ITS#9863 - Forward lastbind updates if configured

Mark lastbind operations as being on the frontendDB so that chaining configurations are honored.

Make pwdLastSuccess flag SLAP_AT_MANAGEABLE

servers/slapd/back-ldap/bind.c

@@ -1417,7 +1417,7 @@ retry_lock:;
 				sb->sb_realm.bv_val,
 				sb->sb_authcId.bv_val,
 				sb->sb_cred.bv_val,
-				NULL );
+				sb->sb_authzId.bv_val );
 		if ( defaults == NULL ) {
 			rs->sr_err = LDAP_OTHER;
 			LDAP_BACK_CONN_ISBOUND_CLEAR( lc );

servers/slapd/bind.c

@@ -472,9 +472,6 @@ fe_op_lastbind( Operation *op )
 	op2.o_dn = op->o_bd->be_rootdn;
 	op2.o_ndn = op->o_bd->be_rootndn;
 
-	/*
-	 * TODO: this is core+frontend, not everything works the same way?
-	 */
 	/*
 	 * Code for forwarding of updates adapted from ppolicy.c of slapo-ppolicy
 	 *
@@ -485,6 +482,8 @@ fe_op_lastbind( Operation *op )
 	 * must be configured appropriately for this to be useful.
 	 */
 	if ( SLAP_SHADOW( op->o_bd ) ) {
+		op2.o_bd = frontendDB;
+
 		/* Must use Relax control since these are no-user-mod */
 		op2.o_relax = SLAP_CONTROL_CRITICAL;
 		op2.o_ctrls = ca;

servers/slapd/schema_prep.c

@@ -1028,7 +1028,7 @@ static struct slap_schema_ad_map {
 			"SINGLE-VALUE "
 			"NO-USER-MODIFICATION "
 			"USAGE directoryOperation )",
-		NULL, 0,
+		NULL, SLAP_AT_MANAGEABLE,
 		NULL, NULL,
 		NULL, NULL, NULL, NULL, NULL,
 		offsetof(struct slap_internal_schema, si_ad_pwdLastSuccess) },