Prepare for Set ACLs and ACIs.

servers/slapd/aclparse.c

@@ -279,7 +279,7 @@ parse_acl(
 				{
 					sty = ACL_STYLE_REGEX;
 				} else if ( strcasecmp( style, "exact" ) == 0 ) {
-					sty = ACL_STYLE_BASE;
+					sty = ACL_STYLE_EXACT;
 				} else if ( strcasecmp( style, "base" ) == 0 ) {
 					sty = ACL_STYLE_BASE;
 				} else if ( strcasecmp( style, "one" ) == 0 ) {
@@ -607,6 +607,27 @@ parse_acl(
 					continue;
 				}
 
+				if ( strcasecmp( left, "set" ) == 0 ) {
+					if( b->a_set_pat != NULL ) {
+						fprintf( stderr,
+							"%s: line %d: set attribute already specified.\n",
+							fname, lineno );
+						acl_usage();
+					}
+
+					if ( right == NULL || *right == '\0' ) {
+						fprintf( stderr,
+							"%s: line %d: no set is defined\n",
+							fname, lineno );
+						acl_usage();
+					}
+
+					b->a_set_style = sty;
+					b->a_set_pat = ch_strdup(right);
+
+					continue;
+				}
+
 #ifdef SLAPD_ACI_ENABLED
 				if ( strcasecmp( left, "aci" ) == 0 ) {
 					if( b->a_aci_at != NULL ) {

servers/slapd/slap.h

@@ -104,6 +104,9 @@ LDAP_BEGIN_DECL
 #define SLAPD_ACI_SYNTAX		"1.3.6.1.4.1.4203.666.2.1"
 #define SLAPD_ACI_ATTR			"OpenLDAPaci"
 
+/* change this to "OpenLDAPset" */
+#define SLAPD_ACI_SET_ATTR		"template"
+
 #define SLAPD_TOP_OID			"2.5.6.0"
 
 LDAP_SLAPD_F (int) slap_debug;
@@ -593,7 +596,11 @@ typedef enum slap_style_e {
 	ACL_STYLE_BASE,
 	ACL_STYLE_ONE,
 	ACL_STYLE_SUBTREE,
-	ACL_STYLE_CHILDREN
+	ACL_STYLE_CHILDREN,
+	ACL_STYLE_ATTROF,
+
+	/* alternate names */
+	ACL_STYLE_EXACT = ACL_STYLE_BASE
 } slap_style_t;
 
 typedef unsigned long slap_access_mask_t;
@@ -675,6 +682,8 @@ typedef struct slap_access {
 	char		*a_domain_pat;
 	slap_style_t a_sockurl_style;
 	char		*a_sockurl_pat;
+	slap_style_t a_set_style;
+	char		*a_set_pat;
 
 #ifdef SLAPD_ACI_ENABLED
 	AttributeDescription	*a_aci_at;