From 3ca683cbaac727f5c45c6e4f9432783db28ef32a Mon Sep 17 00:00:00 2001
From: Quanah Gibson-Mount <quanah@openldap.org>
Date: Sat, 27 Jun 2009 20:00:32 +0000
Subject: [PATCH] ITS#6179

---
 CHANGES                     |  2 ++
 doc/man/man5/slapd.access.5 |  2 +-
 servers/slapd/aclparse.c    | 10 ----------
 3 files changed, 3 insertions(+), 11 deletions(-)

diff --git a/CHANGES b/CHANGES
index 0cce6634ac..feadc798f3 100644
--- a/CHANGES
+++ b/CHANGES
@@ -10,6 +10,7 @@ OpenLDAP 2.4.17 Engineering
 	Added slapd schema checking tool (ITS#6150)
 	Added slapd writetimeout keyword (ITS#5836)
 	Fixed slapd abandon/cancel handling for some ops (ITS#6157)
+	Fixed slapd access setstyle to expand (ITS#6179)
 	Fixed slapd assert with closing connections (ITS#6111)
 	Fixed slapd cancel behavior (ITS#6137)
 	Fixed slapd cert validation (ITS#6098)
@@ -64,6 +65,7 @@ OpenLDAP 2.4.17 Engineering
 		ldapwhoami(1) note -e option (ITS#6107)
 		ldap_result(3) Add RETURN VALUE heading (ITS#6180)
 		ldap.conf(5) improve sizelimit/timelimit limits (ITS#6127)
+		slapd.access(5) Fix <setstyle> to use expand (ITS#6179)
 		slapd.conf(5) pidfile/argsfile description fix (ITS#5975)
 		slapd-config(5) pidfile/argsfile description fix (ITS#5975)
 		slapo-constraint(5) clarify URI example (ITS#6118)
diff --git a/doc/man/man5/slapd.access.5 b/doc/man/man5/slapd.access.5
index 0844defd7a..a88cb9c285 100644
--- a/doc/man/man5/slapd.access.5
+++ b/doc/man/man5/slapd.access.5
@@ -310,7 +310,7 @@ with
 	<groupstyle>={exact|expand}
 	<peernamestyle>={<style>|ip|ipv6|path}
 	<domainstyle>={exact|regex|sub(tree)}
-	<setstyle>={exact|regex}
+	<setstyle>={exact|expand}
 	<modifier>={expand}
 	<name>=aci		<pattern>=<attrname>]
 .fi
diff --git a/servers/slapd/aclparse.c b/servers/slapd/aclparse.c
index 19db97fea0..3f0e381722 100644
--- a/servers/slapd/aclparse.c
+++ b/servers/slapd/aclparse.c
@@ -851,16 +851,6 @@ parse_acl(
 					}
 				}
 
-				/* expand in <who> needs regex in <what> */
-				if ( ( sty == ACL_STYLE_EXPAND || expand )
-						&& a->acl_dn_style != ACL_STYLE_REGEX )
-				{
-					Debug( LDAP_DEBUG_CONFIG | LDAP_DEBUG_ACL, "%s: line %d: \"expand\" style "
-						"or modifier used in conjunction with a non-regex <what> clause.\n",
-						fname, lineno, 0 );
-						goto fail;
-				}
-
 				if ( strncasecmp( left, "real", STRLENOF( "real" ) ) == 0 ) {
 					is_realdn = 1;
 					bdn = &b->a_realdn;
-- 
GitLab