[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: modifying multi-valued entry with no values
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
After reading ldap_modify(3) about trice:
'The routine ldap_modify_s() is used to perform an LDAP modify operation. dn
is the DN of the entry to modify, and mods is a null-terminated array of
modifications to make to the entry. Each element of the mods array is a
pointer to an LDAPMod structure, which is defined below.'
It seems to me that ldap_modify can handle an array of modifications, and that
eacht element of that array can have a mod_type of add, delete or replace.
So, handling a replacement and a deletion in the same ldap_modify call should
be possible. So, is this a pure PHP problem, then ?
_Ace
> Hi,
>
> From http://www.php.net/ldap_modify :
>
> 'The behaviour of OpenLDAP from 1.x to 2.x changed; in 1.x, when you passed
> ldap_modify the array, if the value was empty that attribute would be
> deleted. In 2.x, you get an "Invalid Syntax" error and the modify fails.
>
> This requires the ldap_mod_del function; unfortunately, that operation
> requires the attribute to be deleted have it's *old* value specified -- as
> you can imagine, if you're taking input from a CGI form, the attribute to
> be deleted's value is now missing (i.e., the user blanked out that textbox
> in the form and clicked Submit).
>
> So, you're in a bit of a conundrum -- you want to delete "empty" form
> values, but you need their old value to delete them.'
>
> Is this true ?
> If yes, it poses some kind of a problem for me. I am trying to make a
> webinterface to manage some ldap entries, but I would really like to do
> modifcations 'atomically'.
>
> That is, I want one call to ldap_modify to modify all attributes that need
> modification.
>
> This works fine for instance with this:
>
> OLD VALUES:
> mailalternateaddress: usera@example.com
> mailalternateaddress: auser@example.com
> mailalternateaddress: postmaster@example.com
>
> NEW VALUES:
> mailalternateaddress: usera@example.com
> mailalternateaddress: somethingelse@example.com
>
> afer ldap_modify, the entry reflects the new values, i.e. al old values
> have been deleted and the new ones inserted. (Don't know if it woks that
> way internally, but that's the result).
>
> Now, the problem arises when trying to modify the entry by deleting all the
> values:
>
> OLD VALUES:
> mailalternateaddress: usera@example.com
> mailalternateaddress: auser@example.com
> mailalternateaddress: postmaster@example.com
>
> NEW VALUES:
> nothing, obviously.
>
> Using ldap_modify, this raises some error.
> Now of course, if this was the only attribute I needed to modify, that
> would't be a big problem. But consider:
>
>
> OLD VALUES:
> mail: alice@example.com
> mailalternateaddress: usera@example.com
> mailalternateaddress: auser@example.com
> mailalternateaddress: postmaster@example.com
>
> NEW VALUES:
>
> mail: bob@example.com
>
> i.e. we want to change the mail attribute, and get rid of all the
> mailalternateaddress attributes.
>
> It seems that TWO calls to ldap_something are needed:
> one to modify 'mail'
> one to 'delete' mailalternateaddress.
>
> Of course, this enables all sorts of race conditions, and generally
> programming awkwardness.
>
> What was the reason to change this behaviour, and is there a way to
> circumvent the non-atomicness of modifying (empty) attributes ?
>
> Sincerely,
>
> ace
>
>
> website: http://www.suares.nl * http://www.qwikzite.nl
- --
Ace Suares' Internet Consultancy
NIEUW ADRES: Postbus 2599, 4800 CN Breda
telefoon: 06-244 33 608
fax en voicemail: 0848-707 705
website: http://www.suares.nl * http://www.qwikzite.nl
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux)
iD8DBQE/03Qyy7boE8xtIjURArE/AJ0Qgikq30RW1CMcE9+AY08SETwdnwCfelcI
sjoP8QpqONyXHeZWOCTjbx0=
=fQLY
-----END PGP SIGNATURE-----