Call this function to determine if a user has access rights to modify the specified entry. The function performs this check for users who request the operation that invokes this plug-in.
For example, if you are writing a database plug-in, you can call this function to determine if users have the proper access rights before they can add, modify, or delete entries from the database.
As part of the process of determining if the user has access rights, the function does the following:
Checks to access control for the directory is disabled.
If access control is disabled, the function returns LDAP_SUCCESS.
For each value in each attribute specified in the LDAPMod array, the function determines if the user has permissions to write to that value. Specifically, the function calls slapi_access_allowed() with SLAPI_ACL_WRITE as the access right to check.
If for some reason the function cannot determine which operation is being requested, the function returns LDAP_OPERATIONS_ERROR.
If no connection to a client exists (in other words, if the request for the operation was made by the server or its backend), the function returns LDAP_SUCCESS. (The server and its backend are not restricted by access control lists.)
If the backend database is read-only and the request is checking for write access (SLAPI_ACL_WRITE), the function returns LDAP_UNWILLING_TO_PERFORM.