diff --git a/CHANGES b/CHANGES
index f170c2e5eed9c3ef7606339552164562fe4b460e..b05b85f0a5978b10cb1011d9e1b6861ef3245073 100644
--- a/CHANGES
+++ b/CHANGES
@@ -9,6 +9,7 @@ OpenLDAP 2.4.24 Engineering
 	Fixed slapd acl parsing overflow (ITS#6611)
 	Fixed slapd modify to return actual error (ITS#6581)
 	Fixed slapd-bdb entry cache delete failure (ITS#6577)
+	Fixed slapd-ndb to honor rootpw setting (ITS#6661)
 	Fixed slapd-meta anon retry with failed auth method (ITS#6643)
 	Fixed slapd-null back-config support (ITS#6624)
 	Fixed slapo-pcache callback freeing (ITS#6640)
diff --git a/servers/slapd/back-bdb/bind.c b/servers/slapd/back-bdb/bind.c
index f982e9e4e560a8786c47732e67c9218da7dc6674..c75c97024ee9db492f50e7b0e92f96193d4932f9 100644
--- a/servers/slapd/back-bdb/bind.c
+++ b/servers/slapd/back-bdb/bind.c
@@ -43,10 +43,10 @@ bdb_bind( Operation *op, SlapReply *rs )
 	switch ( be_rootdn_bind( op, NULL ) ) {
 	case LDAP_SUCCESS:
 		/* frontend will send result */
-		return rs->sr_err;
+		return rs->sr_err = LDAP_SUCCESS;
 
 	default:
-		/* give the database a chanche */
+		/* give the database a chance */
 		/* NOTE: this behavior departs from that of other backends,
 		 * since the others, in case of password checking failure
 		 * do not give the database a chance.  If an entry with
diff --git a/servers/slapd/back-ndb/bind.cpp b/servers/slapd/back-ndb/bind.cpp
index 33257d667084b8b035b0e03d523e2967bb22f3e0..8b517f4346cadad59882b74ccaa070638f791507 100644
--- a/servers/slapd/back-ndb/bind.cpp
+++ b/servers/slapd/back-ndb/bind.cpp
@@ -43,11 +43,13 @@ ndb_back_bind( Operation *op, SlapReply *rs )
 
 	/* allow noauth binds */
 	switch ( be_rootdn_bind( op, NULL ) ) {
-	case SLAP_CB_CONTINUE:
-		break;
+	case LDAP_SUCCESS:
+		/* frontend will send result */
+		return rs->sr_err = LDAP_SUCCESS;
 
 	default:
-		return rs->sr_err;
+		/* give the database a chance */
+		break;
 	}
 
 	/* Get our NDB handle */