--- httpd-2.2.4_orig/modules/aaa/mod_authnz_ldap.c	2008-01-25 13:15:36.000000000 +0100
+++ httpd-2.2.4/modules/aaa/mod_authnz_ldap.c	2008-07-01 18:12:42.076029879 +0200
@@ -152,6 +152,39 @@
 }
 
 
+static char* authn_ldap_xlate_password(request_rec *r, const char* sent_password)
+{
+    char *password;
+    apr_xlate_t *convset = NULL;
+    apr_size_t inbytes;
+    apr_size_t outbytes;
+    char *outbuf;
+
+    if (sent_password != NULL) {
+        password = apr_pstrdup (r->pool, sent_password);
+    }
+    else
+        return NULL;
+
+    if (charset_conversions) {
+        convset = get_conv_set(r);
+    }
+
+    if (convset) {
+        inbytes = strlen(password);
+        outbytes = (inbytes+1)*3;
+        outbuf = apr_pcalloc(r->pool, outbytes);
+
+        /* Convert the user name to UTF-8.  This is only valid for LDAP v3 */
+        if (apr_xlate_conv_buffer(convset, password, &inbytes, outbuf, &outbytes) == APR_SUCCESS) {
+            return outbuf;
+        }
+    }
+
+    return password;
+}
+
+
 /*
  * Build the search filter, or at least as much of the search filter that
  * will fit in the buffer. We don't worry about the buffer not being able
@@ -341,6 +374,7 @@
     int result = 0;
     int remote_user_attribute_set = 0;
     const char *dn = NULL;
+    char *utfpassword;
 
     authn_ldap_request_t *req =
         (authn_ldap_request_t *)apr_pcalloc(r->pool, sizeof(authn_ldap_request_t));
@@ -394,9 +428,12 @@
     /* build the username filter */
     authn_ldap_build_filter(filtbuf, r, user, NULL, sec);
 
+    /* convert password to utf-8 */
+    utfpassword = authn_ldap_xlate_password(r, password);
+
     /* do the user search */
     result = util_ldap_cache_checkuserid(r, ldc, sec->url, sec->basedn, sec->scope,
-                                         sec->attributes, filtbuf, password, &dn, &vals);
+                                         sec->attributes, filtbuf, utfpassword, &dn, &vals);
     util_ldap_connection_close(ldc);
 
     /* sanity check - if server is down, retry it up to 5 times */