Paul Wankadia wrote: > The current implementation of modifyModlist() clashed with some ACLs > because it touches too many values. :/
I don't fully understand. Do you have ACLs based on certain attribute values? It would be probably a good idea to mention these issues in the docs. > Here's a replacement that I hacked together: > > if old_values != new_values: > modify.append((ldap.MOD_REPLACE, attr, list(new_values))) The problem with MOD_REPLACE or with only deleting/adding certain attribute values is that it needs EQUALITY matching rules to be implemented at the server-side for all syntaxes of attributes to be modified. That's not the case for e.g. jpegPhoto (or even attribute postalAddress on some servers). In web2ldap I have a modified function modifyModlist() which examines the subschema for determining whether the attribute type has an EQUALITY matching rules assigned and whether this particular matching rule is really listed in the subschema. => So for general use I won't accept your version since it will choke in many more cases. Ciao, Michael. ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
