Based on patch by Petri Asikainen <paca@sci.fi> fix bug #387 and #330.

This patch will change order how attributes are modified
from: add, delete
to:   delete, add

This is needed to update single valued attributes in Novell NDS and
should not harm anyone else.
(This used to be commit fabf80169079483a1378aa0177d8d8335bd98bb3)

1 files changed, 15 insertions, 14 deletions

diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c
index d4cf378e49..d9d73d943f 100644
--- a/source3/lib/smbldap.c
+++ b/source3/lib/smbldap.c
@@ -438,22 +438,23 @@ BOOL fetch_ldap_pw(char **dn, char** pw)
 	   the old value, should it exist. */
 
 	if ((newval != NULL) && (strlen(newval) > 0)) {
-		smbldap_set_mod(mods, LDAP_MOD_ADD, attribute, newval);
-	}
+		if (existed) {
+		        /* There has been no value before, so don't delete it.
+			 * Here's a possible race: We might end up with
+			 * duplicate attributes */
+			/* By deleting exactly the value we found in the entry this
+			 * should be race-free in the sense that the LDAP-Server will
+			 * deny the complete operation if somebody changed the
+			 * attribute behind our back. */
+			/* This will also allow modifying single valued attributes 
+			 * in Novell NDS. In NDS you have to first remove attribute and then
+			 * you could add new value */
+
+	                 smbldap_set_mod(mods, LDAP_MOD_DELETE, attribute, oldval);
+	        }
 
-	if (!existed) {
-		/* There has been no value before, so don't delete it.
-		   Here's a possible race: We might end up with
-		   duplicate attributes */
-		return;
+		smbldap_set_mod(mods, LDAP_MOD_ADD, attribute, newval);
 	}
-
-	/* By deleting exactly the value we found in the entry this
-	   should be race-free in the sense that the LDAP-Server will
-	   deny the complete operation if somebody changed the
-	   attribute behind our back. */
-
-	smbldap_set_mod(mods, LDAP_MOD_DELETE, attribute, oldval);
 }
 
 /**********************************************************************