diff --git a/CHANGES b/CHANGES
index fb8561152b01260191aa3901b02aebc62f62034c..5e5caeed2860f8eb8f68f20ab21063fc1092c32f 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,7 @@ OpenLDAP 2.4.23 Engineering
 	Fixed libldap to return server's error code (ITS#6569)
 	Fixed libldap memleaks (ITS#6568)
 	Fixed liblutil off-by-one with delta (ITS#6541)
+	Fixed slapd acls with glued databases (ITS#6468)
 	Fixed slapd syncrepl rid logging (ITS#6533)
 	Fixed slapd modrdn handling of invalid values (ITS#6570)
 	Fixed slapd-bdb hasSubordinates computation (ITS#6549)
diff --git a/servers/slapd/backglue.c b/servers/slapd/backglue.c
index bd85aae44a256119daf15a6a6815fe31fa7e9c47..e9a337de64f34ba825248a2b991f6f0699f91843 100644
--- a/servers/slapd/backglue.c
+++ b/servers/slapd/backglue.c
@@ -1472,6 +1472,29 @@ glue_sub_add( BackendDB *be, int advert, int online )
 	return rc;
 }
 
+static int
+glue_access_allowed(
+	Operation		*op,
+	Entry			*e,
+	AttributeDescription	*desc,
+	struct berval		*val,
+	slap_access_t		access,
+	AccessControlState	*state,
+	slap_mask_t		*maskp )
+{
+	BackendDB *b0, *be = glue_back_select( op->o_bd, &e->e_nname );
+	int rc;
+
+	if ( be == NULL || be == op->o_bd || be->bd_info->bi_access_allowed == NULL )
+		return SLAP_CB_CONTINUE;
+
+	b0 = op->o_bd;
+	op->o_bd = be;
+	rc = be->bd_info->bi_access_allowed ( op, e, desc, val, access, state, maskp );
+	op->o_bd = b0;
+	return rc;
+}
+
 int
 glue_sub_init()
 {
@@ -1492,6 +1515,7 @@ glue_sub_init()
 	glue.on_bi.bi_chk_controls = glue_chk_controls;
 	glue.on_bi.bi_entry_get_rw = glue_entry_get_rw;
 	glue.on_bi.bi_entry_release_rw = glue_entry_release_rw;
+	glue.on_bi.bi_access_allowed = glue_access_allowed;
 
 	glue.on_response = glue_response;