+ if ( !be_isroot( op->o_bd, &op->o_ndn )) {
+ if ( be_issuffix( op->o_bd, (struct berval *)&slap_empty_bv )
+ || be_isupdate( op->o_bd, &op->o_ndn ) )
+ {
+ p = (Entry *)&slap_entry_root;
+
+ /* check parent for "children" acl */
+ rs->sr_err = access_allowed( op, p,
+ children, NULL, ACL_WRITE, NULL );
+
+ p = NULL;
+
+ if ( ! rs->sr_err ) {
+ switch( opinfo.boi_err ) {
+ case DB_LOCK_DEADLOCK:
+ case DB_LOCK_NOTGRANTED:
+ goto retry;
+ }
+
+#ifdef NEW_LOGGING
+ LDAP_LOG ( OPERATION, DETAIL1,
+ "bdb_add: no write access to parent\n", 0, 0, 0 );
+#else
+ Debug( LDAP_DEBUG_TRACE,
+ "bdb_add: no write access to parent\n",
+ 0, 0, 0 );
+#endif
+ rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
+ rs->sr_text = "no write access to parent";
+ goto return_results;;
+ }
+
+ } else {
+#ifdef NEW_LOGGING
+ LDAP_LOG ( OPERATION, DETAIL1, "bdb_add: %s denied\n",
+ pdn.bv_len == 0 ? "suffix" : "entry at root", 0, 0 );
+#else
+ Debug( LDAP_DEBUG_TRACE, "bdb_add: %s denied\n",
+ pdn.bv_len == 0 ? "suffix" : "entry at root",
+ 0, 0 );
+#endif
+ rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
+ goto return_results;
+ }
+ }
+
+#ifdef BDB_SUBENTRIES
+ if( subentry ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG ( OPERATION, DETAIL1,
+ "bdb_add: no parent, cannot add subentry\n", 0, 0, 0 );
+#else
+ Debug( LDAP_DEBUG_TRACE,
+ "bdb_add: no parent, cannot add subentry\n",
+ 0, 0, 0 );
+#endif
+ rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
+ rs->sr_text = "no parent, cannot add subentry";
+ goto return_results;;