On Wed, Apr 22, 2009 at 11:53 AM, Andrew Findlay < andrew.findlay@skills-1st.co.uk> wrote:
On Wed, Apr 22, 2009 at 08:10:15PM +0200, Hallvard B Furuseth wrote:
dn: uid=username,dc=example,dc=com changetype: modify delete: facsimileTelephoneNumber facsimileTelephoneNumber:telephoneNumberMatch:=+1 (555)555 5555
True, LDAP does not support that for attributes without EQUALITY matching rules. (So there is no LDIF syntax for it:-) For such attributes you need to read the entry and use replace:, listing the values you want to keep.
If the requirement for the new definition is just to make value deletion easier then I would question its worth. Deleting individual values is important in attributes like 'member' that are likely to have thousands of values, but how many fax numbers could an entry usefully have
The existing sync script assumes that attributes can be replaced.
I have to reimport the databases anyway for a 2.3 -> 2.4 upgrade so the only cost is maintaining the schema patch (and presumably crashing if we ever forget to include it since this is a normalization change).