--- httpd-2.2.14-orig/modules/aaa/mod_authnz_ldap.c	2009-12-04 13:30:12.000000000 +0100
+++ httpd-2.2.14-orig/modules/aaa/mod_authnz_ldap.c	2009-12-04 14:31:36.000000000 +0100
@@ -75,11 +75,13 @@ 
                                         it's the exact string passed by the HTTP client */
 
     int secure;                     /* True if SSL connections are requested */
+    int bind_as_user;
 } authn_ldap_config_t;
 
 typedef struct {
     char *dn;                       /* The saved dn from a successful search */
     char *user;                     /* The username provided by the client */
+    char *pass;			    /* The password provided, needed for binding as user */
 } authn_ldap_request_t;
 
 /* maximum group elements supported */
@@ -308,6 +310,8 @@ 
     sec->remote_user_attribute = NULL;
     sec->compare_dn_on_server = 0;
 
+    sec->bind_as_user = 0;
+
     return sec;
 }
 
@@ -364,7 +368,7 @@ 
 
     /* There is a good AuthLDAPURL, right? */
     if (sec->host) {
-        ldc = util_ldap_connection_find(r, sec->host, sec->port,
+       	ldc = util_ldap_connection_find(r, sec->host, sec->port,
                                        sec->binddn, sec->bindpw, sec->deref,
                                        sec->secure);
     }
@@ -433,6 +437,9 @@ 
     /* mark the user and DN */
     req->dn = apr_pstrdup(r->pool, dn);
     req->user = apr_pstrdup(r->pool, user);
+    if (sec->bind_as_user) {
+    	req->pass = apr_pstrdup(r->pool, password);
+    }
     if (sec->user_is_dn) {
         r->user = req->dn;
     }
@@ -551,9 +558,18 @@ 
 
 
     if (sec->host) {
-        ldc = util_ldap_connection_find(r, sec->host, sec->port,
+	if(!sec->bind_as_user) {
+	        ldc = util_ldap_connection_find(r, sec->host, sec->port,
                                        sec->binddn, sec->bindpw, sec->deref,
                                        sec->secure);
+	} else {
+		ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
+			"[%" APR_PID_T_FMT "] auth_ldap authorise: binding as user %s", getpid(), req->user);
+		ldc = util_ldap_connection_find(r, sec->host, sec->port,
+					req->dn, req->pass, sec->deref,
+					sec->secure);
+		memset(req->pass, 0, strlen(req->pass));
+	}
         apr_pool_cleanup_register(r->pool, ldc,
                                   authnz_ldap_cleanup_connection_close,
                                   apr_pool_cleanup_null);
@@ -1114,6 +1130,11 @@ 
     AP_INIT_TAKE1("AuthLDAPCharsetConfig", set_charset_config, NULL, RSRC_CONF,
                   "Character set conversion configuration file. If omitted, character set"
                   "conversion is disabled."),
+   
+     AP_INIT_FLAG("AuthLDAPBindAsUser", ap_set_flag_slot,
+		  (void *)APR_OFFSETOF(authn_ldap_config_t, bind_as_user), OR_AUTHCFG,
+		  "Set to 'on' to use client provided credential to bind during the "
+		  "search phase instead of doing an anonymous bind"),
 
     {NULL}
 };