/** * Check access on the new superior entry if it exists. If the entry does not exist or the DN * cannot be locked then false is returned. * * @param superiorDN The DN of the new superior entry. * @param op The modifyDN operation to check access on. * @return True if access is granted to the new superior entry. * @throws DirectoryException If a problem occurs while trying to retrieve the new superior entry. */ private boolean aciCheckSuperiorEntry(DN superiorDN, LocalBackendModifyDNOperation op) throws DirectoryException { boolean ret = false; final Lock entryLock = LockManager.lockRead(superiorDN); if (entryLock == null) { Message message = WARN_ACI_HANDLER_CANNOT_LOCK_NEW_SUPERIOR_USER.get(String.valueOf(superiorDN)); logError(message); return false; } try { Entry superiorEntry = DirectoryServer.getEntry(superiorDN); if (superiorEntry != null) { AciLDAPOperationContainer operationContainer = new AciLDAPOperationContainer(op, (ACI_IMPORT), superiorEntry); ret = accessAllowed(operationContainer); } } finally { LockManager.unlock(superiorDN, entryLock); } return ret; }