FWIW, this change in 2.1 broke the ability for our Heimdal LDAP backend to work out-of-the-box with OpenLDAP. We resolved this in the commercial version of the backend by adding support for SO_PEERCRED to SASL EXTERNAL, but that required a modification to OpenLDAP as well. -- Luke -- Luke Howard | PADL Software Pty Ltd | www.padl.com