/** * Perform all needed RDN checks for the modifyDN operation. The old RDN is not equal to the new * RDN. The access checks are: - Verify WRITE access to the original entry. - Verfiy WRITE_ADD * access on each RDN component of the new RDN. The WRITE_ADD access is used because this access * could be restricted by the targattrfilters keyword. - If the deleteOLDRDN flag is set, verify * WRITE_DELETE access on the old RDN. The WRITE_DELETE access is used because this access could * be restricted by the targattrfilters keyword. * * @param operation The ModifyDN operation class containing information to check access on. * @param oldRDN The old RDN component. * @param newRDN The new RDN component. * @return True if access is allowed. */ private boolean aciCheckRDNs(LocalBackendModifyDNOperation operation, RDN oldRDN, RDN newRDN) { boolean ret; AciLDAPOperationContainer operationContainer = new AciLDAPOperationContainer(operation, (ACI_WRITE), operation.getOriginalEntry()); ret = accessAllowed(operationContainer); if (ret) { ret = checkRDN(ACI_WRITE_ADD, newRDN, operationContainer); } if (ret && operation.deleteOldRDN()) { ret = checkRDN(ACI_WRITE_DELETE, oldRDN, operationContainer); } return ret; }