+ if ( !be_isroot( be, &op->o_ndn )) {
+ if ( be_issuffix( be, (struct berval *)&slap_empty_bv )
+ || be_isupdate( be, &op->o_ndn ) ) {
+ p = (Entry *)&slap_entry_root;
+
+ /* check parent for "children" acl */
+ rc = access_allowed( be, conn, op, p,
+ children, NULL, ACL_WRITE, NULL );
+ p = NULL;
+
+ switch( opinfo.boi_err ) {
+ case DB_LOCK_DEADLOCK:
+ case DB_LOCK_NOTGRANTED:
+ goto retry;
+ }
+
+ if ( ! rc ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG (( "add", LDAP_LEVEL_DETAIL1, "bdb_add: no write access to parent\n" ));
+#else
+ Debug( LDAP_DEBUG_TRACE,
+ "bdb_add: no write access to parent\n",
+ 0, 0, 0 );
+#endif
+ rc = LDAP_INSUFFICIENT_ACCESS;
+ text = "no write access to parent";
+ goto return_results;;
+ }
+
+ } else {
+#ifdef NEW_LOGGING
+ LDAP_LOG (( "add", LDAP_LEVEL_DETAIL1, "bdb_add: %s denied\n", pdn.bv_len == 0 ? "suffix" : "entry at root" ));
+#else
+ Debug( LDAP_DEBUG_TRACE, "bdb_add: %s denied\n",
+ pdn.bv_len == 0 ? "suffix" : "entry at root",
+ 0, 0 );
+#endif
+ rc = LDAP_INSUFFICIENT_ACCESS;
+ goto return_results;
+ }
+ }
+
+#ifdef BDB_SUBENTRIES
+ if( subentry ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG (( "add", LDAP_LEVEL_DETAIL1, "bdb_add: no parent, cannot add subentry\n" ));
+#else
+ Debug( LDAP_DEBUG_TRACE,
+ "bdb_add: no parent, cannot add subentry\n",
+ 0, 0, 0 );
+#endif