From ec23decad24df161406b7bedf2a2e482054166cf Mon Sep 17 00:00:00 2001
From: Franciszek Klajn <fklajn@opera.com>
Date: Fri, 7 Sep 2018 15:48:24 +0200
Subject: [PATCH 1/2] Fix setting ACL if they had been set before

---
 lib/puppet/provider/openldap_access/olc.rb | 20 ++++++++++++++++++--
 1 file changed, 18 insertions(+), 2 deletions(-)

diff --git a/lib/puppet/provider/openldap_access/olc.rb b/lib/puppet/provider/openldap_access/olc.rb
index 380bd5d5..171f9047 100644
--- a/lib/puppet/provider/openldap_access/olc.rb
+++ b/lib/puppet/provider/openldap_access/olc.rb
@@ -57,7 +57,7 @@ def self.prefetch(resources)
       if provider = accesses.find{ |access|
         if resources[name][:position]
           access.suffix == resources[name][:suffix] &&
-          access.position == resources[name][:position]
+          access.position == resources[name][:position].to_s
         else
           access.suffix == resources[name][:suffix] &&
           access.access.flatten == resources[name][:access].flatten &&
@@ -105,7 +105,23 @@ def self.getDn(suffix)
   def getDn(*args); self.class.getDn(*args); end
 
   def exists?
-    @property_hash[:ensure] == :present
+    if resource[:position]
+      access = {
+        :suffix   => resource[:suffix],
+        :position => resource[:position].to_s
+      }
+    else
+      access = {
+        :suffix => resource[:suffix],
+        :access => resource[:access].flatten,
+        :what   => resource[:what]
+      }
+    end
+    accesses = self.class.instances.map { |acc|
+      acc_hash = acc.instance_variable_get(:@property_hash)
+      acc_hash.select { |k,v| access.key?(k) }
+    }
+    accesses.include?(access)
   end
 
   def create

From 537fa9db1a83f22fcd4398cc7e95dcfd4cc6cfa2 Mon Sep 17 00:00:00 2001
From: Franciszek Klajn <fklajn@opera.com>
Date: Mon, 10 Sep 2018 10:59:11 +0200
Subject: [PATCH 2/2] Add acceptance test for fixed code

---
 spec/acceptance/openldap__server__access_spec.rb | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/spec/acceptance/openldap__server__access_spec.rb b/spec/acceptance/openldap__server__access_spec.rb
index 7d06949b..54bd4f12 100644
--- a/spec/acceptance/openldap__server__access_spec.rb
+++ b/spec/acceptance/openldap__server__access_spec.rb
@@ -35,6 +35,16 @@ class { 'openldap::server': }
           suffix  => 'dc=example,dc=com',
           require => Openldap::Server::Database['dc=example,dc=com'],
         }
+        ::openldap::server::access { 'root':
+          what    => '*',
+          access  => [
+            'by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage',
+            'by * break'
+          ],
+          suffix  => 'dc=example,dc=com',
+          position => 0,
+          require => Openldap::Server::Database['dc=example,dc=com'],
+        }
       EOS
 
       apply_manifest(pp, :catch_failures => true)