Commas are a special character. Your name is entered as "Kennedy, Jim". Since the "," is special to use the comma is must be "Escaped" by a "\". Therefore you get the "Kennedy\, Jim".
http://publib.boulder.ibm.com/infocenter/iseries/v5r3/index.jsp?topic=/rzahy/rzahyunderdn.htm DN escaping rules Some characters have special meaning in a DN. For example, = (equals) separates an attribute name and value, and , (comma) separates attribute=value pairs.The special characters are , (comma), = (equals), + (plus), < (less than), > (greater than), # (number sign), ; (semicolon), \ (backslash), and " (quotation mark,ASCII 34). A special character can be escaped in an attribute value to remove the special meaning. To escape these special characters or other characters in an attribute value in a DN string, use the following methods: 1. If a character to be escaped is one of the special characters, precede it by a backslash ('\' ASCII 92). This example shows a method of escaping a comma in an organization name: CN=L. Eagle,O=Sue\, Grabbit and Runn,C=GB This is the preferred method. 2. Otherwise replace the character to be escaped by a backslash and two hex digits, which form a single byte in the code of the character. The code ofthe character must be in UTF-8 code set. CN=L. Eagle,O=Sue\2C Grabbit and Runn,C=GB 3. Surround the entire attribute value by "" (quotation marks) (ASCII 34), that are not part of the value. Between the quotation character pair, all characters are taken as is, except for the \ (backslash). The \ (backslash) can be used to escape a backslash (ASCII 92) or quotation marks (ASCII 34),any of the special characters previously mentioned, or hex pairs as in method 2. For example, to escape the quotation marks in cn=xyz"qrs"abc, it becomes cn=xyz\"qrs\"abc or to escape a \: "you need to escape a single backslash this way \\" Another example, "\Zoo" is illegal, because 'Z' cannot be escaped in this context. Thanks Carl Webster Consultant and Citrix Technology Professional http://www.CarlWebster.com<http://www.carlwebster.com/> From: "Kennedy, Jim" <kennedy...@elyriaschools.org<mailto:kennedy...@elyriaschools.org>> Reply-To: NT Issues <ntsysadmin@lyris.sunbelt-software.com<mailto:ntsysadmin@lyris.sunbelt-software.com>> Date: Fri, 3 Feb 2012 13:08:39 -0500 To: NT Issues <ntsysadmin@lyris.sunbelt-software.com<mailto:ntsysadmin@lyris.sunbelt-software.com>> Subject: CN format question Having an issue with a vendor with some LDAP lookups. I certainly saw this years ago, but never looked into it. Our CN’s are backwards from how most people do it I think. Is there anything wrong with it being this way? Why is that \ there? CN=Kennedy\, Jim,OU=(Redacted list of OU/DC’s) ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin