Normalize group oc/member values per attribute syntax (hopefully DN), not CIS

CHANGES

@@ -9,6 +9,7 @@ Changes included in OpenLDAP 1.2.11 Release Engineering
 	Fixed strdup use in libldap/request.c
 	Fixed NULL prefix bug in libldap/ufn.c
 	Fixed slapd_shutdown extern reference bug (ITS#527)
+	Fixed ACL groups member matching
 	Raise MAXDBCACHE to 128 (ITS#512)
 	Build Environment
 		Detect and use getpassphrase() and getpass()

servers/slapd/back-ldbm/group.c

@@ -96,12 +96,12 @@ ldbm_back_group(
             bvMembers.bv_val = op_ndn;
             bvMembers.bv_len = strlen( op_ndn );         
 
-            if (value_find(objectClass->a_vals, &bvObjectClass, SYNTAX_CIS, 1) != 0) {
+            if (value_find(objectClass->a_vals, &bvObjectClass, objectClass->a_syntax, 1) != 0) {
                 Debug( LDAP_DEBUG_TRACE,
 					"<= ldbm_back_group: failed to find %s in objectClass\n", 
                         objectclassValue, 0, 0 ); 
             }
-            else if (value_find(member->a_vals, &bvMembers, SYNTAX_CIS, 1) != 0) {
+            else if (value_find(member->a_vals, &bvMembers, member->a_syntax, 1) != 0) {
                 Debug( LDAP_DEBUG_ACL,
 					"<= ldbm_back_group: \"%s\" not in \"%s\": %s\n", 
 					op_ndn, gr_ndn, groupattrName );