diff --git a/selftest/knownfail.d/acl-spn-delete b/selftest/knownfail.d/acl-spn-delete
deleted file mode 100644
index 32018413c49..00000000000
--- a/selftest/knownfail.d/acl-spn-delete
+++ /dev/null
@@ -1 +0,0 @@
-^samba4.ldap.acl.python.*__main__.AclSPNTests.test_delete_disallowed_spn\(
diff --git a/source4/dsdb/samdb/ldb_modules/acl.c b/source4/dsdb/samdb/ldb_modules/acl.c
index 21e83276bfd..8016a2d4bd0 100644
--- a/source4/dsdb/samdb/ldb_modules/acl.c
+++ b/source4/dsdb/samdb/ldb_modules/acl.c
@@ -734,8 +734,9 @@ static int acl_check_spn(TALLOC_CTX *mem_ctx,
 		 * If not add or replace (eg delete),
 		 * return success
 		 */
-		if ((el->flags
-		     & (LDB_FLAG_MOD_ADD|LDB_FLAG_MOD_REPLACE)) == 0) {
+		if (LDB_FLAG_MOD_TYPE(el->flags) != LDB_FLAG_MOD_ADD &&
+		    LDB_FLAG_MOD_TYPE(el->flags) != LDB_FLAG_MOD_REPLACE)
+		{
 			talloc_free(tmp_ctx);
 			return LDB_SUCCESS;
 		}