From f7994da1531c186a5e09f6404a930dce601389e4 Mon Sep 17 00:00:00 2001
From: Pierangelo Masarati <ando@openldap.org>
Date: Thu, 5 Jan 2006 21:38:31 +0000
Subject: [PATCH] fix ITS#4307

---
 servers/slapd/aclparse.c | 65 +++++++++++++++++++++-------------------
 1 file changed, 35 insertions(+), 30 deletions(-)

diff --git a/servers/slapd/aclparse.c b/servers/slapd/aclparse.c
index bd6b346d84..1306290998 100644
--- a/servers/slapd/aclparse.c
+++ b/servers/slapd/aclparse.c
@@ -1983,44 +1983,49 @@ parse_acl(
 		}
 
 		if ( be != NULL ) {
-			if ( !BER_BVISNULL( &be->be_nsuffix[ 1 ] ) ) {
+			if ( be->be_nsuffix == NULL ) {
 				Debug( LDAP_DEBUG_ACL, "%s: line %d: warning: "
-					"scope checking only applies to single-valued "
-					"suffix databases\n",
+					"scope checking needs suffix before ACLs.\n",
 					fname, lineno, 0 );
 				/* go ahead, since checking is not authoritative */
-			}
-
-			switch ( check_scope( be, a ) ) {
-			case ACL_SCOPE_UNKNOWN:
-				Debug( LDAP_DEBUG_ACL, "%s: line %d: warning: "
-					"cannot assess the validity of the ACL scope within "
-					"backend naming context\n",
-					fname, lineno, 0 );
-				break;
-
-			case ACL_SCOPE_WARN:
+			} else if ( !BER_BVISNULL( &be->be_nsuffix[ 1 ] ) ) {
 				Debug( LDAP_DEBUG_ACL, "%s: line %d: warning: "
-					"ACL could be out of scope within backend naming context\n",
+					"scope checking only applies to single-valued "
+					"suffix databases\n",
 					fname, lineno, 0 );
-				break;
+				/* go ahead, since checking is not authoritative */
+			} else {
+				switch ( check_scope( be, a ) ) {
+				case ACL_SCOPE_UNKNOWN:
+					Debug( LDAP_DEBUG_ACL, "%s: line %d: warning: "
+						"cannot assess the validity of the ACL scope within "
+						"backend naming context\n",
+						fname, lineno, 0 );
+					break;
 
-			case ACL_SCOPE_PARTIAL:
-				Debug( LDAP_DEBUG_ACL, "%s: line %d: warning: "
-					"ACL appears to be partially out of scope within "
-					"backend naming context\n",
-					fname, lineno, 0 );
-				break;
+				case ACL_SCOPE_WARN:
+					Debug( LDAP_DEBUG_ACL, "%s: line %d: warning: "
+						"ACL could be out of scope within backend naming context\n",
+						fname, lineno, 0 );
+					break;
 
-			case ACL_SCOPE_ERR:
-				Debug( LDAP_DEBUG_ACL, "%s: line %d: warning: "
-					"ACL appears to be out of scope within "
-					"backend naming context\n",
-					fname, lineno, 0 );
-				break;
+				case ACL_SCOPE_PARTIAL:
+					Debug( LDAP_DEBUG_ACL, "%s: line %d: warning: "
+						"ACL appears to be partially out of scope within "
+						"backend naming context\n",
+						fname, lineno, 0 );
+					break;
+	
+				case ACL_SCOPE_ERR:
+					Debug( LDAP_DEBUG_ACL, "%s: line %d: warning: "
+						"ACL appears to be out of scope within "
+						"backend naming context\n",
+						fname, lineno, 0 );
+					break;
 
-			default:
-				break;
+				default:
+					break;
+				}
 			}
 			acl_append( &be->be_acl, a, pos );
 
-- 
2.39.5