Hallvard B Furuseth wrote:
Michael Ströder writes:
Since web2ldap and the delta-modification generator has full schema knowledge today I could look up whether there's an EQUALITY matching rule defined for a given attribute type and then explicitly delete certain attribute values like Hallvard suggested.
Actually I wasn't suggesting that for web2ldap, though it sounds nice. At the time I was talking about how EQUALITY rules would make it easier to write config LDIFs by hand.
I've now implemented that. Needs testing with other LDAP server implementations as well and many weird attribute types. The main problem with such an approach is that subschema is always incomplete. :-(
Ciao, Michael.
Michael Ströder writes:
Actually I wasn't suggesting that for web2ldap, though it sounds nice. At the time I was talking about how EQUALITY rules would make it easier to write config LDIFs by hand.
I've now implemented that.
You've implemented in web2ldap to not make use of web2ldap? :-)
Michael Ströder wrote:
Hallvard B Furuseth wrote:
Michael Ströder writes:
Since web2ldap and the delta-modification generator has full schema knowledge today I could look up whether there's an EQUALITY matching rule defined for a given attribute type and then explicitly delete certain attribute values like Hallvard suggested.
Sure. Again, for single-valued attributes, I didn't see any point in providing EQUALITY rules because there's only one possible value to delete.
Howard Chu wrote:
Michael Ströder wrote:
Hallvard B Furuseth wrote:
Michael Ströder writes:
Since web2ldap and the delta-modification generator has full schema knowledge today I could look up whether there's an EQUALITY matching rule defined for a given attribute type and then explicitly delete certain attribute values like Hallvard suggested.
Sure. Again, for single-valued attributes, I didn't see any point in providing EQUALITY rules because there's only one possible value to delete.
But even if the assertion control is not used explicitly deleting certain attribute value(s) makes the modify request fail if a modification to these attributes happened in between. Are you suggesting that I should also look at whether the attribute type is declared with SINGLE-VALUE and then explicitly delete values?
Hmm, this is hairy because LDAP servers might behave quite differently...
Ciao, Michael.
openldap-software@openldap.org
-
Hallvard B Furuseth -
Howard Chu -
Michael Ströder