The LDAP repository uses the distinguished name of an LDAP entry as the repository ID of the repository item that corresponds to the LDAP entry. This is a natural choice for an ID, because each LDAP entry has a DN, and all DNs are unique. In addition, the entry’s DN carries with it information about its location in the directory tree. This makes it very easy to retrieve items. No searching needs to be done; you simply access the entry directly using its DN.

The main question with using DNs for item IDs is what happens when a new item is created and added to the repository. If the ID has been supplied for the item (for example, the DN uid=nat,ou=Marketing,o=quincyfunds.com), we can simply create the new entry with the specified DN in its parent context (in our example, ou=Marketing,o=quincyfunds.com). If the ID has not been supplied, we need to generate the DN ourselves before creating the directory entry.

The approach taken by the LDAP repository is to give the newly created repository item a temporary unique ID for the duration of the item’s existence as a RAM profile. When the time comes to add the item to the repository, we generate a DN for the new LDAP entry, and assign this DN as the value of the persistent item’s ID. The DNs are generated using a pattern that you can configure. For example, one such pattern might be uid=<login>,ou=Marketing,o=quincyfunds.com, where <login> is the value of the item’s login attribute. Then if an item is created with the login value of nat, its DN will be uid=nat,ou=Marketing,o=quincyfunds.com. See the New Item Creation section of this chapter for details on how to configure the way a new item’s DN is set.

 
loading table of contents...