diff --git a/CHANGES b/CHANGES
index a38e8b0c1ba93cacf5dabac444a92368baa34f2f..9413524571345813cae8e0144b39d14521c54729 100644
--- a/CHANGES
+++ b/CHANGES
@@ -12,6 +12,7 @@ OpenLDAP 2.4.14 Engineering
 	Fixed slapd bconfig to return error codes (ITS#5867)
 	Fixed slapd syncrepl rename handling (ITS#5809)
 	Fixed slapd syncrepl MMR when adding new server (ITS#5850)
+	Fixed slapd-bdb/hdb RFC4528 control support (ITS#5861)
 	Fixed slapd-ldap idassert-bind validity checking (ITS#5863)
 	Fixed slapd-ldif numerous bugs (ITS#5408)
 	Fixed slapd-ldif rename on same DN (ITS#5319)
diff --git a/servers/slapd/back-bdb/add.c b/servers/slapd/back-bdb/add.c
index 402c837b9cc9f531bb55fadc7cb1a7d779f62dca..1c73bf636619ecc3f9c23cfafd4557be9a90b201 100644
--- a/servers/slapd/back-bdb/add.c
+++ b/servers/slapd/back-bdb/add.c
@@ -112,6 +112,13 @@ txnReturn:
 		goto return_results;
 	}
 
+	if ( get_assert( op ) &&
+		( test_filter( op, op->ora_e, get_assertion( op )) != LDAP_COMPARE_TRUE ))
+	{
+		rs->sr_err = LDAP_ASSERTION_FAILED;
+		goto return_results;
+	}
+
 	subentry = is_entry_subentry( op->oq_add.rs_e );
 
 	/* Get our reader TXN */
diff --git a/servers/slapd/back-sql/add.c b/servers/slapd/back-sql/add.c
index 8b8100fbc0b6da47ade527b1dd7ad671cdf6eba2..a18e18e82708e097a6fca34231a75754b76577c7 100644
--- a/servers/slapd/back-sql/add.c
+++ b/servers/slapd/back-sql/add.c
@@ -975,6 +975,17 @@ backsql_add( Operation *op, SlapReply *rs )
 
 	slap_add_opattrs( op, &rs->sr_text, textbuf, textlen, 1 );
 
+	if ( get_assert( op ) &&
+		( test_filter( op, op->ora_e, get_assertion( op )) != LDAP_COMPARE_TRUE ))
+	{
+		Debug( LDAP_DEBUG_TRACE, "   backsql_add(\"%s\"): "
+			"assertion control failed -- aborting\n",
+			op->ora_e->e_name.bv_val, 0, 0 );
+		e = NULL;
+		rs->sr_err = LDAP_ASSERTION_FAILED;
+		goto done;
+	}
+
 	/* search structuralObjectClass */
 	for ( at = op->ora_e->e_attrs; at != NULL; at = at->a_next ) {
 		if ( at->a_desc == slap_schema.si_ad_structuralObjectClass ) {
diff --git a/servers/slapd/controls.c b/servers/slapd/controls.c
index f952b1dd944663e5b9c30c83363b01fcce067230..1a0e42b82dd67926f5002cd09789954972f6330a 100644
--- a/servers/slapd/controls.c
+++ b/servers/slapd/controls.c
@@ -123,8 +123,7 @@ static char *session_tracking_extops[] = {
 static struct slap_control control_defs[] = {
 	{  LDAP_CONTROL_ASSERT,
  		(int)offsetof(struct slap_control_ids, sc_assert),
-		SLAP_CTRL_DELETE|SLAP_CTRL_MODIFY|SLAP_CTRL_RENAME|
-			SLAP_CTRL_COMPARE|SLAP_CTRL_SEARCH,
+		SLAP_CTRL_UPDATE|SLAP_CTRL_COMPARE|SLAP_CTRL_SEARCH,
 		NULL, NULL,
 		parseAssert, LDAP_SLIST_ENTRY_INITIALIZER(next) },
 	{ LDAP_CONTROL_PRE_READ,