- if (pwcons[op->o_conn->c_conn_idx].restricted && !mod_pw_only) {
- Debug( LDAP_DEBUG_TRACE,
- "connection restricted to password changing only\n", 0, 0, 0 );
- rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
- rs->sr_text = "Operations are restricted to bind/unbind/abandon/StartTLS/modify password";
- pErr = PP_changeAfterReset;
- goto return_results;
+ if (!BER_BVISEMPTY( &pwcons[op->o_conn->c_conn_idx].dn ) && !mod_pw_only ) {
+ if ( dn_match( &op->o_conn->c_ndn,
+ &pwcons[op->o_conn->c_conn_idx].dn )) {
+ Debug( LDAP_DEBUG_TRACE,
+ "connection restricted to password changing only\n", 0, 0, 0 );
+ rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
+ rs->sr_text = "Operations are restricted to bind/unbind/abandon/StartTLS/modify password";
+ pErr = PP_changeAfterReset;
+ goto return_results;
+ } else {
+ ch_free( pwcons[op->o_conn->c_conn_idx].dn.bv_val );
+ BER_BVZERO( &pwcons[op->o_conn->c_conn_idx].dn );
+ }