user207421
  • 305,947
  • 44
  • 307
  • 483
Ludovic Poitou
  • 4,788
  • 2
  • 21
  • 30