From eb6a2353923e5aa04f5a35116179f8dc42cadd29 Mon Sep 17 00:00:00 2001
From: Mark Reynolds <mreynolds@redhat.com>
Date: Nov 12 2014 20:05:20 +0000
Subject: Ticket 47953 - Should not check aci syntax when deleting an aci


Bug Description:  Trying to delete an aci that has an invalid sytenx, generates a
                  syntax error when trying to remove it.

Fix Description:  Do not check the syntax of an aci if it's being deleted.

https://fedorahosted.org/389/ticket/47953

Reviewed by: ?

(cherry picked from commit 3ce60db0a404b4663df6005b78027332d0e56f95)

---

diff --git a/ldap/servers/plugins/acl/acl.c b/ldap/servers/plugins/acl/acl.c
index 9da6d95..37299ed 100644
--- a/ldap/servers/plugins/acl/acl.c
+++ b/ldap/servers/plugins/acl/acl.c
@@ -1492,11 +1492,12 @@ acl_check_mods(
 
 				/* Are we adding/replacing a aci attribute
 				** value. In that case, we need to make
-				** sure that the new value has thr right 
+				** sure that the new value has the right
 				** syntax
 				*/
-				if (strcmp(mod->mod_type, 
-					aci_attr_type) == 0) {
+				if (!SLAPI_IS_MOD_DELETE(mod->mod_op) &&
+				    strcmp(mod->mod_type, aci_attr_type) == 0)
+				{
 					if ( 0 != (rv = acl_verify_syntax(pb, e_sdn,
 						mod->mod_bvalues[i], errbuf))) {
 						aclutil_print_err(rv, e_sdn,