The LDAP repository uses the distinguished name of an LDAP entry as the repository ID of the repository item that corresponds to the LDAP entry. This is a natural choice for an ID, because each LDAP entry has a DN, and all DNs are unique. Also, the entry’s DN carries with it information about its location in the directory tree. This makes it very easy to retrieve items. No searching needs to be done; you simply access the entry directly with its DN.

The main question with using DNs for item IDs is what happens when a new item is created and added to the repository. If the ID is supplied for the item (for example, the DN uid=nat,ou=Marketing,, simply create the new entry with the specified DN in its parent context (in the example, ou=Marketing, If the ID is not supplied, generate the DN before creating the directory entry.

The approach taken by the LDAP repository is to give the newly created repository item a temporary unique ID for the duration of the item’s existence as a RAM profile. When the time comes to add the item to the repository, generate a DN for the new LDAP entry, and assign this DN as the value of the persistent item’s ID. The DNs are generated with a pattern that you can configure. For example, one such pattern might be uid=<login>,ou=Marketing,, where <login> is the value of the item’s login attribute. If an item is created with the login value of nat, its DN is uid=nat,ou=Marketing, See the New Item Creation section of this chapter for details on how to configure the way a new item’s DN is set.