From 6b57aabf9556026dedc951f2b8b0c3eb3c90a2ae 2015-03-08 11:22:24 From: Branko Majic Date: 2015-03-08 11:22:24 Subject: [PATCH] MAR-1: Fixed the handling of state addattributes in ldap_entry module to be more optimal (which also fixes some issues with cn=config additions related to inability to remove some attribute values). --- diff --git a/roles/ldap_server/library/ldap_entry.py b/roles/ldap_server/library/ldap_entry.py index 3e23908ac84b82eff764de068b24fa4ebaff7e78..9ded50d27cbb9e6f1f44dc5b3f3cd0b420e3ac91 100755 --- a/roles/ldap_server/library/ldap_entry.py +++ b/roles/ldap_server/library/ldap_entry.py @@ -228,17 +228,22 @@ class LDAPEntry(object): attribute_list = self.attributes.keys() current_attributes = self.connection.search_s(self.dn, ldap.SCOPE_BASE, attrlist=attribute_list)[0][1] - new_attributes = deepcopy(self.attributes) + # This dictionary will contain all new attributes (or attribute values) + # that should be added to the entry. We can't rely on modifyModlist + # unfortunately, since if the values already exists, it will try to + # remove and re-add them. + new_attributes = {} + + # If attribute is already present, only add the difference between + # requested and current values. for attribute, values in current_attributes.iteritems(): - if attribute in new_attributes: - new_attributes[attribute].extend(values) - new_attributes[attribute] = list(set(new_attributes[attribute])) + if attribute in self.attributes: + new_attributes[attribute] = [ item for item in self.attributes[attribute] if item not in values ] else: new_attributes[attribute] = values - modification_list = ldap.modlist.modifyModlist(current_attributes, - new_attributes) + modification_list = ldap.modlist.modifyModlist({}, new_attributes) if not modification_list: return False