diff -Nrau courier-imap-3.0.2.orig/authlib/authldaplib.c courier-imap-3.0.2/authlib/authldaplib.c
--- courier-imap-3.0.2.orig/authlib/authldaplib.c	2004-01-19 21:34:09.000000000 +0200
+++ courier-imap-3.0.2/authlib/authldaplib.c	2004-06-25 12:49:59.410816703 +0200
@@ -676,10 +676,10 @@
 */
 static int enable_tls_on(LDAP *conn) {
 #if HAVE_LDAP_TLS
-	int version;
+//	int version;
 	int ldrc;
 
-	if (ldaperror(ldrc=ldap_get_option (conn,
+/*	if (ldaperror(ldrc=ldap_get_option (conn,
 				    LDAP_OPT_PROTOCOL_VERSION,
 				    &version))
 	    != LDAP_SUCCESS)
@@ -699,7 +699,7 @@
 		(void)ldap_set_option (conn,
 				       LDAP_OPT_PROTOCOL_VERSION,
 				       &version);
-	}
+	}*/
 
 	if (ldaperror(ldrc=ldap_start_tls_s(conn, NULL, NULL))
 	    != LDAP_SUCCESS)
@@ -754,7 +754,10 @@
 
 static int ldapopen()
 {
-int     ldrc;
+	int ldrc;
+	int curversion;
+	int wantversion;
+	char *confversion = NULL;
 
 	if (my_ldap_fp)	return (0);
 
@@ -768,6 +771,91 @@
 		return (1);
 	}
 
+	read_env("LDAP_PROTOVER", &confversion, "", 0, NULL);
+	if(confversion)
+	{
+		char *errpnt;
+		wantversion = strtol(confversion, &errpnt, 0);
+		if(*errpnt)
+		{
+#if HAVE_SYSLOG_H
+			syslog(LOG_DAEMON|LOG_ERR,
+					"\"%s\" not a valid integer for LDAP_PROTOVER, "
+					"defaulting to %d.",
+					confversion, LDAP_VERSION_MAX);
+#else
+			fprintf(stderr,
+					"\"%s\" not a valid integer for LDAP_PROTOVER, "
+					"defaulting to %d.",
+					confversion, LDAP_VERSION_MAX);
+#endif
+		}
+		else if(wantversion > LDAP_VERSION_MAX)
+		{
+#if HAVE_SYSLOG_H
+			syslog(LOG_DAEMON|LOG_WARNING,
+					"protocol version %d is not supported, "
+					"max protocol version supported is %d.",
+					wantversion, LDAP_VERSION_MAX);
+#else
+			fprintf(stderr,
+					"protocol version %d is not supported, "
+					"max protocol version supported is %d.\n",
+					wantversion, LDAP_VERSION_MAX);	
+#endif
+			wantversion = LDAP_VERSION_MAX;
+		}
+		else if(wantversion < LDAP_VERSION_MIN)
+		{
+#if HAVE_SYSLOG_H
+			syslog(LOG_DAEMON|LOG_WARNING,
+					"protocol version %d is not supported, "
+					"min protocol version supported is %d.",
+					wantversion, LDAP_VERSION_MIN);
+#else
+			fprintf(stderr,
+					"protocol version %d is not supported, "
+					"min protocol version supported is %d.\n",
+					wantversion, LDAP_VERSION_MIN);	
+#endif
+			wantversion = LDAP_VERSION_MIN;
+		}
+	}
+	else
+		wantversion = LDAP_VERSION_MAX;
+	
+	if (ldaperror(ldrc=ldap_get_option (my_ldap_fp,
+				    LDAP_OPT_PROTOCOL_VERSION,
+				    &curversion))
+	    != LDAP_SUCCESS)
+	{
+		const char *s=ldap_err2string(ldrc);
+
+#if	HAVE_SYSLOG_H
+		syslog(LOG_DAEMON|LOG_WARNING,
+		       "ldap_get_option failed: %s", s);
+#endif
+		curversion = -1; // force a set_option.
+	}
+	
+	if((curversion != wantversion) && 
+			ldap_set_option (my_ldap_fp,
+			       LDAP_OPT_PROTOCOL_VERSION,
+			       &wantversion) != LDAP_SUCCESS)
+	{
+#if HAVE_SYSLOG_H
+		syslog(LOG_DAEMON|LOG_ERR,
+				"error changing protocol version from %d to %d, "
+				"attempting to continue.",
+				curversion, wantversion);
+#else
+		fprintf(stderr,
+				"error changing protocol version from %d to %d, "
+				"attempting to continue.\n",
+				curversion, wantversion);
+#endif
+	}
+
 #if HAVE_LDAP_TLS
 	if (my_ldap.tls && enable_tls_on(my_ldap_fp))
 	{
diff -Nrau courier-imap-3.0.2.orig/authlib/authldaprc courier-imap-3.0.2/authlib/authldaprc
--- courier-imap-3.0.2.orig/authlib/authldaprc	2004-01-19 21:34:09.000000000 +0200
+++ courier-imap-3.0.2/authlib/authldaprc	2004-06-25 11:55:16.000000000 +0200
@@ -29,6 +29,12 @@
 LDAP_SERVER		ldap.example.com
 LDAP_PORT		389
 
+##NAME: PROTOCOL_VERSION:0
+#
+# Protocol version to be used
+
+LDAP_PROTOVER	3
+
 ##NAME: LDAP_BASEDN:0
 #
 # Look for authentication here: