https://bugzilla.redhat.com/show_bug.cgi?id=664563
https://bugzilla.redhat.com/attachment.cgi?id=470351&action=diff
https://bugzilla.redhat.com/attachment.cgi?id=470351&action=edit
Description: To get the effective rights of non-present entry,
GER code takes @<objectclass> as a part of an attribute list
in the search. The code was generating the temporary, non-
present entry with the leaf RDN "cn=<value>". Instead of "cn",
an attribute type belonging to the objectclass whould be used.
This patch changes to allow either @<objectclass> or
@<objectclass>:<dntype>. If @<objectclass> is given, the first
MUST attribute type (or the first MAY attribute type if MUST
does not exist) is used for the attribyte type in the leaf RDN.
If @<objectclass>:<dntype> is given,<dntype> is used.
Plus, acl_check_for_target_macro in aclparse.c now checks an
invalid macro syntax [($dn)] and returns a syntax error.