> I'm sure that this is a dumb question but I'm sure missing something in > your RDN reasoning. If our RDN's were not already unique, how are we > managing to authenticate? It is impossible to create objects with 'overlapping' RDNs, this would result in an object-already-exists error.