--- ./modules/aaa/mod_authnz_ldap.c.debian-orig	2008-08-05 19:22:16.000000000 +0400
+++ ./modules/aaa/mod_authnz_ldap.c.debian-orig	2008-08-05 19:37:31.000000000 +0400
@@ -318,6 +318,36 @@ 
     return APR_SUCCESS;
 }
 
+/* add environment variables */
+static int /* remote_user_attribute_set */
+authnz_ldap_set_environment(request_rec *r, authn_ldap_config_t *sec,
+                            const char **vals)
+{
+    int remote_user_attribute_set = 0;
+
+    if (sec->attributes && vals) {
+        apr_table_t *e = r->subprocess_env;
+        int i = 0;
+        while (sec->attributes[i]) {
+            char *str = apr_pstrcat(r->pool, AUTHN_PREFIX, sec->attributes[i], NULL);
+            int j = sizeof(AUTHN_PREFIX)-1; /* string length of "AUTHENTICATE_", excluding the trailing NIL */
+            while (str[j]) {
+                str[j] = apr_toupper(str[j]);
+                j++;
+            }
+            apr_table_setn(e, str, vals[i]);
+
+            /* handle remote_user_attribute, if set */
+            if (sec->remote_user_attribute && 
+                !strcmp(sec->remote_user_attribute, sec->attributes[i])) {
+                r->user = (char *)apr_pstrdup(r->pool, vals[i]);
+                remote_user_attribute_set = 1;
+            }
+            i++;
+        }
+    }
+    return remote_user_attribute_set;
+}
 
 /*
  * Authentication Phase
@@ -438,27 +468,7 @@ 
     }
 
     /* add environment variables */
-    if (sec->attributes && vals) {
-        apr_table_t *e = r->subprocess_env;
-        int i = 0;
-        while (sec->attributes[i]) {
-            char *str = apr_pstrcat(r->pool, AUTHN_PREFIX, sec->attributes[i], NULL);
-            int j = sizeof(AUTHN_PREFIX)-1; /* string length of "AUTHENTICATE_", excluding the trailing NIL */
-            while (str[j]) {
-                str[j] = apr_toupper(str[j]);
-                j++;
-            }
-            apr_table_setn(e, str, vals[i]);
-
-            /* handle remote_user_attribute, if set */
-            if (sec->remote_user_attribute && 
-                !strcmp(sec->remote_user_attribute, sec->attributes[i])) {
-                r->user = (char *)apr_pstrdup(r->pool, vals[i]);
-                remote_user_attribute_set = 1;
-            }
-            i++;
-        }
-    }
+    remote_user_attribute_set |= authnz_ldap_set_environment(r, sec, vals);
 
     /* sanity check */
     if (sec->remote_user_attribute && !remote_user_attribute_set) {
@@ -596,6 +606,7 @@ 
             return sec->auth_authoritative? HTTP_UNAUTHORIZED : DECLINED;
         }
 
+        authnz_ldap_set_environment(r, sec, vals);
         req = (authn_ldap_request_t *)apr_pcalloc(r->pool,
             sizeof(authn_ldap_request_t));
         ap_set_module_config(r->request_config, &authnz_ldap_module, req);