fix ITS#3753

[openldap] / servers / slapd / modrdn.c

diff --git a/servers/slapd/modrdn.c b/servers/slapd/modrdn.c
index c9171d709bb52e6d5ebd5d5003a64264095b8e40..b0f8d3e0288d1df4da5271120e3851be50a40d66 100644 (file)
--- a/servers/slapd/modrdn.c
+++ b/servers/slapd/modrdn.c
@@ -450,7 +450,7 @@ slap_modrdn2mods(
 
                /* ACL check of newly added attrs */
                if ( op->o_bd && !access_allowed( op, e, desc,
-                       &new_rdn[a_cnt]->la_value, ACL_WRITE, NULL ) ) {
+                       &new_rdn[a_cnt]->la_value, ACL_WADD, NULL ) ) {
                        Debug( LDAP_DEBUG_TRACE,
                                "slap_modrdn2modlist: access to attr \"%s\" "
                                "(new) not allowed\n", 
@@ -500,9 +500,9 @@ slap_modrdn2mods(
                                goto done;              
                        }
 
-                       /* ACL check of newly added attrs */
+                       /* ACL check of old rdn attrs removal */
                        if ( op->o_bd && !access_allowed( op, e, desc,
-                               &old_rdn[d_cnt]->la_value, ACL_WRITE, 
+                               &old_rdn[d_cnt]->la_value, ACL_WDEL, 
                                NULL ) ) {
                                Debug( LDAP_DEBUG_TRACE,
                                        "slap_modrdn2modlist: access "