Something I have noticed recently, when trying to write into an AD using the microsoft tools is that they are fussy on the "-\n" delimiter after each attribute in a modify record. This seems to have to be there (for AD/ADAM) even if there is only one attribute change.
Naturally using the perl LDAP libraries to read and update the directory works OK. The only reason I was using a Microsoft tool was for kerberos authentication without trying to get GSSAPI working on Win32. RFC2849 indicates that mod-spec should include the "-" separator? Net::LDAP::LDIF v0.17 (line 538 on) does not write a "-\n" if there is only one attribute value change. I think perhaps it should. Does this make any sense? Si
