In addition to the properties you specify, the LDAP repository creates two special properties for every item descriptor: the id attribute and the objectClasses attribute. Here is the relevant XML from the user item descriptor definition that was examined earlier:

<item-descriptor name="user">

  <!-- special properties -->
  <id-property name="id" in-ldap="true" ldap-name="dpsid"/>
  <object-classes-property name="objectClasses" ldap-name="objectclass"/>

  <!-- object classes -->
  <object-class>top</object-class>
  <object-class>person</object-class>
  <object-class>organizationalPerson</object-class>
  <object-class>inetorgPerson</object-class>
  <object-class>dpsUser</object-class>

  <!-- properties -->
  ...
  <!-- new item creation -->
  ...

</item-descriptor>

The purpose of the <id-property> tag is to expose the repository ID of a repository item as an attribute (of type String). Thus, assuming the definition above, an item with repository ID uid=nat,ou=Marketing,o=quincyfunds.com has an LDAP attribute named dpsid with the same value. The attribute value does not need to be set by the user; it is set automatically by Oracle ATG Web Commerce. Note that the ID property is populated from the DN; you should not try to create the DN from the ID property.

The rest of the id-property definition above specifies whether the id property of the repository item maps to an actual LDAP attribute, and if so, the LDAP attribute’s name. If the value of in-ldap is false (the default), the id attribute exists only as a property of the repository item, and does not exist as an attribute in the LDAP entry. In that case, when the item’s attribute values are written out to the LDAP directory, the ID attribute value is ignored, because there is no equivalent for it in the directory entry. If the value of in-ldap is true, as above, the ldap-name tag attribute specifies the name of the LDAP attribute to which the id should be written. As usual, if ldap-name is not specified, it is assumed to be the same as name. Thus, with the example item descriptor, when an item with ID uid=nat,ou=Marketing,o=quincyfunds.com is created and added to the repository, the resulting LDAP entry has an attribute named dpsid with value uid=nat,ou=Marketing,o=quincyfunds.com.

Saving the ID attribute value in the LDAP entry makes it easier to perform ID matching repository queries, as discussed in the LDAP Repository Queries section in this chapter.

The <object-classes-property> tag is similar to <id-property>: it exposes the item’s object class values as an attribute. The attribute’s type is String[], which allows for a multi-valued attribute. For example, an item with a user item descriptor has an objectClasses attribute, whose value is an array with elements top, person, organizationalPerson, inetorgPerson, and dpsUser. The dpsUser object class supports the dpsid attribute, which allows incorporation of the repository ID as an attribute in the LDAP entry.

The <id-property> and <object-classes-property> tags are both required in a definition of a base item descriptor (that is, an item descriptor that does not have a parent); however, they are not allowed in child descriptor definition. The child item descriptors inherit the id and objectClasses properties from their parent.