(ITS#6753) Compare operation broken with attribute inheritance

[h.b.furuseth@usit.uio.no]

Full_Name: Hallvard B Furuseth
Version: HEAD
OS: Linux
URL: 
Submission from: (NULL) (193.157.200.213)
Submitted by: hallvard


back-bdb, back-monitor: If attr A is ACL-protected and inherits from B,
one can still check its value with ldapcompare ... 'B:value'.

back-config: Compare doesn't seem to support attribute inheritance.

root DSE, cn=subschema: Inheritance works correctly.

######## acl.conf
include servers/slapd/schema/core.schema
rootdse root.ldif
access  to attrs=st,cn  by * none
access  to *            by * read

database        bdb
suffix          o=foo
directory       acl.dir
dbconfig        set_flags DB_LOG_AUTOREMOVE

database        monitor

database        config
access  to *    by * read

######## root.ldif
dn:
objectClass: extensibleObject
st: hidden

######## slapadd: acl.ldif
dn: o=foo
objectClass: organization
st: hidden

######## Results.  cn=config should get TRUE, others UNDEFINED.
ldapcompare -x cn=config  name:config  -> UNDEFINED, No such attribute (16)
ldapcompare -x cn=config    cn:config  -> TRUE

ldapcompare -x o=foo      name:hidden  -> TRUE
ldapcompare -x o=foo        st:hidden  -> UNDEFINED, Insufficient access (50)

ldapcompare -x cn=monitor name:monitor -> TRUE
ldapcompare -x cn=monitor   cn:monitor -> UNDEFINED, Insufficient access (50)

ldapcompare -x ''         name:hidden  -> UNDEFINED, Insufficient access (50)
ldapcompare -x ''           cn:hidden  -> UNDEFINED, Insufficient access (50)

ldapcompare -x cn=subschema   cn:subschema ->UNDEFINED,Insufficient access (50)
ldapcompare -x cn=subschema name:subschema ->UNDEFINED,Insufficient access (50)