From 59af9578353bdb19d01c708543a78e28765eac8e Mon Sep 17 00:00:00 2001
From: Kurt Zeilenga <kurt@openldap.org>
Date: Sat, 17 Mar 2001 05:31:51 +0000
Subject: [PATCH] Don't attempt to return empty referrals.

---
 servers/slapd/passwd.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/servers/slapd/passwd.c b/servers/slapd/passwd.c
index 79dbe4340d..d331d65750 100644
--- a/servers/slapd/passwd.c
+++ b/servers/slapd/passwd.c
@@ -46,7 +46,14 @@ int passwd_extop(
 		} else if( conn->c_authz_backend->be_update_ndn != NULL ) {
 			/* we SHOULD return a referral in this case */
 			*refs = conn->c_authz_backend->be_update_refs;
-			rc = LDAP_REFERRAL;
+
+			if( *refs ) {
+				rc = LDAP_REFERRAL;
+
+			} else {
+				rc = LDAP_UNWILLING_TO_PERFORM;
+				*text = "authorization database is a read-only replica";
+			}
 
 		} else {
 			rc = conn->c_authz_backend->be_extended(
-- 
GitLab