Petr Viktorin wrote: [snip]
--- a/ipaserver/ipaldap.py +++ b/ipaserver/ipaldap.py @@ -1775,6 +1775,8 @@ class IPAdmin(LDAPClient): if removes: if not force_replace: modlist.append((ldap.MOD_DELETE, key, removes)) + elif new_values == []: # delete an empty value + modlist.append((ldap.MOD_DELETE, key, removes))I don't understand this change. AFAIK updateEntry/generateModList is only used in ldapupdater now, and it's going away as soon as I can find time to remove it. If you need to change it I'd like to know why.
Things may have changed since the refactoring, I did the development against the old code then did some sanity checking. I'll take another look.
This code lets one delete a single-valued attribute. If you want to delete a single-value attribute then force_replace will set so the delete will be lost.
rob _______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
