Bug 612264 - ACI issue with (targetattr='userPassword')
If an ACI has a targetattr of userPassword and uses the USERDN
keyword, the ACI may not be evaluated correctly for password
change operations. This is caused by the fact that we use a
dummy target entry to check if the pasword change is allowed early
in the operation. This dummy entry will not have any attributes
that the ACI may use.
The fix is to actually fetch the target entry with all of it's
attributes. We still create a dummy entry if the target doesn't
exist to prevent returning a no such entry error when we should be
returning an access denied or insufficient access error.