+ /* specific attrs requested */
+ if ( is_at_operational( desc->ad_type ) ) {
+ if( !opattrs && !ad_inlist( desc, attrs ) ) {
+ continue;
+ }
+
+ } else {
+ if (!userattrs && !ad_inlist( desc, attrs ) ) {
+ continue;
+ }
+ }
+ }
+
+ if ( ! access_allowed( be, conn, op, e, desc, NULL, ACL_READ ) ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "acl", LDAP_LEVEL_INFO, "send_search_entry: "
+ "conn %d access to attribute %s not allowed\n",
+ op->o_connid, desc->ad_cname.bv_val ));
+#else
+ Debug( LDAP_DEBUG_ACL, "acl: "
+ "access to attribute %s not allowed\n",
+ desc->ad_cname.bv_val, 0, 0 );
+#endif
+
+ continue;
+ }
+
+ if (( rc = ber_printf( ber, "{O[" /*]}*/ , &desc->ad_cname )) == -1 ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "operation", LDAP_LEVEL_ERR,
+ "send_search_entry: conn %d ber_printf failed\n",
+ op->o_connid ));
+#else
+ Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
+#endif
+
+ ber_free_buf( ber );
+ send_ldap_result( conn, op, LDAP_OTHER,
+ NULL, "encoding description error", NULL, NULL );
+ goto error_return;
+ }
+
+ if ( ! attrsonly ) {
+ for ( i = 0; a->a_vals[i].bv_val != NULL; i++ ) {
+ if ( ! access_allowed( be, conn, op, e,
+ desc, &a->a_vals[i], ACL_READ ) )
+ {
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "acl", LDAP_LEVEL_INFO,
+ "send_search_entry: conn %d access to attribute %s, value %d not allowed\n",
+ op->o_connid, desc->ad_cname.bv_val, i ));
+#else
+ Debug( LDAP_DEBUG_ACL,
+ "acl: access to attribute %s, value %d not allowed\n",
+ desc->ad_cname.bv_val, i, 0 );
+#endif
+
+ continue;
+ }
+
+ if (( rc = ber_printf( ber, "O", &a->a_vals[i] )) == -1 ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "operation", LDAP_LEVEL_ERR,
+ "send_search_entry: conn %d ber_printf failed.\n",
+ op->o_connid ));
+#else
+ Debug( LDAP_DEBUG_ANY,
+ "ber_printf failed\n", 0, 0, 0 );
+#endif
+
+ ber_free_buf( ber );
+ send_ldap_result( conn, op, LDAP_OTHER,
+ NULL, "encoding values error", NULL, NULL );
+ goto error_return;
+ }
+ }
+ }
+
+ if (( rc = ber_printf( ber, /*{[*/ "]N}" )) == -1 ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "operation", LDAP_LEVEL_ERR,
+ "send_search_entry: conn %d ber_printf failed\n",
+ op->o_connid ));
+#else
+ Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
+#endif
+
+ ber_free_buf( ber );
+ send_ldap_result( conn, op, LDAP_OTHER,
+ NULL, "encode end error", NULL, NULL );
+ goto error_return;
+ }
+ }
+
+ /* eventually will loop through generated operational attributes */
+ /* only have subschemaSubentry implemented */
+ aa = backend_operational( be, conn, op, e, attrs, opattrs );
+
+ for (a = aa ; a != NULL; a = a->a_next ) {
+ AttributeDescription *desc = a->a_desc;
+
+ if ( attrs == NULL ) {
+ /* all attrs request, skip operational attributes */
+ if( is_at_operational( desc->ad_type ) ) {