/**
* Check access on the new superior entry if it exists. If the entry does not exist or the DN
* cannot be locked then false is returned.
*
* @param superiorDN The DN of the new superior entry.
* @param op The modifyDN operation to check access on.
* @return True if access is granted to the new superior entry.
* @throws DirectoryException If a problem occurs while trying to retrieve the new superior entry.
*/
private boolean aciCheckSuperiorEntry(DN superiorDN, LocalBackendModifyDNOperation op)
throws DirectoryException {
boolean ret = false;
final Lock entryLock = LockManager.lockRead(superiorDN);
if (entryLock == null) {
Message message =
WARN_ACI_HANDLER_CANNOT_LOCK_NEW_SUPERIOR_USER.get(String.valueOf(superiorDN));
logError(message);
return false;
}
try {
Entry superiorEntry = DirectoryServer.getEntry(superiorDN);
if (superiorEntry != null) {
AciLDAPOperationContainer operationContainer =
new AciLDAPOperationContainer(op, (ACI_IMPORT), superiorEntry);
ret = accessAllowed(operationContainer);
}
} finally {
LockManager.unlock(superiorDN, entryLock);
}
return ret;
}
