How long (maximum characters) is an LDAP distinguished name?

Question

Is there a maximum length to DN's? If I want to store them in a database table, what would I set the length to?

I searched stackoverflow before I posted, I couldn't find anything... I guess I couldn't think of another way to phrase what I was looking for. — Jerinaw, Dec 04 '13 at 22:56

score 4 · Answer 1 · answered Dec 03 '13 at 19:56

4

I think the maximum length which is allowed is 255 characters.

Check MSDN

Name Length Limitations for LDAP Simple Bind Operations

During binds to the directory, simple LDAP bind operations limit the distinguished name (also known as DN) of the user to 255 total characters. If you attempt a simple LDAP bind with more than 255 characters, you might experience authentication errors

answered Dec 03 '13 at 19:56

Rahul Tripathi

168,305
31
280
331

2

That page applies to Active Directory only. – user207421 Dec 03 '13 at 22:05
2

And only if doing simple bind. Same doc states if you use secure bind you won't hit that limit. – Chalky May 15 '17 at 06:51

score 4 · Accepted Answer · answered Dec 04 '13 at 00:45

4

There is no defined maximum length of a distinguished name, or of an attribute value, in an LDAP-compliant server, though certainly there would be a practical limit because resources are finite. Non-compliant servers are whatever their designers build, of course.

answered Dec 04 '13 at 00:45

Terry Gardner

10,957
2
28
38

I searched the specification before posting, I couldn't find a limit there. But I wasn't sure. – Jerinaw Dec 04 '13 at 22:59
1

@TerryGardner, could you refer to an authoritative source confirming that DNs are not intended to be limited in length?. I've been unable to find such a confirmation in standards like X.520 or RFC 5280. – Jaime Hablutzel Jul 09 '19 at 23:13

How long (maximum characters) is an LDAP distinguished name?

2 Answers2