From 324fdd0c41fca50bd0bfacead6b5b7583ac233dc Mon Sep 17 00:00:00 2001
From: Howard Chu <hyc@openldap.org>
Date: Wed, 29 Aug 2018 02:02:13 +0100
Subject: [PATCH 033/109] ITS#8909 additional tweak

Set error code on failure
---
 servers/slapd/saslauthz.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/servers/slapd/saslauthz.c b/servers/slapd/saslauthz.c
index e4a74ea7f..d80370ff9 100644
--- a/servers/slapd/saslauthz.c
+++ b/servers/slapd/saslauthz.c
@@ -2075,6 +2075,8 @@ int slap_sasl_authorized( Operation *op,
 		rc = slap_sasl_check_authz( op, authcDN, authzDN,
 			slap_schema.si_ad_saslAuthzTo, authcDN );
 		if(( rc == LDAP_SUCCESS ) ^ (( authz_policy & SASL_AUTHZ_AND) != 0)) {
+			if( rc != LDAP_SUCCESS )
+				rc = LDAP_INAPPROPRIATE_AUTH;
 			goto DONE;
 		}
 	}
-- 
2.19.1