If the Modify Request is a Delete Modification-type and there is an attribute description without any values, then all values for the specified attribute will be removed from the entry.
Under normal circumstances, a Modify Request that is a Delete Modification-type cannot be used with the Delete Modification-type to remove an attribute that does not already exist.
NOTE: the Replace Modification-type can be used to accomplish this.
A Delete Modification-type change record requires two items:
- the TargetDN of the entry to delete
- the modify changeType with the Delete Modification-type directive
The following example deletes the firstname.lastname@example.org value from the mail attribute. If the attribute does not contain the specified value, the operation fails.
However, if the purpose was to ensure that the specified value did not exist in the attribute, the operation succeeds in achieving the desired result.
version: 1 dn: cn=johndoe, ou=provo, ou=users, o=novell changetype: modify delete: mail mail: email@example.com
The following example deletes all values of the mail attribute. If the attribute does not exist, the operation fails.
However, if the purpose was to ensure that the attribute has no values, the operation succeeds in achieving this result.
version: 1 dn: cn=johndoe, ou=provo, ou=users, o=novell changetype: modify delete: mail
More Information#There might be more information for this subject on one of the following:
- Enable UserPassword in Microsoft Active Directory
- LDAP ModifyRequest Operations