- if( conn->c_authz_backend != NULL &&
- conn->c_authz_backend->be_extended )
- {
- rc = conn->c_authz_backend->be_extended(
- conn->c_authz_backend,
- conn, op, oid, reqdata, rspdata, rspctrls, text );
+ if( conn->c_authz_backend != NULL && conn->c_authz_backend->be_extended ) {
+ if( conn->c_authz_backend->be_restrictops & SLAP_RESTRICT_OP_MODIFY ) {
+ *text = "authorization database is read only";
+ rc = LDAP_UNWILLING_TO_PERFORM;
+
+ } else if( conn->c_authz_backend->be_update_ndn.bv_len ) {
+ /* we SHOULD return a referral in this case */
+ *refs = referral_rewrite( conn->c_authz_backend->be_update_refs,
+ NULL, NULL, LDAP_SCOPE_DEFAULT );
+ rc = LDAP_REFERRAL;
+
+ } else {
+ rc = conn->c_authz_backend->be_extended(
+ conn->c_authz_backend, conn, op,
+ reqoid, reqdata,
+ rspoid, rspdata, rspctrls,
+ text, refs );
+ }