ldap.modlist.modifyModlist()
Paul Wankadia
junyer at gmail.com
Fri Sep 19 16:31:31 CEST 2008
On Fri, Sep 19, 2008 at 6:12 PM, Michael Ströder <michael at stroeder.com> wrote:
>> The current implementation of modifyModlist() clashed with some ACLs
>> because it touches too many values. :/
>
> I don't fully understand. Do you have ACLs based on certain attribute
> values? It would be probably a good idea to mention these issues in the
> docs.
Access to objectClass is restricted, for example, so it's necessary to
be surgical.
>> if old_values != new_values:
>> modify.append((ldap.MOD_REPLACE, attr, list(new_values)))
>
> The problem with MOD_REPLACE or with only deleting/adding certain
> attribute values is that it needs EQUALITY matching rules to be
> implemented at the server-side for all syntaxes of attributes to be
> modified. That's not the case for e.g. jpegPhoto (or even attribute
> postalAddress on some servers).
Do you happen to know whether OpenLDAP has any problems in this regard?
> In web2ldap I have a modified function modifyModlist() which examines
> the subschema for determining whether the attribute type has an EQUALITY
> matching rules assigned and whether this particular matching rule is
> really listed in the subschema.
What does it do then?
> => So for general use I won't accept your version since it will choke in
> many more cases.
I understand.
More information about the python-ldap
mailing list