--- a/src/version.c
+++ b/src/version.c
@@ -98,9 +98,10 @@ dacs_component_versions(void)
 
 #ifdef ENABLE_LDAP_AUTH
   {
-#include "portable.h"
+#include <ldap.h>
+#include <ldap_features.h>
 
-	str = ds_xprintf("OpenLDAP %s", OPENLDAP_VERSION);
+	str = ds_xprintf("%s %d.%d.%d", LDAP_VENDOR_NAME, LDAP_VENDOR_VERSION_MAJOR, LDAP_VENDOR_VERSION_MINOR, LDAP_VENDOR_VERSION_PATCH);
 	dsvec_add_ptr(dsv, str);
   }
 #endif
--- a/src/Makefile.in
+++ b/src/Makefile.in
@@ -91,6 +91,8 @@ LIBDOBJECTS = expr.lo acslib.lo auth.lo
 	$(LOCAL_ROLES_LO) $(LOCAL_UNIX_ROLES_LO) $(LOCAL_INFOCARD_AUTH_LO) \
 	macosx_support.lo
 
+LIBLINK = -lcrypto -lcrypt -lexpat -lssl -ldl -lrt -lm
+
 # XXX Some might prefer to put local_* somewhere else, such as on a different
 # machine (same architecture!) or maybe in a different install directory
 # By convention, almost all DACS web services (CGIs) begin with the
@@ -745,11 +747,11 @@ else
 endif
 
 version.o:  version.c
-	$(COMPILE) $(APACHE_APR_DEFS) $(APACHE_INCLUDES) $(OPENLDAP_INCLUDES) \
+	$(COMPILE) $(APACHE_APR_DEFS) $(APACHE_INCLUDES) \
 		$(xmlsec1_cflags) -o $@ -c version.c
 
 version.lo: version.c
-	$(LTCOMPILE) $(APACHE_APR_DEFS) $(APACHE_INCLUDES) $(OPENLDAP_INCLUDES) \
+	$(LTCOMPILE) $(APACHE_APR_DEFS) $(APACHE_INCLUDES) \
 		$(xmlsec1_cflags) -o $@ -c version.c
 
 # It seems that this program must be statically linked for it to be
@@ -758,10 +760,10 @@ version.lo: version.c
 version:	version.c $(DACSLIBS) $(STATIC_LIB)
 ifeq ($(shared),reallyyes)
 	$(LTLINK) -DPROG version.c $(APACHE_APR_DEFS) $(APACHE_INCLUDES) \
-		$(OPENLDAP_INCLUDES) $(SHARED_LIB) $(xmlsec1_cflags) $(LTLFLAGS)
+		$(SHARED_LIB) $(xmlsec1_cflags) $(LTLFLAGS)
 else
 	$(LINK) -DPROG -o version version.c $(APACHE_APR_DEFS) $(APACHE_INCLUDES) \
-		$(OPENLDAP_INCLUDES) $(xmlsec1_cflags) $(LFLAGS)
+		$(xmlsec1_cflags) $(LFLAGS)
 endif
 
 admin:	admin.c $(DACSLIBS)
@@ -890,12 +892,19 @@ local_ntlm_auth.lo:	local_ntlm_auth.c
 endif
 
 ifeq (@enable_ldap_auth@, yes)
-local_ldap_auth: local_ldap_auth.c $(DACSLIBS)
+ldap/ldif.o: ldap/ldif.c
+	$(COMPILE) $(OPENLDAP_INCLUDES) -o $@ -c $<
+
+local_ldap_auth.o: local_ldap_auth.c
+	$(COMPILE) $(OPENLDAP_INCLUDES) -o $@ -c $<
+	
+
+local_ldap_auth: local_ldap_auth.o ldap/ldif.o $(DACSLIBS)
 ifeq ($(shared),yes)
-	$(LTLINK) -o local_ldap_auth $(OPENLDAP_INCLUDES) local_ldap_auth.c \
+	$(LTLINK) -o local_ldap_auth local_ldap_auth.o ldap/ldif.o \
 		$(OPENLDAP_LIBDIR) $(OPENLDAP_LIBS) $(SHARED_LIB) $(LTLFLAGS)
 else
-	$(LINK) -o local_ldap_auth $(OPENLDAP_INCLUDES) local_ldap_auth.c \
+	$(LINK) -o local_ldap_auth local_ldap_auth.o ldap/ldif.o \
 		$(OPENLDAP_LIBDIR) $(OPENLDAP_LIBS) $(LFLAGS)
 endif
 
