A lot is said here and elsewhere about ACL managers, but you will not find in the sample application any specific routine or block of code with that name. So where exactly is our sample ACL manager? What does it consist of?
Conceptually, ACL manager is a way of referring comprehensively to the code and data present in an application to support ACLs. Practically speaking, the ACL manager in the sample application consists of all the places in the code where dce_acl_is_client_authorized( ) is called to check a requester's authorization. This is done in sample_mgmt_auth( ) (in sample_server.c) and sample_call( ) (in sample_manager.c).
Note that there are actually two ACL managers in the sample application. In sample_call( ), the client's access to the sample_object is being checked, and the ACL manager type UUID passed to the call is sample_acl_mgr_uuid. In sample_mgmt_auth( ), on the other hand, the client's access to the server_mgmt object is being checked, so the ACL manager type UUID passed there is mgmt_acl_mgr_uuid.