This is my first time using Spring LDAP and I am having some problems updating multi-value attributes. I am trying to add a user to a set of groups and also to a set of roles. Both of which are multi-value attributes. I am reading the user prior to the update and then attempting to perform the modiftyAttributes call. I receive a "LDAP error code 20 - Attribute Or Value Exists". After reading the user and applying the changes to the context, I dump out the ModificationItem array and the multi-value attribute seems to always have an Add as the operation. This works fine when I add the user to the first group or role, but once the user is in one role or group, then any subsequent "updates" fail with the error message above (obviously because it is trying to add a role/group value which already exists). I noticed that the ModificationItem only has a single operation value, so I am not sure how this would work for multi-value attributes where one or more values could be an add and others could be deletes. Does Spring LDAP handle this scenario or am I missing something?
I am using Sun Directory Server Enterprise Edition version 6.3 and spring ldap 1.3.0
After some extensive searching, I believe that I have discovered what is causing this problem, but I am unsure of the best way to fix it. I am performing a ldapTemplate.lookupContext call prior to mapping my changes to the context. The problem lies in the fact that the multi-valued attributes I am changing are actually subentries which means that they are not normally retreived during lookups. When I perform the updates to the context, it assumes because they are not there that everything is an add. I have resolved this in other parts of my code by providing an explicit list of attribute names to retrieve. Unluckily, I don't see an option for this on the lookupContext method. I will continue to look at this further, but if anyone has any suggestions, they would be appreciated.