From 6c221e773066178d4801233139ae32411069c428 Mon Sep 17 00:00:00 2001
From: Howard Chu <hyc@openldap.org>
Date: Wed, 29 Aug 2018 02:02:13 +0100
Subject: [PATCH] ITS#8909 additional tweak

Set error code on failure
---
 servers/slapd/saslauthz.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/servers/slapd/saslauthz.c b/servers/slapd/saslauthz.c
index e4a74ea7fd..d80370ff9b 100644
--- a/servers/slapd/saslauthz.c
+++ b/servers/slapd/saslauthz.c
@@ -2075,6 +2075,8 @@ int slap_sasl_authorized( Operation *op,
 		rc = slap_sasl_check_authz( op, authcDN, authzDN,
 			slap_schema.si_ad_saslAuthzTo, authcDN );
 		if(( rc == LDAP_SUCCESS ) ^ (( authz_policy & SASL_AUTHZ_AND) != 0)) {
+			if( rc != LDAP_SUCCESS )
+				rc = LDAP_INAPPROPRIATE_AUTH;
 			goto DONE;
 		}
 	}