+/**
+ * @brief Checks the current as the requested access on 1 attribute
+ *
+ * This function checks if a given trustee has the requested access
+ * on the specified attribute given the current security descriptor.
+ * The attribute can be NULL in this case the check will skip the
+ * OBJECT_ACE entries.
+ *
+ * @param[in] module A struct ldb_module object, security token
+ * for the current user are stored within the
+ * module object.
+ *
+ * @param[in] mem_ctx A talloc context object for memory allocation
+ *
+ * @param[in] sd A security descriptor for attr
+ *
+ * @param[in] rp_sid The SID of the domain, used for expanding
+ * trustee in ACE that are just a RID.
+ *
+ * @param[in] access_mask An integer that represents the desired access
+ * that the security descriptor should grant to
+ * the user on the given attribute
+ *
+ * @param[in] attr A dsdb_attribute for which the checks should be
+ * performed.
+ *
+ * @return Returns LDB_SUCCESS on success, on error another
+ * ldb error code.
+ * If the requested rights are not granted
+ * LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS will be returned.
+ *
+ */