Re: ldap.modlist.modifyModlist()

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Paul Wankadia wrote:
> The current implementation of modifyModlist() clashed with some ACLs
> because it touches too many values. :/

I don't fully understand. Do you have ACLs based on certain attribute
values? It would be probably a good idea to mention these issues in the
docs.

> Here's a replacement that I hacked together:
> 
>       if old_values != new_values:
>         modify.append((ldap.MOD_REPLACE, attr, list(new_values)))

The problem with MOD_REPLACE or with only deleting/adding certain
attribute values is that it needs EQUALITY matching rules to be
implemented at the server-side for all syntaxes of attributes to be
modified. That's not the case for e.g. jpegPhoto (or even attribute
postalAddress on some servers).

In web2ldap I have a modified function modifyModlist() which examines
the subschema for determining whether the attribute type has an EQUALITY
matching rules assigned and whether this particular matching rule is
really listed in the subschema.

=> So for general use I won't accept your version since it will choke in
many more cases.

Ciao, Michael.