On 9/27/18 6:53 PM, Quanah Gibson-Mount wrote:
And this strategy would work just fine, because it deletes all values
the add. It's essentially what the REPLACE op does anyway.
Well yeah it works now, after adding the EQUALITY rule to the
attribute(*). Can someone pls explain this to me? I'm not getting why
LDAP_MOD_REPLACE won't work without an EQUALITY rule.
Also, please note my original post on this thread. I just wanted to add
one attribute. It seems a lot more efficient, if I just want to add one
attribute (in this case to a multi-valued attribute) to be able to use
LDAP_MOD_ADD, instead of LDAP_MOD_REPLACE (or especially instead of
Now that I'm taking another look at the python-ldap docs, I realize that
maybe I could get my sole LDAP_MOD_ADD if I abandon trying to use the
python module "ldap.modlist". It seems that I could generate my own list
instead of using "ldap.modlist" to generate the list, and thus specify
ldap.MOD_ADD as the 1st element in the tuple.
(*) Note this is only a test environment. I don't really care about
breaking anything. If I were to change the schema in production, I'd go
to a lot more effort validating that it would not break anything (or
just plan on the LDIF export/import).