diff --git a/CHANGES b/CHANGES
index 7d93d96f49a4fc0101a8f9eb5df14ddae3518bdc..bb73a10dcb7e7071ddd58b25e0c9091eed6d99a4 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,7 @@ OpenLDAP 2.4.24 Engineering
 	Fixed liblber to not close invalid sockets (ITS#6585)
 	Fixed slapd modify to return actual error (ITS#6581)
 	Fixed slapd-bdb entry cache delete failure (ITS#6577)
+	Fixed slapo-ppolicy don't update opattrs on consumers (ITS#6608)
 	Fixed slapo-syncprov to send error if consumer is newer (ITS#6606)
 
 OpenLDAP 2.4.23 Release (2010/06/30)
diff --git a/servers/slapd/overlays/ppolicy.c b/servers/slapd/overlays/ppolicy.c
index 3ca42377931feb1dc228befc6134f01fe89b2db0..f34c442019af64a922bc7240f90edec33a60cb8f 100644
--- a/servers/slapd/overlays/ppolicy.c
+++ b/servers/slapd/overlays/ppolicy.c
@@ -1161,6 +1161,9 @@ locked:
 			c.ldctl_iscritical = 1;
 			c.ldctl_oid = LDAP_CONTROL_RELAX;
 		} else {
+			/* If not forwarding, don't update opattrs */
+			if ( SLAP_SINGLE_SHADOW( op->o_bd ))
+				op2.orm_no_opattrs = 1;
 			op2.o_bd->bd_info = (BackendInfo *)on->on_info;
 		}
 		rc = op2.o_bd->be_modify( &op2, &r2 );