Ticket #48344 - acl - regression - trailing ', (comma)' in macro matched value is not removed.

Description: acl_match_macro_in_target in acl plug-in returns matched value
with a trailing comma, e.g., "o=kaki.com,". It's used to create a group DN,
e.g., "cn=Domain Administrators,ou=Groups,o=kaki.como=ace industry,c=us".

Due to the duplicated commas, the bind unexpectedly fails with 50 (insufficient
access).

In getting the matched value from target DN, it checks if a character at the
end position is a comma or not.  If it is, '\0' is set there.  The position
was one byte ahead.  It was introduced by #48141 - aci with wildcard and macro
not correctly evaluated.

https://fedorahosted.org/389/ticket/48344

Reviewed by [email protected] (Thank you, Mark!!)

ldap/servers/plugins/acl/aclutil.c

@@ -935,7 +935,7 @@ acl_match_macro_in_target( const char *ndn, char * match_this,
 
 					matched_val_len = ndn_len-macro_suffix_len-
 										ndn_prefix_end;
-					if (ndn[ndn_len - macro_suffix_len] == ',')
+					if (ndn[ndn_len - macro_suffix_len - 1] == ',')
 						matched_val_len -= 1;
 					
 					matched_val = (char *)slapi_ch_malloc(matched_val_len + 1);