Search code examples
soapactive-directoryspmldsml

How to compose SPML v2 'modify' request to delete object attribute

I need to maintain an Active Directory service via SPMLv2 SOAP requests to an Active Roles Server.

I'm trying to do something ostensibly simple: delete the telephoneNumber attribute from an object. I'd never heard of SPML before so I spent some time trying to understand the specification available on the list of OASIS open standards.

I've figured out how to do it if the value is known. For example, the payload below will delete the telephoneNumber attribute if it matches the value '12345', but not any other value.

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" 
    xmlns:urn="urn:oasis:names:tc:SPML:2:0">
<soapenv:Header/>
<soapenv:Body>
    <urn:modifyRequest xmlns:spml="urn:oasis:names:tc:SPML:2:0">
        <urn:psoID ID="CN=Some User,OU=User,OU=Accounts,DC=someorganisation,DC=org"/>
            <urn:modification>
                <modification name="telephoneNumber" operation="delete" xmlns="urn:oasis:names:tc:DSML:2:0:core">
                    <value>12345</value>
                </modification>
            </urn:modification>
        </urn:modifyRequest>
    </soapenv:Body>
</soapenv:Envelope>

What I can't figure out is how to do this for an unspecified value, i.e. I don't care what the value is before I delete it, I just want to delete it. I suspect this has something to do with the SelectionType and I just need to use a 'match anything' selector, but I'm having trouble understanding the specification.

Any ideas?

Edit: To add to the confusion, I see we're using the DSMLv2 namespace for the modification. I just pulled this from a sample on the Active Roles SPML service documentation so I don't know how/why it works. The SPML specification does mention DSML but doesn't give any context around its usage as far as I can tell. It could actually be a vendor specific implementation.

Solution

  • Figured out a solution/work-around to this problem.

    To delete the attribute without knowing its current value, you can simply include a 'replace' operation to first set some arbitrary value and include it in the same modify request as the 'delete' operation.

    <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" 
    xmlns:urn="urn:oasis:names:tc:SPML:2:0">
<soapenv:Header/>
<soapenv:Body>
    <urn:modifyRequest xmlns:spml="urn:oasis:names:tc:SPML:2:0">
        <urn:psoID ID="CN=Some User,OU=User,OU=Accounts,DC=someorganisation,DC=org"/>
            <urn:modification>
                <modification name="telephoneNumber" operation="replace" xmlns="urn:oasis:names:tc:DSML:2:0:core">
                    <value>deleteMe</value>
                </modification>
                <modification name="telephoneNumber" operation="delete" xmlns="urn:oasis:names:tc:DSML:2:0:core">
                    <value>deleteMe</value>
                </modification>
            </urn:modification>
        </urn:modifyRequest>
    </soapenv:Body>
</soapenv:Envelope>