On Fri, Mar 14, 2014 at 6:11 AM, Ulrich Windl Ulrich.Windl@rz.uni-regensburg.de wrote:
There's of course a maintenance cost for using DNs as references - when DNs are changed, you might also need to change every entry that references them, which makes updates more expensive. But again, that's part of the LDAP design: writes can be more expensive, because reads must be as fast as possible.
I tend to disagree: I think the DIT designers mixed up names and IDs right from the beginning. I guess that's why every entry has a DN, and not a DID (Distinquished ID). To me it seems that did not foresee that a DN might change. Maybe it was due to UUIDs not being used at that time. Today you can learn for the web trackers how to manage IDs correctly ;-)
Maybe they new the DIT schema would be less attractive if you had "non-speaking" DIDs instead of DNs rich of semantics. But that virtual attractiveness seems to be a major problem: What happens if "dn: cn=Jane Smith, ou=people, o=example.org" gets married or divorced?
Maybe I'm confused here but isn't that what modrdn and moddn are for?? These two opetarions _do not_ change the entryUUID, but many popular tools do because they do not use modrdn and moddn but rather delete and re-create effectively changing the entryUUID.