[python-ldap] modifyModlist : are old and new values get compared somehow ?

Michael Ströder michael at stroeder.com
Mon Nov 30 08:19:39 EST 2015

Benjamin Dauvergne wrote:
> Le 11/30, Michael Ströder a écrit :
>>> As LDAP is a multivalued database i.e. each attribute can have multiple values, what's computed by
>>> modifyModlist is a "diff": remove old values, add new values. If you want to keep some old
>>> values because for example the schema forbid a value to be missing (and between the DELETE and the
>>> ADD there will be a time where no value is defined) you have create your modlist yourself such as:
>> This is not correct or at least misleading.
>> 1. ldap.modlist.modifyModlist() will always MOD_ADD all new values.
>> 2. The LDAP server will always process the whole modification list at once and
>> check schema afterwards. Note that a single LDAP write operation is always
>> guaranteed to be atomic.
> I agree it's atomic and my remark on this point was misleading but I remember having problems with
> OpenLDAP slapo-constraint and DELETE/ADD in a single modlist, I had to use REPLACE in this case. I
> don't want to make FUD but if you know you want to replace all the values, REPLACE seems to be the
> best option, and at the level of the source code intentions are clearer.

Yes, slapo-constraint could cause some interesting corner-cases. Could you
please elaborate on OpenLDAP version, details of the constraint and the exact
modify request which failed?

Ciao, Michael.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.python.org/pipermail/python-ldap/attachments/20151130/d9ee43b7/attachment.bin>

More information about the python-ldap mailing list