[python-ldap] modifyModlist and MOD_DELETE
michael at stroeder.com
Tue Jul 28 19:17:31 CEST 2015
> I've been playing with python-ldap, and I'm wondering why modifyModlist
> works the way it does. Specifically, when deleting a attribute of a set,
> it deletes then entire set, and then re-adds the remaining ones. Anyone
> know why?
If you delete by explicit value the attribute must have a EQUALITY matching
rule defined for it. This is typically not the case for BLOB attributes like
jpegPhoto, userPKCS12 etc. So the current behaviour gives the best generic
interoperability but is not necessarily the optimal way for every use-case.
In my web2ldap nothing works without schema knowledge. So I have a variant of
this function which also looks in subschema whether an attribute type has
EQUALITY matching rule and deletes by value in this case (plus some more
YMMV. If you have more control over the actual schema/data then you might want
to consider building the modification list yourself. That's what I do in some
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 4272 bytes
Desc: S/MIME Cryptographic Signature
More information about the python-ldap