diff --git a/servers/slapd/back-ldbm/delete.c b/servers/slapd/back-ldbm/delete.c
index 6ff7a967a8..dc8e63516d 100644
--- a/servers/slapd/back-ldbm/delete.c
+++ b/servers/slapd/back-ldbm/delete.c
@@ -93,7 +93,7 @@ ldbm_back_delete(
 	}
 
 	/* delete from parent's id2children entry */
-	if( (pdn = dn_parent( be, e->e_ndn )) != NULL ) {
+	if( (pdn = dn_parent( be, e->e_ndn )) != NULL && pdn[ 0 ] != '\0' ) {
 		if( (p = dn2entry_w( be, pdn, NULL )) == NULL) {
 			Debug( LDAP_DEBUG_TRACE,
 				"<=- ldbm_back_delete: parent does not exist\n",
@@ -117,7 +117,7 @@ ldbm_back_delete(
 
 	} else {
 		/* no parent, must be root to delete */
-		if( ! be_isroot( be, op->o_ndn ) ) {
+		if( ! be_isroot( be, op->o_ndn ) && ! be_issuffix( be, "" )  ) {
 			Debug( LDAP_DEBUG_TRACE,
 				"<=- ldbm_back_delete: no parent & not root\n",
 				0, 0, 0);
diff --git a/servers/slapd/back-ldbm/modrdn.c b/servers/slapd/back-ldbm/modrdn.c
index b87b056a5c..ebc8cc8351 100644
--- a/servers/slapd/back-ldbm/modrdn.c
+++ b/servers/slapd/back-ldbm/modrdn.c
@@ -373,8 +373,8 @@ ldbm_back_modrdn(
 
 		val.bv_val = new_rdn_vals[a_cnt];
 		val.bv_len = strlen( val.bv_val );
-		if ( ! access_allowed( be, conn, op, p, 
-				mod_tmp->sml_desc, &val, ACL_WRITE ) ) {
+		if ( ! access_allowed( be, conn, op, e, 
+				desc, &val, ACL_WRITE ) ) {
 			Debug( LDAP_DEBUG_TRACE,
 				"ldbm_back_modrdn: access not allowed "
 				"to attr \"%s\"\n%s%s",
@@ -431,8 +431,8 @@ ldbm_back_modrdn(
 
 			val.bv_val = old_rdn_vals[d_cnt];
 			val.bv_len = strlen( val.bv_val );
-			if ( ! access_allowed( be, conn, op, p, 
-					mod_tmp->sml_desc, &val, ACL_WRITE ) ) {
+			if ( ! access_allowed( be, conn, op, e, 
+					desc, &val, ACL_WRITE ) ) {
 				Debug( LDAP_DEBUG_TRACE,
 					"ldbm_back_modrdn: access not allowed "
 					"to attr \"%s\"\n%s%s",