On 9/28/18 7:11 PM, Quanah Gibson-Mount wrote:
--On Thursday, September 27, 2018 8:16 PM -0700 Christopher Paul chris.paul@rexconsulting.net wrote:
Well yeah it works now, after adding the EQUALITY rule to the attribute(*). Can someone pls explain this to me? I'm not getting why LDAP_MOD_REPLACE won't work without an EQUALITY rule.
If you mean the python LDAP_MOD_REPLACE, it's entire purpose is to ensure it works whether or not there is an EQUALITY rule (from what I read). If that's not working right, you probably need to take that up with the python-ldap folks.
Since I'm the one who wrote this code I should probably comment on this:
1. You don't have to use ldap.modlist.modifyModlist() [1]. It's just provided for convenience in case you have old and entries and want to let it craft the modification list for you. Still you can directly pass whatever modlist you want to LDAPObject.modify_s() and friends.
2. The MOD_DELETE for complete deletion of all attributes values with subsequent MOD_ADD of the new attribute value list was done because I ran into issues with attributes without EQUALITY matching rule. This is a rather old topic and I forgot the details.
Ciao, Michael.
[1] https://www.python-ldap.org/en/latest/reference/ldap-modlist.html#ldap.modli...
[2] https://www.python-ldap.org/en/latest/reference/ldap.html#ldap.LDAPObject.mo...