+ Debug( LDAP_DEBUG_ACL, "=> dn: [%d] %s\n",
+ *count, a->acl_dn_pat, 0 );
+
+ patlen = strlen( a->acl_dn_pat );
+ if ( dnlen < patlen )
+ continue;
+
+ if ( a->acl_dn_style == ACL_STYLE_BASE ) {
+ /* base dn -- entire object DN must match */
+ if ( dnlen != patlen )
+ continue;
+
+ } else if ( a->acl_dn_style == ACL_STYLE_ONE ) {
+ char *rdn;
+ int rdnlen = -1;
+
+ if ( dnlen <= patlen )
+ continue;
+
+ if ( e->e_ndn[dnlen - patlen - 1] != ',' )
+ continue;
+
+ rdn = dn_rdn( NULL, e->e_ndn );
+ if ( rdn != NULL ) {
+ rdnlen = strlen( rdn );
+ ch_free( rdn );
+ }
+ if ( rdnlen != dnlen - patlen - 1 )
+ continue;
+
+ } else if ( a->acl_dn_style == ACL_STYLE_SUBTREE ) {
+ if ( dnlen > patlen && e->e_ndn[dnlen - patlen - 1] != ',' )
+ continue;
+
+ } else if ( a->acl_dn_style == ACL_STYLE_CHILDREN ) {
+ if ( dnlen <= patlen )
+ continue;
+ if ( e->e_ndn[dnlen - patlen - 1] != ',' )
+ continue;
+ }
+
+ if ( strcmp( a->acl_dn_pat, e->e_ndn + dnlen - patlen ) != 0 )
+ continue;