[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
modifying multi-valued entry with no values
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
- From http://www.php.net/ldap_modify :
'The behaviour of OpenLDAP from 1.x to 2.x changed; in 1.x, when you passed
ldap_modify the array, if the value was empty that attribute would be
deleted. In 2.x, you get an "Invalid Syntax" error and the modify fails.
This requires the ldap_mod_del function; unfortunately, that operation
requires the attribute to be deleted have it's *old* value specified -- as
you can imagine, if you're taking input from a CGI form, the attribute to be
deleted's value is now missing (i.e., the user blanked out that textbox in
the form and clicked Submit).
So, you're in a bit of a conundrum -- you want to delete "empty" form values,
but you need their old value to delete them.'
Is this true ?
If yes, it poses some kind of a problem for me. I am trying to make a
webinterface to manage some ldap entries, but I would really like to do
modifcations 'atomically'.
That is, I want one call to ldap_modify to modify all attributes that need
modification.
This works fine for instance with this:
OLD VALUES:
mailalternateaddress: usera@example.com
mailalternateaddress: auser@example.com
mailalternateaddress: postmaster@example.com
NEW VALUES:
mailalternateaddress: usera@example.com
mailalternateaddress: somethingelse@example.com
afer ldap_modify, the entry reflects the new values, i.e. al old values have
been deleted and the new ones inserted. (Don't know if it woks that way
internally, but that's the result).
Now, the problem arises when trying to modify the entry by deleting all the
values:
OLD VALUES:
mailalternateaddress: usera@example.com
mailalternateaddress: auser@example.com
mailalternateaddress: postmaster@example.com
NEW VALUES:
nothing, obviously.
Using ldap_modify, this raises some error.
Now of course, if this was the only attribute I needed to modify, that would't
be a big problem. But consider:
OLD VALUES:
mail: alice@example.com
mailalternateaddress: usera@example.com
mailalternateaddress: auser@example.com
mailalternateaddress: postmaster@example.com
NEW VALUES:
mail: bob@example.com
i.e. we want to change the mail attribute, and get rid of all the
mailalternateaddress attributes.
It seems that TWO calls to ldap_something are needed:
one to modify 'mail'
one to 'delete' mailalternateaddress.
Of course, this enables all sorts of race conditions, and generally
programming awkwardness.
What was the reason to change this behaviour, and is there a way to circumvent
the non-atomicness of modifying (empty) attributes ?
Sincerely,
ace
website: http://www.suares.nl * http://www.qwikzite.nl
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux)
iD8DBQE/008Gy7boE8xtIjURAqJCAJwPxI1/d8HD5RZhs+USD7ldA6OxKQCfTIMA
p/Rc/qdV6UqmOIXO5v+nhHU=
=zXzr
-----END PGP SIGNATURE-----