--On Thursday, September 27, 2018 8:16 PM -0700 Christopher Paul chris.paul@rexconsulting.net wrote:
Well yeah it works now, after adding the EQUALITY rule to the attribute(*). Can someone pls explain this to me? I'm not getting why LDAP_MOD_REPLACE won't work without an EQUALITY rule.
If you mean the python LDAP_MOD_REPLACE, it's entire purpose is to ensure it works whether or not there is an EQUALITY rule (from what I read). If that's not working right, you probably need to take that up with the python-ldap folks.
Also, please note my original post on this thread. I just wanted to add one attribute. It seems a lot more efficient, if I just want to add one attribute (in this case to a multi-valued attribute) to be able to use LDAP_MOD_ADD, instead of LDAP_MOD_REPLACE (or especially instead of LDAP_MOD_DELETE/LDAP_MOD_ADD pair).
If you read back on my earlier responses, you'll note I mentioned "normalization" of the values.
Basic breakdown:
If an attribute is defined in the schema with an EQUALITY rule, then the values get normalized. If an attribute is defined in the schema without an EQUALITY rule, there are no normalized values.
Case a: Normalized values
You can use changetype: modify + add to add value(s) to an attribute because slapd has the knowledge with which to check for duplicate values based on the EQUALITY rule.
Case b: No normalized values
You cannot use changetype: modify + add to add value(s) to an attribute because slapd has no knowledge about whether or not there are duplicate values. You must use changetype: modify + replace.
I.e., if I have:
dn: uid=joe,cn=people,dc=example,dc=com mail: joe@example.com
And in this case "mail" has no EQUALITY rule, if I try to do:
dn: uid=joe,cn=people,dc=example,dc=com changetype: modify add: joe@example2.com
it will fail, because there are no normalized values that slapd can use to ensure I'm not adding a duplicate to what already exists. Instead, I must do:
dn: uid=joe,cn=people,dc=example,dc=com changetype: modify replace: mail mail: joe@example.com mail: joe@example2.com
Hope that helps.
--Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com