[python-ldap] Modlist with a replace sometimes fails
michael at stroeder.com
Thu Mar 3 10:32:15 EST 2016
> I never heard back about whether the below patch is acceptable. I do not change
> the default behaviour, only add the ability to use MOD_REPLACE if the user wishes
Even though this small change does not change the default behaviour it might be
actually used and people will ask here when running into problems. We had
discussions about that function before. I suspect your patch will open a can of
worms leading to more patches for upcoming corner-cases. Also I don't have a
test server running 389-DS. So it's hard for me to test corner-cases.
So if this is an urgent need in your project then you can easily overload this
function with your own implementation. Even with your patch you have to touch
In general it seems that this function might not fit everybody's needs. So I'll
add an interop note in the docs about this:
Replacing attribute values is always done with a
:py:const:`ldap.MOD_DELETE`/:py:const:`ldap.MOD_ADD` pair instead of
:py:const:`ldap.MOD_REPLACE` to work-around potential issues with
attributes for which no EQUALITY matching rule are defined in the
server's subschema. This works correctly in most situations but
rarely fails with some LDAP servers implementing (schema) checks on
transient state entry during processing the modify operation.
P.S.: IMO 389-DS should be fixed.
E-Mail: michael at stroeder.com
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 4245 bytes
Desc: S/MIME Cryptographic Signature
More information about the python-ldap