[python-ldap] Modlist with a replace sometimes fails

Jephte Clain jephte.clain at univ-reunion.fr
Thu Feb 18 06:45:07 EST 2016

just chiming in to check that I understand correctly...

2016-02-18 12:30 GMT+04:00 Michael Ströder <michael at stroeder.com>:
> William wrote:
>> I noticed that the code for modlist does the following:
>> line 111:
>>       if replace_attr_value:
>>         modlist.append((ldap.MOD_DELETE,attrtype,None))
>>         modlist.append((ldap.MOD_ADD,attrtype,new_value))
>> This often fails on certain ldap servers, especially with configuration
>> directives as they cannot be removed before the add takes place.
> Could you please give more details:
> - LDAP server vendor and exact version
> - attribute for which this fails
>> I would like to ask that either this be fixed to:
>> line 111:
>>       if replace_attr_value:
>>         modlist.append((ldap.MOD_REPLACE,attrtype,new_value))
> It's probably time to add that to the FAQ:
> https://mail.python.org/pipermail/python-ldap/2008q3/002342.html

Are you saying that

dn: xxx
changetype: modify
replace: attr
attr: value

requires attr to have an equality matching rule? why not, I mean one
don't care what the previous value is as it is replaced???
Or did I fail to understand properly?

FYI, on OpenLDAP, under the cn=config database, there are some
attributes that a required to exist. You can't just delete then add
them: you have to replace them.
But indeed, I have never seen such a behavior on a "regular" database.

have a good day, regards,
Jephté CLAIN

> Note that you don't have to use ldap.modlist.modifyModlist() and your
> application can generate your own modlist when tweaking special attributes.

Jephté CLAIN | Développeur, Intégrateur d'applications
Service Système d'Information
Direction des Systèmes d'Information
Tél: +262 262 93 86 31 || Gsm: +262 692 29 58 24

More information about the python-ldap mailing list