[python-ldap] modifyModlist : are old and new values get compared somehow ?

Michael Ströder michael at stroeder.com
Mon Nov 30 07:25:50 EST 2015

Benjamin Dauvergne wrote:
> Le 11/30, mh at ow2.org a écrit :
>> In the following code,
>>     old = {'attr':['oldvalue']}
>>     new = {'attr':['newvalue']}
>>     mod = modlist.modifyModlist(old,new)
>>     l.modify_s(dn,mod)
>> I'm not sure to fully understand the documentation ; it seems the new
>> attribute value is modified in all case - whatever the value stored in
>> old attr ; in this case what's the point in specifying an 'oldvalue' ?
> As LDAP is a multivalued database i.e. each attribute can have multiple values, what's computed by
> modifyModlist is a "diff": remove old values, add new values. If you want to keep some old
> values because for example the schema forbid a value to be missing (and between the DELETE and the
> ADD there will be a time where no value is defined) you have create your modlist yourself such as:

This is not correct or at least misleading.

1. ldap.modlist.modifyModlist() will always MOD_ADD all new values.

2. The LDAP server will always process the whole modification list at once and
check schema afterwards. Note that a single LDAP write operation is always
guaranteed to be atomic.

In web2ldap I have a schema-aware variant of this function which examines
whether an attribute type has an EQUALITY matching rule. If yes, it will
generate finer-grained delete-by-value modification lists to provoke conflicts
which might happen with concurrent write operations for avoiding re-adding
formerly deleted values.

But anyway ldap.modlist.modifyModlist() does the right thing.

Ciao, Michael.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.python.org/pipermail/python-ldap/attachments/20151130/2027b2dd/attachment-0001.bin>

More information about the python-ldap mailing list