https://bugzilla.redhat.com/show_bug.cgi?id=664563 https://bugzilla.redhat.com/attachment.cgi?id=470351&action=diff https://bugzilla.redhat.com/attachment.cgi?id=470351&action=edit Description: To get the effective rights of non-present entry, GER code takes @<objectclass> as a part of an attribute list in the search. The code was generating the temporary, non- present entry with the leaf RDN "cn=<value>". Instead of "cn", an attribute type belonging to the objectclass whould be used. This patch changes to allow either @<objectclass> or @<objectclass>:<dntype>. If @<objectclass> is given, the first MUST attribute type (or the first MAY attribute type if MUST does not exist) is used for the attribyte type in the leaf RDN. If @<objectclass>:<dntype> is given,<dntype> is used. Plus, acl_check_for_target_macro in aclparse.c now checks an invalid macro syntax [($dn)] and returns a syntax error. -- 389-devel mailing list 389-devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-devel
