From 9eedffdfa62b4fa64244f048969b45b27a995c7a Mon Sep 17 00:00:00 2001
From: Martin Basti <mbasti@redhat.com>
Date: Mon, 25 May 2015 14:57:04 +0200
Subject: Server Upgrade: fix remove statement

If value does not exists then do not update entry. Otherwise, together with
nonexistent entry, the LDAP decode error will be raised.

https://fedorahosted.org/freeipa/ticket/4904

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
---
 ipaserver/install/ldapupdate.py | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/ipaserver/install/ldapupdate.py b/ipaserver/install/ldapupdate.py
index 2f5bcc748..5fca37695 100644
--- a/ipaserver/install/ldapupdate.py
+++ b/ipaserver/install/ldapupdate.py
@@ -648,9 +648,10 @@ class LDAPUpdate:
                     entry_values.remove(update_value)
                 except ValueError:
                     self.warning("remove: '%s' not in %s", update_value, attr)
-                    pass
-                entry[attr] = entry_values
-                self.debug('remove: updated value %s', safe_output(attr, entry_values))
+                else:
+                    entry[attr] = entry_values
+                    self.debug('remove: updated value %s', safe_output(
+                        attr, entry_values))
             elif action == 'add':
                 self.debug("add: '%s' to %s, current value %s", safe_output(attr, update_value), attr, safe_output(attr, entry_values))
                 # Remove it, ignoring errors so we can blindly add it later
-- 
cgit