Mike Jackson wrote:
Recording full DNs as attribute values is a nasty practice to establish relationships
With the current state of directory clients and supporting APIs, I understand where this frustration can come from. However, as somebody who tries to use DN syntax attributes to their fullest extent in my clients, I can't endorse this statement. It's kind of like saying using foreign keys to establish relationships in an RDBMS is a nasty practice. DNs are an important part of how a directory works, and there is little faster than the retrieval of a directory entry by DN or an equality search on an indexed DN syntax attribute.
... Relationships, when required, should be established by association (in your client), not by DN pointer (in the directory).
Ultimately, the client still needs some way to record the association with guaranteed uniqueness. A DN is just one way to do this, but I don't see any reason why it's worse than alternatives. I'm all for robust clients, but I also like to play to the strengths of the protocol.
My 2c. Jon Roberts www.mentata.com --- You are currently subscribed to [email protected] as: [EMAIL PROTECTED] To unsubscribe send email to [EMAIL PROTECTED] with the word UNSUBSCRIBE as the SUBJECT of the message.