@@ -1398,12 +1407,12 @@ dlmalloc.lo:	dlmalloc.c
 
 $(STATIC_LIB): $(LIBOBJECTS)
 	rm -f $(STATIC_LIB)
-	ar crv $(STATIC_LIB) $(LIBOBJECTS)
+	ar crv $(STATIC_LIB) $(LIBOBJECTS) 
 	$(RANLIB) $(STATIC_LIB)
 
 $(SHARED_LIB): $(LIBDOBJECTS)
 	rm -f $(SHARED_LIB)
-	$(LTLINKLIB) $(LIBDOBJECTS)
+	$(LTLINKLIB) $(LIBDOBJECTS) $(LIBLINK)
 
 .c.o:
 	$(COMPILE) -o $@ -c $<
@@ -1459,7 +1468,7 @@ else
 endif
 
 clean:
-	@rm -f *.exe *.o *.lo *.a *.la a.out auth core *.core
+	@rm -f *.exe *.o *.lo *.a *.la a.out auth core *.core ldap/*.o
     # For MAC OS X
 	@rm -r -f *.dSYM
 	@rm -f $(DSSOBJECTS) $(LIBDSS)
--- a/src/configure.ac
+++ b/src/configure.ac
@@ -133,7 +133,6 @@ fi
 # AC_PROG_CC will set CFLAGS if it is not already set
 AC_PROG_CC
 AC_PROG_LN_S
-AC_PROG_RANLIB
 AC_PROG_LIBTOOL
 AC_PROG_INSTALL
 AC_CHECK_PROGS(LN, ln)
@@ -232,6 +231,8 @@ AC_CHECK_LIB([rt], [clock_gettime])
 AC_CHECK_LIB([sasl2], [sasl_getprop], [sasl2_lib=-lsasl2], [sasl2_lib=no])
 AC_CHECK_LIB([termcap], [tgetent], [term_lib=-ltermcap], [termcap_lib=no])
 AC_CHECK_LIB([termlib], [tgetent], [term_lib=-ltermlib], [termlib_lib=no])
+AC_CHECK_LIB([lber], [ber_str2bv], [lber_lib=-llber], [lber_lib=no])
+AC_CHECK_LIB([ldap], [ldap_bind_s], [ldap_lib=-lldap], [ldap_lib=no])
 
 AC_SEARCH_LIBS(crypt, [crypt])
 
@@ -1456,39 +1457,26 @@ AC_SUBST(enable_ldap_auth)
 AC_MSG_RESULT([$enable_ldap_auth])
 
 if test "x$enable_ldap_auth" = xyes; then
-  AC_MSG_CHECKING([for OpenLDAP source directory])
-  AC_ARG_WITH(ldap,
-    [AC_HELP_STRING([--with-ldap=DIR],[Location of OpenLDAP source files])],
-    [
-        # Check the specified location only
-        ldapsrcdir="$withval"
-    ],
-    [
-        ldapsrcdir=""
-    ])
-
-  if test -z "$ldapsrcdir" -o ! -f "$ldapsrcdir/include/ldif.h"; then
-    AC_MSG_RESULT([Not found])
-    echo
-    echo "You must provide the full pathname for your OpenLDAP source directory"
-    echo "Use the --with-ldap option to fix this problem"
-    echo
-    exit 1
-  else
-    AC_MSG_RESULT([$ldapsrcdir])
-    ldapsrc_includedir="$ldapsrcdir/include"
-    AC_SUBST(ldapsrcdir)
-    AC_SUBST(ldapsrc_includedir)
-  fi
-
-  AC_MSG_CHECKING([if sasl2 library is available for OpenLDAP])
+  AC_MSG_CHECKING([if sasl2 library is available])
   if test "$sasl2_lib" != "no"; then
     openldap_libs="$sasl2_lib"
   else
     openldap_libs=
   fi
-
   AC_MSG_RESULT([$sasl2_lib])
+
+  AC_MSG_CHECKING([if ldap library is available])
+  if test "$ldap_lib" != "no"; then
+    openldap_libs="$openldap_libs $ldap_lib"
+  fi
+  AC_MSG_RESULT([$ldap_lib])
+
+  AC_MSG_CHECKING([if lber library is available])
+  if test "$lber_lib" != "no"; then
+    openldap_libs="$openldap_libs $lber_lib"
+  fi
+  AC_MSG_RESULT([$lber_lib])
+
   AC_SUBST(openldap_libs)
 fi
 
