--On Thursday, September 27, 2018 8:16 PM -0700 Christopher Paul
Well yeah it works now, after adding the EQUALITY rule to the
attribute(*). Can someone pls explain this to me? I'm not getting why
LDAP_MOD_REPLACE won't work without an EQUALITY rule.
If you mean the python LDAP_MOD_REPLACE, it's entire purpose is to ensure
it works whether or not there is an EQUALITY rule (from what I read). If
that's not working right, you probably need to take that up with the
Also, please note my original post on this thread. I just wanted to
one attribute. It seems a lot more efficient, if I just want to add one
attribute (in this case to a multi-valued attribute) to be able to use
LDAP_MOD_ADD, instead of LDAP_MOD_REPLACE (or especially instead of
If you read back on my earlier responses, you'll note I mentioned
"normalization" of the values.
If an attribute is defined in the schema with an EQUALITY rule, then the
values get normalized.
If an attribute is defined in the schema without an EQUALITY rule, there
are no normalized values.
Case a: Normalized values
You can use changetype: modify + add to add value(s) to an attribute
because slapd has the knowledge with which to check for duplicate values
based on the EQUALITY rule.
Case b: No normalized values
You cannot use changetype: modify + add to add value(s) to an attribute
because slapd has no knowledge about whether or not there are duplicate
values. You must use changetype: modify + replace.
I.e., if I have:
And in this case "mail" has no EQUALITY rule, if I try to do:
it will fail, because there are no normalized values that slapd can use to
ensure I'm not adding a duplicate to what already exists. Instead, I must
Hope that helps.
Packaged, certified, and supported LDAP solutions powered by OpenLDAP: