+ be_orig = op->o_bd;
+ op->o_bd = frontendDB;
+#ifdef SLAP_OVERLAY_ACCESS
+ rc = frontendDB->be_attribute( op, target, edn,
+ entry_at, vals, access );
+#else /* !SLAP_OVERLAY_ACCESS */
+ rc = fe_acl_attribute( op, target, edn,
+ entry_at, vals, access );
+#endif /* !SLAP_OVERLAY_ACCESS */
+ op->o_bd = be_orig;
+
+ return rc;
+}
+
+int
+backend_access(
+ Operation *op,
+ Entry *target,
+ struct berval *edn,
+ AttributeDescription *entry_at,
+ struct berval *nval,
+ slap_access_t access,
+ slap_mask_t *mask )
+{
+ Entry *e = NULL;
+ void *o_priv = op->o_private, *e_priv = NULL;
+ int rc = LDAP_INSUFFICIENT_ACCESS;
+ Backend *be = op->o_bd;
+
+ /* pedantic */
+ assert( op != NULL );
+ assert( op->o_conn != NULL );
+ assert( edn != NULL );
+ assert( access > ACL_NONE );
+
+ op->o_bd = select_backend( edn, 0, 0 );
+
+ if ( target && dn_match( &target->e_nname, edn ) ) {
+ e = target;
+
+ } else {
+ op->o_private = NULL;
+ rc = be_entry_get_rw( op, edn, NULL, entry_at, 0, &e );
+ e_priv = op->o_private;
+ op->o_private = o_priv;
+ }
+
+ if ( e ) {
+ Attribute *a = NULL;
+ int freeattr = 0;
+
+ if ( entry_at == NULL ) {
+ entry_at = slap_schema.si_ad_entry;
+ }
+
+ if ( entry_at == slap_schema.si_ad_entry || entry_at == slap_schema.si_ad_children )
+ {
+ if ( access_allowed_mask( op, e, entry_at,
+ NULL, access, NULL, mask ) == 0 )
+ {