diff --git a/servers/slapd/back-ldbm/modify.c b/servers/slapd/back-ldbm/modify.c
index 7791816a6daa5a4a2bb797e50605c30511327325..86a1bbd41d162dfab88d7353853389c311d40007 100644
--- a/servers/slapd/back-ldbm/modify.c
+++ b/servers/slapd/back-ldbm/modify.c
@@ -271,15 +271,16 @@ add_values(
 	/* char *desc = mod->sm_desc->ad_cname->bv_val; */
 	MatchingRule *mr = mod->sm_desc->ad_type->sat_equality;
 
-	if( mr == NULL ) {
-		return LDAP_INAPPROPRIATE_MATCHING;
-	}
-
-
 	a = attr_find( e->e_attrs, mod->sm_desc );
 
 	/* check if the values we're adding already exist */
 	if ( a != NULL ) {
+		/* do allow add of additional attribute if
+			no equality rule exists */
+		if( mr == NULL ) {
+			return LDAP_INAPPROPRIATE_MATCHING;
+		}
+
 		for ( i = 0; mod->sm_bvalues[i] != NULL; i++ ) {
 			int rc;
 			int j;
@@ -330,10 +331,6 @@ delete_values(
 	char *desc = mod->sm_desc->ad_cname->bv_val;
 	MatchingRule *mr = mod->sm_desc->ad_type->sat_equality;
 
-	if( mr == NULL || !mr->smr_match ) {
-		return LDAP_INAPPROPRIATE_MATCHING;
-	}
-
 	/* delete the entire attribute */
 	if ( mod->sm_bvalues == NULL ) {
 		Debug( LDAP_DEBUG_ARGS, "removing entire attribute %s\n",
@@ -342,6 +339,12 @@ delete_values(
 		    LDAP_NO_SUCH_ATTRIBUTE : LDAP_SUCCESS );
 	}
 
+	/* disallow specific attributes from being deleted if
+		no equality rule */
+	if( mr == NULL || !mr->smr_match ) {
+		return LDAP_INAPPROPRIATE_MATCHING;
+	}
+
 	/* delete specific values - find the attribute first */
 	if ( (a = attr_find( e->e_attrs, mod->sm_desc )) == NULL ) {
 		Debug( LDAP_DEBUG_ARGS, "ldap_modify_delete: "