From 72877dd13e070147c52c36eb9e0b0e78bed436b1 Mon Sep 17 00:00:00 2001
From: Benjamin Renard <brenard@easter-eggs.com>
Date: Wed, 3 May 2023 11:33:19 +0200
Subject: [PATCH] LdapClient.get_changes(): properly handle attributes with
 empty value

---
 mylib/ldap.py | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/mylib/ldap.py b/mylib/ldap.py
index cee9197..122ba8d 100644
--- a/mylib/ldap.py
+++ b/mylib/ldap.py
@@ -782,21 +782,23 @@ class LdapClient:
         protected_attrs = [a.lower() for a in protected_attrs or []]
         protected_attrs.append("dn")
         # New/updated attributes
-        for attr in attrs:
+        for attr, values in attrs.items():
             if protected_attrs and attr.lower() in protected_attrs:
                 continue
             if attr in ldap_obj and ldap_obj[attr]:
-                if sorted(ldap_obj[attr]) == sorted(attrs[attr]):
+                if sorted(ldap_obj[attr]) == sorted(values):
                     continue
                 old[attr] = self.encode(ldap_obj[attr])
-            new[attr] = self.encode(attrs[attr])
+            elif not values:
+                continue
+            new[attr] = self.encode(values)
 
         # Deleted attributes
         for attr in ldap_obj:
             if (
                 (not protected_attrs or attr.lower() not in protected_attrs)
                 and ldap_obj[attr]
-                and attr not in attrs
+                and not attrs.get(attr)
             ):
                 old[attr] = self.encode(ldap_obj[attr])
         if old == new: