From 236adfd9f4ba3ebcb22995431b1935193206e5c2 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Sun, 25 Jan 2004 00:50:39 +0000
Subject: Fix removal of attributes in LDAP - we would not actually remove the
 old value in the previous code.

Andrew Bartlett
(This used to be commit c97d3eb1622ee25c24b0cd81b65ec7d4b854e604)
---
 source3/lib/smbldap.c | 32 ++++++++++++++++----------------
 1 file changed, 16 insertions(+), 16 deletions(-)

(limited to 'source3')

diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c
index b8ce4236e4..2bfaeccd15 100644
--- a/source3/lib/smbldap.c
+++ b/source3/lib/smbldap.c
@@ -425,7 +425,7 @@ BOOL fetch_ldap_pw(char **dn, char** pw)
 
 	/* all of our string attributes are case insensitive */
 	
-	if (existed && (StrCaseCmp(oldval, newval) == 0)) {
+	if (existed && newval && (StrCaseCmp(oldval, newval) == 0)) {
 		
 		/* Believe it or not, but LDAP will deny a delete and
 		   an add at the same time if the values are the
@@ -433,26 +433,26 @@ BOOL fetch_ldap_pw(char **dn, char** pw)
 		return;
 	}
 
+	if (existed) {
+		/* There has been no value before, so don't delete it.
+		 * Here's a possible race: We might end up with
+		 * duplicate attributes */
+		/* By deleting exactly the value we found in the entry this
+		 * should be race-free in the sense that the LDAP-Server will
+		 * deny the complete operation if somebody changed the
+		 * attribute behind our back. */
+		/* This will also allow modifying single valued attributes 
+		 * in Novell NDS. In NDS you have to first remove attribute and then
+		 * you could add new value */
+		
+		smbldap_set_mod(mods, LDAP_MOD_DELETE, attribute, oldval);
+	}
+
 	/* Regardless of the real operation (add or modify)
 	   we add the new value here. We rely on deleting
 	   the old value, should it exist. */
 
 	if ((newval != NULL) && (strlen(newval) > 0)) {
-		if (existed) {
-		        /* There has been no value before, so don't delete it.
-			 * Here's a possible race: We might end up with
-			 * duplicate attributes */
-			/* By deleting exactly the value we found in the entry this
-			 * should be race-free in the sense that the LDAP-Server will
-			 * deny the complete operation if somebody changed the
-			 * attribute behind our back. */
-			/* This will also allow modifying single valued attributes 
-			 * in Novell NDS. In NDS you have to first remove attribute and then
-			 * you could add new value */
-
-	                 smbldap_set_mod(mods, LDAP_MOD_DELETE, attribute, oldval);
-	        }
-
 		smbldap_set_mod(mods, LDAP_MOD_ADD, attribute, newval);
 	}
 }
-- 
cgit