[python-ldap] modifyModlist : are old and new values get compared somehow ?

[Benjamin Dauvergne]

Le 11/30, Michael Ströder a écrit :
> Benjamin Dauvergne wrote:
> > Le 11/30, Michael Ströder a écrit :
> >>> As LDAP is a multivalued database i.e. each attribute can have multiple values, what's computed by
> >>> modifyModlist is a "diff": remove old values, add new values. If you want to keep some old
> >>> values because for example the schema forbid a value to be missing (and between the DELETE and the
> >>> ADD there will be a time where no value is defined) you have create your modlist yourself such as:
> >>
> >> This is not correct or at least misleading.
> >>
> >> 1. ldap.modlist.modifyModlist() will always MOD_ADD all new values.
> >>
> >> 2. The LDAP server will always process the whole modification list at once and
> >> check schema afterwards. Note that a single LDAP write operation is always
> >> guaranteed to be atomic.
> > 
> > I agree it's atomic and my remark on this point was misleading but I remember having problems with
> > OpenLDAP slapo-constraint and DELETE/ADD in a single modlist, I had to use REPLACE in this case. I
> > don't want to make FUD but if you know you want to replace all the values, REPLACE seems to be the
> > best option, and at the level of the source code intentions are clearer.
> 
> Yes, slapo-constraint could cause some interesting corner-cases. Could you
> please elaborate on OpenLDAP version, details of the constraint and the exact
> modify request which failed?

Version was 2.4.31+really2.4.40+dfsg on Debian Wheezy but I do not have the details anymore about
the specific query but I think the problem was a cardinality constraint like:

	olcConstraintAttribute: mail count 1

With DELETE/ADD it failed, with REPLACE it was ok.

-- 
Benjamin Dauvergne - Tel Entrouvert: 01 43 35 01 35 - Tel perso: 01 84 16 24 53