Fix bugs editing LDIF format access control rules

ldap-server/CHANGELOG

@@ -7,3 +7,5 @@ The protocols served by the LDAP server, such as SSL and non-encrypted, can now
 Fixed a bug that prevented browsing of the LDAP database in SSL mode, thanks to Paul R. Ganci.
 ---- Changes since 1.470 ----
 Updated the module to support the new OpenLDAP LDIF-format configuration files, as seen on Ubuntu 8.10.
+---- Changes since 1.510 ----
+Fixed numerous bugs in editing the new LDIF-format access control rules.

ldap-server/acl_form.cgi

@@ -41,10 +41,14 @@ if ($p->{'what'} =~ /^dn(\.([^=]+))?="(.*)"$/i ||
     $p->{'what'} =~ /^dn(\.([^=]+))?=(.*)$/i) {
 	$dn = $3;
 	$style = $2;
+	if ($dn eq "") {
+		$what = 2;
+		}
 	}
 print &ui_table_row($text{'eacl_what'},
 	&ui_radio_table("what", $what,
 		[ [ 1, $text{'eacl_what1'} ],
+		  [ 2, $text{'eacl_what2'} ],
 		  [ 0, $text{'eacl_what0'},
 		    &ui_textbox("what_dn", $dn, 30)." ".
 		    $text{'eacl_mtype'}." ".
@@ -97,7 +101,6 @@ foreach $b (@{$p->{'by'}}, { }, { }, { }) {
 		&ui_textbox("control_$i", join(" ", @{$b->{'control'}}), 30,
 			    0, undef, "style='width:90%'"),
 		], \@tds);
-	# XXX http://www.openldap.org/faq/data/cache/452.html
 	$i++;
 	}
 $wtable .= &ui_columns_end();

ldap-server/acl_save.cgi

@@ -9,12 +9,24 @@ $access{'acl'} || &error($text{'acl_ecannot'});
 
 # Get the current rule
 &lock_slapd_files();
-$conf = &get_config();
-@access = &find("access", $conf);
+if (&get_config_type() == 1) {
+	$conf = &get_config();
+	@access = &find("access", $conf);
+	}
+else {
+	$defdb = &get_default_db();
+	$conf = &get_ldif_config();
+	@access = &find_ldif("olcAccess", $conf, $defdb);
+	}
+
+# Get the ACL object
 if (!$in{'new'}) {
 	$acl = $access[$in{'idx'}];
 	$p = &parse_ldap_access($acl);
 	}
+else {
+	$p = { };
+	}
 
 if ($in{'delete'}) {
 	# Just take out of access list
@@ -25,6 +37,11 @@ else {
 	if ($in{'what'} == 1) {
 		$p->{'what'} = '*';
 		}
+	elsif ($in{'what'} == 2) {
+		$p->{'what'} =
+			'dn'.($in{'what_style'} ? '.'.$in{'what_style'} : '').
+			'=""';
+		}
 	else {
 		$in{'what_dn'} =~ /^\S+=\S.*$/ || &error($text{'eacl_edn'});
 		$p->{'what'} =
@@ -83,8 +100,13 @@ else {
 	}
 
 # Write out access directives
-&save_directive($conf, "access", @access);
-&flush_file_lines($config{'config_file'});
+if (&get_config_type() == 1) {
+	&save_directive($conf, "access", @access);
+	}
+else {
+	&save_ldif_directive($conf, "olcAccess", $defdb, @access);
+	}
+&flush_file_lines();
 &unlock_slapd_files();
 
 # Log and return

ldap-server/lang/en

@@ -298,6 +298,7 @@ eacl_title2=Edit Access Control Rule
 eacl_header=LDAP database access control rule details
 eacl_what=Objects being granted
 eacl_what1=All objects
+eacl_what2=Objects with no DN
 eacl_what0=Object with DN
 eacl_mtype=match type
 eacl_regex=regular expression

ldap-server/ldap-server-lib.pl

@@ -269,7 +269,7 @@ foreach my $file (&recursive_find_ldif($config{'config_file'})) {
 			$dir->{'value'} = $value;
 			push(@rv, $dir);
 			}
-		elsif (/^(\s+\S.*)$/ && @rv) {
+		elsif (/^(\s+\S.*)$/ && @rv && $rv[$#rv]->{'file'} eq $file) {
 			# Continuation line
 			local $dir = $rv[$#rv];
 			$dir->{'value'} .= $1;
@@ -453,6 +453,7 @@ for(my $i=0; $i<@old || $i<@values; $i++) {
 			foreach my $c (@$conf) {
 				if ($c->{'line'} > $old[$i]->{'line'}) {
 					$c->{'line'} -= $oldlen - 1;
+					$c->{'eline'} -= $oldlen - 1;
 					}
 				}
 			}
@@ -465,6 +466,7 @@ for(my $i=0; $i<@old || $i<@values; $i++) {
 	        foreach my $c (@$conf) {
                         if ($c->{'line'} > $old[$i]->{'line'}) {
                                 $c->{'line'} -= $oldlen;
+                                $c->{'eline'} -= $oldlen;
                                 }
                         }
 		}