ITS#6822

diff --git a/CHANGES b/CHANGES
index 2e948c1b46e80f807bc02943e619549bacca8d65..d5d4dcc00bd1f4327100514f13b90d8c7f457464 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -45,6 +45,7 @@ OpenLDAP 2.4.24 Engineering
        Fixed slapd SlapReply usage (ITS#6758)
        Fixed slapd acl parsing overflow (ITS#6611)
        Fixed slapd acl when resuming parsing (ITS#6804)
+       Fixed slapd default config acls with overlays (ITS#6822)
        Fixed slapd assert control (ITS#5862)
        Fixed slapd assertions and debugging (ITS#6759)
        Fixed slapd config leak with olcDbDirectory (ITS#6634)

diff --git a/servers/slapd/bconfig.c b/servers/slapd/bconfig.c
index 3e6bd36a0461939628a86e168b8a5af275163919..5f8ae10625b95b53109dbf53056e264bbd1455a0 100644 (file)
--- a/servers/slapd/bconfig.c
+++ b/servers/slapd/bconfig.c
@@ -6495,8 +6495,8 @@ config_back_db_open( BackendDB *be, ConfigReply *cr )
        /* If we have no explicitly configured ACLs, don't just use
         * the global ACLs. Explicitly deny access to everything.
         */
-       if ( !be->be_acl ) {
-               parse_acl(be, "config_back_db_open", 0, 6, (char **)defacl, 0 );
+       if ( !be->bd_self->be_acl ) {
+               parse_acl(be->bd_self, "config_back_db_open", 0, 6, (char **)defacl, 0 );
        }
 
        thrctx = ldap_pvt_thread_pool_context();