- if( ! be_isroot( be, op->o_ndn ) ) {
- Debug( LDAP_DEBUG_TRACE,
- "<=- bdb_delete: no parent and not root\n",
- 0, 0, 0);
- rc = LDAP_INSUFFICIENT_ACCESS;
- goto return_results;
+ if( ! be_isroot( be, &op->o_ndn ) ) {
+ if ( be_issuffix( be, (struct berval *)&slap_empty_bv )
+ || be_isupdate( be, &op->o_ndn ) ) {
+ p = (Entry *)&slap_entry_root;
+
+ /* check parent for "children" acl */
+ rc = access_allowed( be, conn, op, p,
+ children, NULL, ACL_WRITE, NULL );
+ p = NULL;
+
+ switch( opinfo.boi_err ) {
+ case DB_LOCK_DEADLOCK:
+ case DB_LOCK_NOTGRANTED:
+ goto retry;
+ }
+
+ if ( !rc ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "<=- bdb_delete: no access "
+ "to parent\n", 0, 0, 0 );
+ rc = LDAP_INSUFFICIENT_ACCESS;
+ goto return_results;
+ }
+
+ } else {
+ Debug( LDAP_DEBUG_TRACE,
+ "<=- bdb_delete: no parent "
+ "and not root\n", 0, 0, 0);
+ rc = LDAP_INSUFFICIENT_ACCESS;
+ goto return_results;
+ }