From bbd082e7929010545deb5ce59e370ebe934aa23e Mon Sep 17 00:00:00 2001
From: Joe Guo <joeg@catalyst.net.nz>
Date: Mon, 29 Oct 2018 17:28:56 +1300
Subject: [PATCH] netcmd/ldapcmp: avoid modifying data while looping on dict

Just define another dict for return value, seems no need to modify
original dict.

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---
 python/samba/netcmd/ldapcmp.py | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/python/samba/netcmd/ldapcmp.py b/python/samba/netcmd/ldapcmp.py
index 338dc049fd2..69aab8b779f 100644
--- a/python/samba/netcmd/ldapcmp.py
+++ b/python/samba/netcmd/ldapcmp.py
@@ -208,13 +208,15 @@ class LDAPBase(object):
         res = dict(res[0])
         # 'Dn' element is not iterable and we have it as 'distinguishedName'
         del res["dn"]
-        for key in list(res.keys()):
-            vals = list(res[key])
-            del res[key]
+
+        attributes = {}
+        for key, vals in res.items():
             name = self.get_attribute_name(key)
-            res[name] = self.get_attribute_values(object_dn, key, vals)
+            # sort vals and return a list, help to compare
+            vals = sorted(vals)
+            attributes[name] = self.get_attribute_values(object_dn, key, vals)
 
-        return res
+        return attributes
 
     def get_descriptor_sddl(self, object_dn):
         res = self.ldb.search(base=object_dn, scope=SCOPE_BASE, attrs=["nTSecurityDescriptor"])
-- 
2.34.1