+ if ( op->oq_modrdn.rs_newSup != NULL ) {
+ /* newSuperior == entry being moved?, if so ==> ERROR */
+ /* Get Entry with dn=newSuperior. Does newSuperior exist? */
+
+ if ( op->oq_modrdn.rs_nnewSup->bv_len ) {
+ if( (np = dn2entry_w( op->o_bd, np_ndn, NULL )) == NULL) {
+#ifdef NEW_LOGGING
+ LDAP_LOG( BACK_LDBM, ERR,
+ "ldbm_back_modrdn: newSup(ndn=%s) not found.\n",
+ np_ndn->bv_val, 0, 0 );
+#else
+ Debug( LDAP_DEBUG_TRACE,
+ "ldbm_back_modrdn: newSup(ndn=%s) not here!\n",
+ np_ndn->bv_val, 0, 0);
+#endif
+
+ send_ldap_error( op, rs, LDAP_OTHER,
+ "newSuperior not found" );
+ goto return_results;
+ }
+
+#ifdef NEW_LOGGING
+ LDAP_LOG( BACK_LDBM, DETAIL1,
+ "ldbm_back_modrdn: wr to new parent OK np=%p, id=%ld\n",
+ np, np->e_id, 0 );
+#else
+ Debug( LDAP_DEBUG_TRACE,
+ "ldbm_back_modrdn: wr to new parent OK np=%p, id=%ld\n",
+ np, np->e_id, 0 );
+#endif
+
+ /* check newSuperior for "children" acl */
+ if ( !access_allowed( op, np, children, NULL,
+ ACL_WRITE, NULL ) )
+ {
+#ifdef NEW_LOGGING
+ LDAP_LOG( BACK_LDBM, INFO,
+ "ldbm_back_modrdn: no wr to newSup children.\n", 0, 0, 0 );
+#else
+ Debug( LDAP_DEBUG_TRACE,
+ "ldbm_back_modrdn: no wr to newSup children\n",
+ 0, 0, 0 );
+#endif
+
+ send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS, NULL );
+ goto return_results;
+ }
+
+ if ( is_entry_alias( np ) ) {
+ /* parent is an alias, don't allow add */
+#ifdef NEW_LOGGING
+ LDAP_LOG( BACK_LDBM, INFO,
+ "ldbm_back_modrdn: entry (%s) is an alias.\n", np->e_dn,0,0);
+#else
+ Debug( LDAP_DEBUG_TRACE, "entry is alias\n", 0, 0, 0 );
+#endif
+
+
+ send_ldap_error( op, rs, LDAP_ALIAS_PROBLEM,
+ "newSuperior is an alias" );
+
+ goto return_results;
+ }
+
+ if ( is_entry_referral( np ) ) {
+ /* parent is a referral, don't allow add */
+#ifdef NEW_LOGGING
+ LDAP_LOG( BACK_LDBM, INFO,
+ "ldbm_back_modrdn: entry (%s) is a referral\n",
+ np->e_dn, 0, 0 );
+#else
+ Debug( LDAP_DEBUG_TRACE, "entry (%s) is referral\n",
+ np->e_dn, 0, 0 );
+#endif
+
+ send_ldap_error( op, rs, LDAP_OTHER,
+ "newSuperior is a referral" );
+
+ goto return_results;
+ }
+
+ } else {
+
+ /* no parent, must be root to modify newSuperior */
+ if ( isroot == -1 ) {
+ isroot = be_isroot( op->o_bd, &op->o_ndn );
+ }
+
+ if ( ! isroot ) {
+ if ( be_issuffix( op->o_bd, (struct berval *)&slap_empty_bv ) || be_isupdate( op->o_bd, &op->o_ndn ) ) {
+ int can_access;
+ np = (Entry *)&slap_entry_root;
+
+ can_access = access_allowed( op, np,
+ children, NULL, ACL_WRITE, NULL );
+ np = NULL;
+
+ /* check parent for "children" acl */
+ if ( ! can_access ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG( BACK_LDBM, ERR,
+ "ldbm_back_modrdn: no access "
+ "to new superior \"\"\n", 0, 0, 0 );
+#else
+ Debug( LDAP_DEBUG_TRACE,
+ "<=- ldbm_back_modrdn: no "
+ "access to new superior\n", 0, 0, 0 );
+#endif
+
+ send_ldap_error( op, rs,
+ LDAP_INSUFFICIENT_ACCESS,
+ NULL );
+ goto return_results;
+ }
+
+ } else {
+#ifdef NEW_LOGGING
+ LDAP_LOG( BACK_LDBM, ERR,
+ "ldbm_back_modrdn: \"\" not allowed as new superior\n",
+ 0, 0, 0 );
+#else
+ Debug( LDAP_DEBUG_TRACE,
+ "<=- ldbm_back_modrdn: \"\" "
+ "not allowed as new superior\n",
+ 0, 0, 0);
+#endif
+
+ send_ldap_error( op, rs,
+ LDAP_INSUFFICIENT_ACCESS,
+ NULL );
+ goto return_results;
+ }
+ }
+ }
+
+#ifdef NEW_LOGGING
+ LDAP_LOG( BACK_LDBM, DETAIL1,
+ "ldbm_back_modrdn: wr to new parent's children OK.\n", 0, 0, 0 );
+#else
+ Debug( LDAP_DEBUG_TRACE,
+ "ldbm_back_modrdn: wr to new parent's children OK\n",
+ 0, 0, 0 );
+#endif
+
+ new_parent_dn = op->oq_modrdn.rs_newSup;
+ }
+
+ /* Build target dn and make sure target entry doesn't exist already. */
+ build_new_dn( &new_dn, new_parent_dn, &op->oq_modrdn.rs_newrdn );
+ dnNormalize2( NULL, &new_dn, &new_ndn );
+
+#ifdef NEW_LOGGING
+ LDAP_LOG( BACK_LDBM, DETAIL1, "ldbm_back_modrdn: new ndn=%s\n",
+ new_ndn.bv_val, 0, 0 );
+#else
+ Debug( LDAP_DEBUG_TRACE, "ldbm_back_modrdn: new ndn=%s\n",
+ new_ndn.bv_val, 0, 0 );
+#endif
+