On Wed, Apr 22, 2009 at 11:53 AM, Andrew Findlay <andrew.findlay@skills-1st.co.uk> wrote:
On Wed, Apr 22, 2009 at 08:10:15PM +0200, Hallvard B Furuseth wrote:
> > dn: uid=username,dc=example,dc=com
> > changetype: modify
> > delete: facsimileTelephoneNumber
> > facsimileTelephoneNumber:telephoneNumberMatch:=+1 (555)555 5555
>
> True, LDAP does not support that for attributes without EQUALITY
> matching rules.  (So there is no LDIF syntax for it:-)
> For such attributes you need to read the entry and use replace:,
> listing the values you want to keep.

If the requirement for the new definition is just to make value
deletion easier then I would question its worth. Deleting individual
values is important in attributes like 'member' that are likely to
have thousands of values, but how many fax numbers could an entry
usefully have

The existing sync script assumes that attributes can be replaced.

I have to reimport the databases anyway for a 2.3 -> 2.4 upgrade so the only cost is maintaining the schema patch (and presumably crashing if we ever forget to include it since this is a normalization change).

--
Thanks,
Sean Burford