- if( reqdata == NULL || reqdata->bv_len == 0 ) {
- *text = ch_strdup("data missing");
- return LDAP_PROTOCOL_ERROR;
+ if( conn->c_authz_backend != NULL && conn->c_authz_backend->be_extended ) {
+ if( conn->c_authz_backend->be_restrictops & SLAP_RESTRICT_OP_MODIFY ) {
+ *text = "authorization database is read only";
+ rc = LDAP_UNWILLING_TO_PERFORM;
+
+ } else if( conn->c_authz_backend->be_update_ndn.bv_len ) {
+ /* we SHOULD return a referral in this case */
+ *refs = referral_rewrite( conn->c_authz_backend->be_update_refs,
+ NULL, NULL, LDAP_SCOPE_DEFAULT );
+ rc = LDAP_REFERRAL;
+
+ } else {
+ rc = conn->c_authz_backend->be_extended(
+ conn->c_authz_backend, conn, op,
+ reqoid, reqdata,
+ rspoid, rspdata, rspctrls,
+ text, refs );
+ }
+
+ } else {
+ *text = "operation not supported for current user";
+ rc = LDAP_UNWILLING_TO_PERFORM;
+ }
+
+ return rc;
+}
+
+int slap_passwd_parse( struct berval *reqdata,
+ struct berval *id,
+ struct berval *oldpass,
+ struct berval *newpass,
+ const char **text )
+{
+ int rc = LDAP_SUCCESS;
+ ber_tag_t tag;
+ ber_len_t len;
+ BerElement *ber;
+
+ if( reqdata == NULL ) {
+ return LDAP_SUCCESS;