permission-find missed some results with --pkey-only option

When permission-find post callback detected a --pkey-only option,
it just terminated. However, this way the results that could have
been added from aci_find matches were not included.

Fix the post callback to go through the entire matching process.
Also make sure that DNS permissions have a correct objectclass
(ipapermission), otherwise such objects are not matched by the
permission LDAP search.

https://fedorahosted.org/freeipa/ticket/2658

install/updates/40-dns.update

@@ -1,17 +1,23 @@
 # Add missing member values to attach permissions to their respective
 # privileges and run a memberOf task.
 dn: cn=add dns entries,cn=permissions,cn=pbac,$SUFFIX
+addifexist:objectclass: ipapermission
 addifexist:member: 'cn=DNS Administrators,cn=privileges,cn=pbac,$SUFFIX'
 addifexist:member: 'cn=DNS Servers,cn=privileges,cn=pbac,$SUFFIX'
 
 dn: cn=remove dns entries,cn=permissions,cn=pbac,$SUFFIX
+addifexist:objectclass: ipapermission
 addifexist:member: 'cn=DNS Administrators,cn=privileges,cn=pbac,$SUFFIX'
 addifexist:member: 'cn=DNS Servers,cn=privileges,cn=pbac,$SUFFIX'
 
 dn: cn=update dns entries,cn=permissions,cn=pbac,$SUFFIX
+addifexist:objectclass: ipapermission
 addifexist:member: 'cn=DNS Administrators,cn=privileges,cn=pbac,$SUFFIX'
 addifexist:member: 'cn=DNS Servers,cn=privileges,cn=pbac,$SUFFIX'
 
+dn: cn=Write DNS Configuration,cn=permissions,cn=pbac,$SUFFIX
+addifexist:objectclass: ipapermission
+
 dn: cn=Update PBAC memberOf $TIME, cn=memberof task, cn=tasks, cn=config
 add: objectClass: top
 add: objectClass: extensibleObject