--- /dev/null
+++ b/src/autogen.sh
@@ -0,0 +1,27 @@
+#!/bin/sh
+#
+# autogen.sh glue for hplip
+#
+# HPLIP used to have five or so different autotools trees.  Upstream
+# has reduced it to two.  Still, this script is capable of cleaning
+# just about any possible mess of autoconf files.
+#
+# BE CAREFUL with trees that are not completely automake-generated,
+# this script deletes all Makefile.in files it can find.
+#
+# Requires: automake 1.9, autoconf 2.57+
+# Conflicts: autoconf 2.13
+set -e
+
+# Refresh GNU autotools toolchain.
+echo Cleaning autotools files...
+find -type d -name autom4te.cache -print0 | xargs -0 rm -rf \;
+find -type f \( -name missing -o -name install-sh -o -name mkinstalldirs \
+	-o -name depcomp -o -name ltmain.sh -o -name configure \
+	-o -name config.sub -o -name config.guess \
+	\) -print0 | xargs -0 rm -f
+
+echo Running autoreconf...
+autoreconf --force --install
+
+exit 0
--- a/src/defs.mk.in
+++ b/src/defs.mk.in
@@ -9,9 +9,13 @@ top_srcdir = @top_srcdir@
 prefix = @prefix@
 exec_prefix = @exec_prefix@
 bindir = @bindir@
+sbindir = @sbindir@
 libdir = @libdir@
 includedir = @includedir@
 mandir = @mandir@
+sysconfdir = @sysconfdir@
+localstatedir = @localstatedir@
+datarootdir = @datarootdir@
 
 omit_apache=@omit_apache@
 
@@ -19,14 +23,14 @@ dacs_conf = @dacs_conf@
 dacs_home = @dacs_home@
 federations_root = @federations_root@
 
-dacs_aclsdir = $(dacs_home)/acls
-dacs_bindir = $(dacs_home)/bin
-dacs_etcdir = $(dacs_home)/etc
-dacs_libdir = $(dacs_home)/lib
-dacs_logsdir = $(dacs_home)/logs
-dacs_sbindir = $(dacs_home)/sbin
-dacs_tmpdir = $(dacs_home)/tmp
-dacs_wwwdir = $(dacs_home)/www
+dacs_aclsdir = $(sysconfdir)/acls
+dacs_bindir = $(bindir)
+dacs_libdir = $(libdir)
+dacs_sbindir = $(sbindir)
+dacs_etcdir = $(sysconfdir)
+dacs_wwwdir = $(datarootdir)/dacs
+dacs_tmpdir = $(localstatedir)/tmp
+dacs_logsdir = $(localstatedir)/log/dacs
 
 dacs_federations_root = $(federations_root)
 
@@ -40,7 +44,7 @@ dacs_wwwmoddir = $(dacs_wwwdir)/mod
 dacs_wwwmandir = $(dacs_wwwdir)/man
 dacs_wwwmiscdir = $(dacs_wwwdir)/misc
 
