[python-ldap] Modlist with a replace sometimes fails
William
william at blackhats.net.au
Tue Mar 1 23:04:43 EST 2016
Hi,
I never heard back about whether the below patch is acceptable. I do not change
the default behaviour, only add the ability to use MOD_REPLACE if the user wishes
it.
Thanks,
On Fri, 2016-02-19 at 09:23 +1000, William wrote:
> diff --git a/Lib/ldap/modlist.py b/Lib/ldap/modlist.py
> index 0053a3f..a56c3e5 100644
> --- a/Lib/ldap/modlist.py
> +++ b/Lib/ldap/modlist.py
> @@ -49,7 +49,7 @@ def addModlist(entry,ignore_attr_types=None):
>
>
> def modifyModlist(
> - old_entry,new_entry,ignore_attr_types=None,ignore_oldexistent=0,case_ignore_
> at
> tr_types=None
> + old_entry,new_entry,ignore_attr_types=None,ignore_oldexistent=0,case_ignore_
> at
> tr_types=None,replace_is_add_then_delete=True
> ):
> """
> Build differential modify list for calling LDAPObject.modify()/modify_s()
> @@ -69,6 +69,10 @@ def modifyModlist(
> case_ignore_attr_types
> List of attribute type names for which comparison will be made
> case-insensitive
> + replace_is_add_then_delete
> + Determines if a replace operation is carried out as add then delete
> + or if it is a pure ldap replace. This can have behavioural affects on
> + certain ldap servers and object types IE configuration directories.
> """
> ignore_attr_types = list_dict(map(lower,(ignore_attr_types or [])))
> case_ignore_attr_types = list_dict(map(lower,(case_ignore_attr_types or
> [])))
> @@ -111,8 +115,11 @@ def modifyModlist(
> replace_attr_value = 1
> break
> if replace_attr_value:
> - modlist.append((ldap.MOD_DELETE,attrtype,None))
> - modlist.append((ldap.MOD_ADD,attrtype,new_value))
> + if replace_is_add_then_delete:
> + modlist.append((ldap.MOD_DELETE,attrtype,None))
> + modlist.append((ldap.MOD_ADD,attrtype,new_value))
> + else:
> + modlist.append((ldap.MOD_REPLACE,attrtype,new_value))
> elif old_value and not new_value:
> # Completely delete an existing attribute
> modlist.append((ldap.MOD_DELETE,attrtype,None))
>
--
William <william at blackhats.net.au>
More information about the python-ldap
mailing list