[Date Prev][Date Next] [Chronological] [Thread] [Top]

modifying multi-valued entry with no values



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hi,

- From http://www.php.net/ldap_modify :

'The behaviour of OpenLDAP from 1.x to 2.x changed; in 1.x, when you passed 
ldap_modify the array, if the value was empty that attribute would be 
deleted.  In 2.x, you get an "Invalid Syntax" error and the modify fails. 
 
 This requires the ldap_mod_del function; unfortunately, that operation 
requires the attribute to be deleted have it's *old* value specified -- as 
you can imagine, if you're taking input from a CGI form, the attribute to be 
deleted's value is now missing (i.e., the user blanked out that textbox in 
the form and clicked Submit). 
 
 So, you're in a bit of a conundrum -- you want to delete "empty" form values, 
but you need their old value to delete them.'

Is this true ?
If yes, it poses some kind of a problem for me. I am trying to make a 
webinterface to manage some ldap entries, but I would really like to do 
modifcations 'atomically'. 

That is, I want one call to ldap_modify to modify all attributes that need 
modification. 

This works fine for instance with this:

OLD VALUES:
mailalternateaddress: usera@example.com
mailalternateaddress: auser@example.com
mailalternateaddress: postmaster@example.com

NEW VALUES:
mailalternateaddress: usera@example.com
mailalternateaddress: somethingelse@example.com

afer ldap_modify, the entry reflects the new values, i.e. al old values have 
been deleted and the new ones inserted. (Don't know if it woks that way 
internally, but that's the result).

Now, the problem arises when trying to modify the entry by deleting all the 
values:

OLD VALUES:
mailalternateaddress: usera@example.com
mailalternateaddress: auser@example.com
mailalternateaddress: postmaster@example.com

NEW VALUES:
nothing, obviously.

Using ldap_modify, this raises some error.
Now of course, if this was the only attribute I needed to modify, that would't 
be a big problem. But consider:


OLD VALUES:
mail: alice@example.com
mailalternateaddress: usera@example.com
mailalternateaddress: auser@example.com
mailalternateaddress: postmaster@example.com

NEW VALUES:

mail: bob@example.com

i.e. we want to change the mail attribute, and get rid of all the 
mailalternateaddress attributes.

It seems that TWO calls to ldap_something are needed:
one to modify 'mail'
one to 'delete' mailalternateaddress.

Of course, this enables all sorts of race conditions, and generally 
programming awkwardness.

What was the reason to change this behaviour, and is there a way to circumvent 
the non-atomicness of modifying (empty) attributes ?

Sincerely,

ace


website: http://www.suares.nl * http://www.qwikzite.nl
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux)

iD8DBQE/008Gy7boE8xtIjURAqJCAJwPxI1/d8HD5RZhs+USD7ldA6OxKQCfTIMA
p/Rc/qdV6UqmOIXO5v+nhHU=
=zXzr
-----END PGP SIGNATURE-----