don't lookup rootdn if the password is incorrect (ITS#4004)

[openldap] / servers / slapd / back-meta / modify.c

diff --git a/servers/slapd/back-meta/modify.c b/servers/slapd/back-meta/modify.c
index 379a1e03ec780f26ce9bf8066613d76001abe438..f6d2e9f428d021e8b5bc339067760fc16a764ac4 100644 (file)
--- a/servers/slapd/back-meta/modify.c
+++ b/servers/slapd/back-meta/modify.c
@@ -89,7 +89,8 @@ meta_back_modify( Operation *op, SlapReply *rs )
        for ( i = 0, ml = op->orm_modlist; ml; ml = ml->sml_next ) {
                int     j, is_oc = 0;
 
-               if ( !isupdate && ml->sml_desc->ad_type->sat_no_user_mod  ) {
+               if ( !isupdate && !get_manageDIT( op ) && ml->sml_desc->ad_type->sat_no_user_mod  )
+               {
                        continue;
                }
 
@@ -191,11 +192,11 @@ retry:;
                        tvp = &tv;
                }
 
-               rs->sr_err = ldap_result( mc->mc_conns[ candidate ].msc_ld,
+               rs->sr_err = LDAP_OTHER;
+               rc = ldap_result( mc->mc_conns[ candidate ].msc_ld,
                        msgid, LDAP_MSG_ONE, tvp, &res );
-               switch ( rs->sr_err ) {
+               switch ( rc ) {
                case -1:
-                       rs->sr_err = LDAP_OTHER;
                        rc = -1;
                        break;
 
@@ -207,7 +208,17 @@ retry:;
                        rc = -1;
                        break;
 
+               case LDAP_RES_MODIFY:
+                       rc = ldap_parse_result( mc->mc_conns[ candidate ].msc_ld,
+                               res, &rs->sr_err, NULL, NULL, NULL, NULL, 1 );
+                       if ( rc != LDAP_SUCCESS ) {
+                               rs->sr_err = rc;
+                       }
+                       rc = 0;
+                       break;
+
                default:
+                       rc = -1;
                        ldap_msgfree( res );
                        break;
                }