- } else if( conn->c_authz_backend->be_update_ndn.bv_len ) {
- /* we SHOULD return a referral in this case */
- *refs = referral_rewrite( conn->c_authz_backend->be_update_refs,
- NULL, NULL, LDAP_SCOPE_DEFAULT );
- rc = LDAP_REFERRAL;
-
- } else {
- rc = conn->c_authz_backend->be_extended(
- conn->c_authz_backend, conn, op,
- reqoid, reqdata,
- rspoid, rspdata, rspctrls,
- text, refs );
- }
+ if( op->o_bd && !op->o_bd->be_extended ) {
+ rs->sr_text = "operation not supported for current user";
+ return LDAP_UNWILLING_TO_PERFORM;
+ }
+
+ if (backend_check_restrictions( op, rs,
+ (struct berval *)&slap_EXOP_MODIFY_PASSWD ) != LDAP_SUCCESS) {
+ return rs->sr_err;
+ }
+
+ if( op->o_bd == NULL ) {
+#ifdef HAVE_CYRUS_SASL
+ rs->sr_err = slap_sasl_setpass( op, rs );
+#else
+ rs->sr_text = "no authz backend";
+ rs->sr_err = LDAP_OTHER;
+#endif
+
+#ifndef SLAPD_MULTIMASTER
+ /* This does not apply to multi-master case */
+ } else if( op->o_bd->be_update_ndn.bv_len ) {
+ /* we SHOULD return a referral in this case */
+ rs->sr_ref = referral_rewrite( op->o_bd->be_update_refs,
+ NULL, NULL, LDAP_SCOPE_DEFAULT );
+ rs->sr_err = LDAP_REFERRAL;
+#endif /* !SLAPD_MULTIMASTER */