ITS#4744 authzTo/authzFrom patterns are supposed to allow multiple targets.

Partially revert rev 1.126.

servers/slapd/saslauthz.c

@@ -1623,26 +1623,14 @@ static int sasl_sc_smatch( Operation *o, SlapReply *rs )
 {
 	smatch_info *sm = o->o_callback->sc_private;
 
-	if ( rs->sr_type != REP_SEARCH ) {
-		if ( rs->sr_err != LDAP_SUCCESS ) {
-			sm->match = -1;
-		}
-		return 0;
-	}
-
-	if ( sm->match == 1 ) {
-		sm->match = -1;
-		return 0;
-	}
+	if (rs->sr_type != REP_SEARCH) return 0;
 
 	if (dn_match(sm->dn, &rs->sr_entry->e_nname)) {
 		sm->match = 1;
-
-	} else {
-		sm->match = -1;
+		return -1;	/* short-circuit the search */
 	}
 
-	return 0;
+	return 1;
 }
 
 int
@@ -1859,7 +1847,7 @@ exact_match:
 
 	op.o_bd->be_search( &op, &rs );
 
-	if (sm.match == 1) {
+	if (sm.match) {
 		rc = LDAP_SUCCESS;
 	} else {
 		rc = LDAP_INAPPROPRIATE_AUTH;