- if( ! be_isroot( be, op->o_ndn ) ) {
- Debug( LDAP_DEBUG_TRACE, "no parent & not root\n",
- 0, 0, 0);
- send_ldap_result( conn, op, LDAP_INSUFFICIENT_ACCESS,
- "", "");
- goto return_results;
- }
+ if( ! be_isroot( be, &op->o_ndn ) ) {
+ if ( be_issuffix( be, (struct berval *)&slap_empty_bv ) || be_isupdate( be, &op->o_ndn ) ) {
+ p = (Entry *)&slap_entry_root;
+
+ rc = access_allowed( be, conn, op, p,
+ children, NULL, ACL_WRITE, NULL );
+ p = NULL;
+
+ /* check parent for "children" acl */
+ if ( ! rc ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG( BACK_LDBM, ERR,
+ "ldbm_back_delete: no access "
+ "to parent of ("")\n", 0, 0, 0 );
+#else
+ Debug( LDAP_DEBUG_TRACE,
+ "<=- ldbm_back_delete: no "
+ "access to parent\n", 0, 0, 0 );
+#endif