How can we filter when applying ldapmodify?
For eg: this is how my user object looks like:
dn: mail=abc@d.com,ou=users,dc=dev,dc=com
sn: po
givenName: abc
pin: 1234
mail: abc@d.com
telephoneNumber: 11234567890
enabled: FALSE
city: city
cn: abc@d.com
o: org
I want to modify this user's city if his org is org. How can I apply such a filter?
I am doing it using ldap3, do I need to use controls?
You need to send the Assertion Control along with your modify operation (see RFC 4528). Basically the control contains a filter which has to be matched.
I'm using this control in my web2ldap to prevent concurrent writes to do anything bad.
I have some doubts that ldap3 module supports it out-of-the-box though.
Further notes:
- Not all LDAP servers support this control.
- There are subtle bugs in LDAP server implementations supporting this control.
来源:https://stackoverflow.com/questions/51982547/ldap3-python-modify-replace-an-object-with-filter