Thanks to nkinder@redhat.com for his reviews and comments.  Following his
findings, these bugs were fixed.
1) If nsslapd-dn-validate-strict is set, check the incoming DNs and reject them
if they are not valid.  Once approved, the DNs are normalized.
2) Function in the acl plugin acllas__client_match_URL was calling
slapi_dn_normalize_ext against URL (not DN), which was not a correct usage of
the API.  Now, the strict DN part is passed to the API.
3) Fixed typos in the acl plugin.

https://bugzilla.redhat.com/attachment.cgi?id=409036&action=diff

https://bugzilla.redhat.com/attachment.cgi?id=409036&action=edit

Thanks,
--noriko

Background info:
http://directory.fedoraproject.org/wiki/Upgrade_to_New_DN_Format

Fix Description:
. adding slapi_dn_normalize_ext and its siblings to normalize/validate
  invalid DNs; deprecating slapi_dn_normalize and its siblings. (dn.c)
. replacing slapi_dn_normalize with new corresponding functions.
. normalizing hardcoded DNs (e.g., removing spaces around ',')
. setting correct DN syntax to nsslapd-suffix, nsslapd-ldapiautodnsuffix,
  costemplatedn, nsslapd-changelogsuffix, nsBaseDN, nsBindDN

Related bugs:
Bug 199923 - subtree search fails to find items under a db containing special
             characters
Bug 567968 - subtree/user level password policy created using 389-ds-console
             doesn't work.
Bug 570107 - The import of LDIFs with base-64 encoded DNs fails, modrdn with
             non-ASCII new rdn incorrect
Bug 570962 - ns-inactivate.pl does not work
Bug 572785 - DN syntax: old style of DN <type>="<DN>",<the_rest> is not
             correctly normalized
Bug 573060 - DN normalizer: ESC HEX HEX is not normalized
Bug 574167 - An escaped space at the end of the RDN value is not handled
             correctly