-dacs_perllibdir = $(libdir)/perl
+dacs_perllibdir = $(datarootdir)/perl5
 
 man1dir = $(mandir)/man1
 man3dir = $(mandir)/man3
@@ -305,10 +309,10 @@ ifeq (@enable_ldap_auth@, yes)
 LOCAL_LDAP_AUTH=local_ldap_auth
 LOCAL_LDAP_ROLES=local_ldap_roles
 LOCAL_LDAP_AUTH_C=local_ldap_auth.c
-OPENLDAP_INCLUDES=-DBUILDING_LOCAL_LDAP_AUTH -I@ldapsrc_includedir@
+OPENLDAP_INCLUDES=-DBUILDING_LOCAL_LDAP_AUTH -I@ldapsrc_includedir@ -Ildap
 #OPENLDAP_LIBDIR=-L@ldapsrcdir@/libraries
 OPENLDAP_LIBDIR=
-OPENLDAP_LIBS=@ldapsrcdir@/libraries/liblutil/liblutil.a @ldapsrcdir@/libraries/libldap/.libs/libldap.a @ldapsrcdir@/libraries/liblber/.libs/liblber.a @openldap_libs@
+OPENLDAP_LIBS=-llber -lldap @openldap_libs@
 else
 LOCAL_LDAP_AUTH=
 LOCAL_LDAP_ROLES=
--- /dev/null
+++ b/src/ldap/LICENSE
@@ -0,0 +1,47 @@
+The OpenLDAP Public License
+  Version 2.8, 17 August 2003
+
+Redistribution and use of this software and associated documentation
+("Software"), with or without modification, are permitted provided
+that the following conditions are met:
+
+1. Redistributions in source form must retain copyright statements
+   and notices,
+
+2. Redistributions in binary form must reproduce applicable copyright
+   statements and notices, this list of conditions, and the following
+   disclaimer in the documentation and/or other materials provided
+   with the distribution, and
+
+3. Redistributions must contain a verbatim copy of this document.
+
+The OpenLDAP Foundation may revise this license from time to time.
+Each revision is distinguished by a version number.  You may use
+this Software under terms of this license revision or under the
+terms of any subsequent revision of the license.
+
+THIS SOFTWARE IS PROVIDED BY THE OPENLDAP FOUNDATION AND ITS
+CONTRIBUTORS ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES,
+INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT
+SHALL THE OPENLDAP FOUNDATION, ITS CONTRIBUTORS, OR THE AUTHOR(S)
+OR OWNER(S) OF THE SOFTWARE BE LIABLE FOR ANY DIRECT, INDIRECT,
+INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGE.
+
+The names of the authors and copyright holders must not be used in
+advertising or otherwise to promote the sale, use or other dealing
+in this Software without specific, written prior permission.  Title
+to copyright in this Software shall at all times remain with copyright
+holders.
+
+OpenLDAP is a registered trademark of the OpenLDAP Foundation.
+
+Copyright 1999-2003 The OpenLDAP Foundation, Redwood City,
+California, USA.  All Rights Reserved.  Permission to copy and
+distribute verbatim copies of this document is granted.
--- /dev/null
+++ b/src/ldap/ldif.h
@@ -0,0 +1,100 @@
+/* ldif.h - routines for dealing with LDIF files */
+
+/* Taken from OpenLDAP and adopted for use in DACS
+ *
+ * Copyright 2009 Dembach Goo Informatik
+ *                Bernd Zeimetz <bze@dg-i.net>
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+*/
+
+
+
+/* $OpenLDAP: pkg/ldap/include/ldif.h,v 1.31.2.4 2009/01/22 00:00:52 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2009 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1996 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the University
+ * may not be used to endorse or promote products derived from this
+ * software without specific prior written permission. This software
+ * is provided ``as is'' without express or implied warranty.
+ */
+
+#ifndef _LDIF_H
+#define _LDIF_H
+
+#include <ldap_cdefs.h>
+#include <lber.h>
+
+LDAP_BEGIN_DECL
+
+// /* This is NOT a bogus extern declaration (unlike ldap_debug) */
+// LDAP_LDIF_V (int) ldif_debug;
+
+#define LDIF_LINE_WIDTH      76      /* maximum length of LDIF lines */
+
+/*
+ * Macro to calculate maximum number of bytes that the base64 equivalent
+ * of an item that is "len" bytes long will take up.  Base64 encoding
+ * uses one byte for every six bits in the value plus up to two pad bytes.
+ */
+#define LDIF_BASE64_LEN(len)	(((len) * 4 / 3 ) + 3)
+
+/*
+ * Macro to calculate maximum size that an LDIF-encoded type (length
+ * tlen) and value (length vlen) will take up:  room for type + ":: " +
+ * first newline + base64 value + continued lines.  Each continued line
+ * needs room for a newline and a leading space character.
+ */
+#define LDIF_SIZE_NEEDED(nlen,vlen) \
+    ((nlen) + 4 + LDIF_BASE64_LEN(vlen) \
+    + ((LDIF_BASE64_LEN(vlen) + (nlen) + 3) / LDIF_LINE_WIDTH * 2 ))
+
+
+#define LDIF_PUT_NOVALUE	0x0000	/* no value */
