- if( be->be_attribute ) {
- return be->be_attribute( be, conn, op, target, edn,
- entry_at, vals );
+ if ( e ) {
+ a = attr_find( e->e_attrs, entry_at );
+ if ( a ) {
+ BerVarray v;
+
+ if ( op->o_conn && access_allowed( op,
+ e, entry_at, NULL, ACL_AUTH,
+ &acl_state ) == 0 ) {
+ rc = LDAP_INSUFFICIENT_ACCESS;
+ goto freeit;
+ }
+
+ for ( i=0; a->a_vals[i].bv_val; i++ ) ;
+
+ v = op->o_tmpalloc( sizeof(struct berval) * (i+1), op->o_tmpmemctx );
+ for ( i=0,j=0; a->a_vals[i].bv_val; i++ ) {
+ if ( op->o_conn && access_allowed( op,
+ e, entry_at,
+ &a->a_nvals[i],
+ ACL_AUTH, &acl_state ) == 0 ) {
+ continue;
+ }
+ ber_dupbv_x( &v[j],
+ &a->a_nvals[i], op->o_tmpmemctx );
+ if (v[j].bv_val ) j++;
+ }
+ if (j == 0) {
+ op->o_tmpfree( v, op->o_tmpmemctx );
+ *vals = NULL;
+ rc = LDAP_INSUFFICIENT_ACCESS;
+ } else {
+ v[j].bv_val = NULL;
+ v[j].bv_len = 0;
+ *vals = v;
+ rc = LDAP_SUCCESS;
+ }
+ }
+freeit: if (e != target ) {
+ be_entry_release_r( op, e );
+ }