[python-ldap] Question about ldap.modlist.modifyModlist

Michael Ströder michael at stroeder.com
Wed Jan 23 20:28:34 CET 2013

Bas van der Vlies wrote:
> Hello,,
>  I have question about the usage of ldap.modlist.modifyModlist.  I am using it a lot to replace values.   When i look at the generated ldif it deletes the attribute and then add the attribute:
>  {{{
>     (ldap.MOD_DELETE, "gidNumber", None),
>     (ldap.MOD_ADD, "gidNumber", gid_new),
>  }}}
> This fine for most replacements. Bit for this case i only want to replace the value if  it matches the old one, e.g.:
> {{{
>       (ldap.MOD_DELETE, "gidNumber", gid_old),
>       (ldap.MOD_ADD, "gidNumber", gid_new),
> }}}
> Is there an option for modifyModlist that supports this or must i just use the modify_s function?

modifyModlist() is designed to always work. That's the reason why the
attribute always gets deleted and re-added completely.

With most LDAP servers deleting by value requires that there's a EQUALITY
matching rule declared for the attribute type - and implemented.
My web2ldap contains a schema-aware variant of modifyModlist() which looks at
the subschema to determine whether deleting values is possible.

It might make sense to extend ldap.modlist.modifyModlist() with an optional
key-word argument with which you can pass a list of attribute types for which
deleting by value is possible. In this case the calling application has to
know whether EQUALITY matching rule is available or not.

Feel free to submit a patch for such a behaviour.

Ciao, Michael.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3883 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.python.org/pipermail/python-ldap/attachments/20130123/fc6019a8/attachment.bin>

More information about the python-ldap mailing list