Skipped RDNs leading to incorrectly updating entry, even if nothing has changed
philsttr opened this issue · 0 comments
Say you have an ldap entry with the following DN:
uid=john.doe,ou=People,dc=example,dc=com
That entry also has an attribute for the RDN
uid=john.doe
Due to this code when reading an existing entry...
terraform-provider-ldap/resource_ldap_object.go
Lines 335 to 342 in afa6d21
... the RDN attribute is skipped
Therefore, when running a terraform apply
, with an entry that has not changed, the terraform-provider-ldap
thinks that the entry has changed since the entry read from LDAP does not have the RDN attribute (due to it being skipped), but the config does have it.
This leads to the terraform-provider-ldap
attempting to update the entry, even though it does not need updating. The plan will show something like:
attributes.3552807835.uid: "" => "john.doe"
When the entry is attempted to be updated, the ldap server will return an error like this:
* ldap_object.user.1: LDAP Result Code 20 "Attribute Or Value Exists": modify/add: uid: value #0 already exists