[python-ldap] modifyModlist and MOD_DELETE

Michael Ströder michael at stroeder.com
Tue Jul 28 19:17:31 CEST 2015

seph wrote:
> I've been playing with python-ldap, and I'm wondering why modifyModlist
> works the way it does. Specifically, when deleting a attribute of a set,
> it deletes then entire set, and then re-adds the remaining ones. Anyone
> know why?

If you delete by explicit value the attribute must have a EQUALITY matching
rule defined for it. This is typically not the case for BLOB attributes like
jpegPhoto, userPKCS12 etc. So the current behaviour gives the best generic
interoperability but is not necessarily the optimal way for every use-case.

In my web2ldap nothing works without schema knowledge. So I have a variant of
this function which also looks in subschema whether an attribute type has
EQUALITY matching rule and deletes by value in this case (plus some more
not-so-generic optimizations).

YMMV. If you have more control over the actual schema/data then you might want
to consider building the modification list yourself. That's what I do in some
specific use-cases.

Ciao, Michael.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4272 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.python.org/pipermail/python-ldap/attachments/20150728/0870fe2a/attachment.bin>

More information about the python-ldap mailing list