Ticket 47752 - Don't add unhashed password mod if we don't have an unhashed value

When performing a modify operation to replace the userpassword with a pre-hashed
value, the modify code adds a LDAPMod that replaces the "unhashed#user#password"
attribute with no values. While this doesn't cause any harm inside DS itself, it
is not the correct behavior. We should only add a LDAPMod for the unhashed password
if we actually have an unhashed value available.

https://fedorahosted.org/389/ticket/47752

Reviewed by [email protected]

ldap/servers/slapd/modify.c

@@ -975,10 +975,10 @@ static void op_shared_modify (Slapi_PBlock *pb, int pw_change, char *old_pw)
 			} else {
 				/* add pseudo password attribute */
 				valuearray_init_bervalarray_unhashed_only(pw_mod->mod_bvalues, &va);
-				if(va){
+				if(va && va[0]){
 					slapi_mods_add_mod_values(&smods, pw_mod->mod_op, unhashed_pw_attr, va);
-					valuearray_free(&va);
 				}
+                                valuearray_free(&va);
 			}
 
 			/* Init new value array for hashed value */