Bug Description: Differences in DN string representations between
the value included in certmap.conf, and the stringified value of the
Issuer DN produced by NSS, as well as buggy DN normalisation code in
389 itself, cause 389 to wrongly reject the correct certmap
configuration to use.  Authentication fails.  This behaviour was
observed when there is an escaped comma in an attribute value.

Fix Description: Instead of comparing stringified DNs, parse the DN
represented in certmap.conf into an NSS CertNAME.  Use the NSS DN
comparison routine when comparing certificate Issuer DNs against the
certmap configurations.  Remove the buggy DN normalisation routine.

https://pagure.io/389-ds-base/issue/49543

Author: Fraser Tweedale <ftweedal@redhat.com>

Review by: ???