+#define LDIF_PUT_VALUE		0x0001	/* value w/ auto detection */
+#define LDIF_PUT_TEXT		0x0002	/* assume text */
+#define	LDIF_PUT_BINARY		0x0004	/* assume binary (convert to base64) */
+#define LDIF_PUT_B64		0x0008	/* pre-converted base64 value */
+
+#define LDIF_PUT_COMMENT	0x0010	/* comment */
+#define LDIF_PUT_URL		0x0020	/* url */
+#define LDIF_PUT_SEP		0x0040	/* separator */
+
+LDAP_LDIF_F( void )
+ldif_sput LDAP_P((
+	char **out,
+	int type,
+	LDAP_CONST char *name,
+	LDAP_CONST char *val,
+	ber_len_t vlen ));
+
+LDAP_LDIF_F( char * )
+ldif_put LDAP_P((
+	int type,
+	LDAP_CONST char *name,
+	LDAP_CONST char *val,
+	ber_len_t vlen ));
+
+#endif /* _LDIF_H */
--- /dev/null
+++ b/src/ldap/ldif.c
@@ -0,0 +1,350 @@
+/* ldif.c - routines for dealing with LDIF files */
+
+/* Taken from OpenLDAP and adopted for use in DACS
+ *
+ * Copyright 2009 Dembach Goo Informatik
+ *                Bernd Zeimetz <bze@dg-i.net>
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+*/
+
+/* $OpenLDAP: pkg/ldap/libraries/liblutil/ldif.c,v 1.15.2.7 2009/01/22 00:00:58 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2009 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1992-1996 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor.  The name of the
+ * University may not be used to endorse or promote products derived
+ * from this software without specific prior written permission.  This
+ * software is provided ``as is'' without express or implied warranty.
+ */
+/* This work was originally developed by the University of Michigan
+ * and distributed as part of U-MICH LDAP.
+ */
+
+static const char *log_module_name = "ldif";
+#include "log.h"
+
+#include <stdio.h>
+#include <assert.h>
+
+#include "ldif.h"
+
+#define LDAP_DEBUG_ANY		-1
+
+#ifdef CSRIMALLOC
+#define ber_memalloc malloc
+#define ber_memcalloc calloc
+#define ber_memrealloc realloc
+#define ber_strdup strdup
+#endif
+
+static const char nib2b64[0x40] =
+        "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
+
+/*
+ * name and OID of attributeTypes that must be base64 encoded in any case
+ */
+typedef struct must_b64_encode_s {
+	struct berval	name;
+	struct berval	oid;
+} must_b64_encode_s;
+
+#define ber_bvstrcasecmp(v1,v2) \
+        ((v1)->bv_len < (v2)->bv_len \
+                ? -1 : ((v1)->bv_len > (v2)->bv_len \
+                        ? 1 : strncasecmp((v1)->bv_val, (v2)->bv_val, (v1)->bv_len) ))
+
+#define STRLENOF(s)		(sizeof(s)-1)
+#define BER_BVISNULL(bv)        ((bv)->bv_val == NULL)
+#define BER_BVNULL              { 0L, NULL }
+#define BER_BVC(s)              { STRLENOF(s), (char *)(s) }
+static must_b64_encode_s	default_must_b64_encode[] = {
+	{ BER_BVC( "userPassword" ), BER_BVC( "2.5.4.35" ) },
+	{ BER_BVNULL, BER_BVNULL }
+};
+
+static must_b64_encode_s	*must_b64_encode = default_must_b64_encode;
+
+
+/*
+ * returns 1 iff the string corresponds to the name or the OID of any 
+ * of the attributeTypes listed in must_b64_encode
+ */
+static int
+ldif_must_b64_encode( LDAP_CONST char *s )
+{
+	int		i;
+	struct berval	bv;
+
+	assert( must_b64_encode != NULL );
+	assert( s != NULL );
+
+	ber_str2bv( s, 0, 0, &bv );
+
+	for ( i = 0; !BER_BVISNULL( &must_b64_encode[i].name ); i++ ) {
+		if ( ber_bvstrcasecmp( &must_b64_encode[i].name, &bv ) == 0
+			|| ber_bvcmp( &must_b64_encode[i].oid, &bv ) == 0 )
+		{
+			return 1;
+		}
+	}
+
+	return 0;
+}
+
+/* compatibility with U-Mich off by one bug */
+#define LDIF_KLUDGE 1
+
+void
+ldif_sput(
+	char **out,
+	int type,
+	LDAP_CONST char *name,
+	LDAP_CONST char *val,
+	ber_len_t vlen )
+{
+	const unsigned char *byte, *stop;
+	unsigned char	buf[3];
+	unsigned long	bits;
+	char		*save;
+	int		pad;
+	int		namelen = 0;
+
+	ber_len_t savelen;
+	ber_len_t len=0;
+	ber_len_t i;
+
+	/* prefix */
+	switch( type ) {
+	case LDIF_PUT_COMMENT:
+		*(*out)++ = '#';
+		len++;
+
+		if( vlen ) {
+			*(*out)++ = ' ';
+			len++;
+		}
+
+		break;
+
+	case LDIF_PUT_SEP:
+		*(*out)++ = '\n';
+		return;
+	}
+
+	/* name (attribute type) */
+	if( name != NULL ) {
+		/* put the name + ":" */
+		namelen = strlen(name);
+		strcpy(*out, name);
+		*out += namelen;
+		len += namelen;
+
+		if( type != LDIF_PUT_COMMENT ) {
+			*(*out)++ = ':';
+			len++;
+		}
+
+	}
+#ifdef LDAP_DEBUG
+	else {
+		assert( type == LDIF_PUT_COMMENT );
+	}
+#endif
+
+	if( vlen == 0 ) {
+		*(*out)++ = '\n';
+		return;
+	}
+
+	switch( type ) {
+	case LDIF_PUT_NOVALUE:
+		*(*out)++ = '\n';
+		return;
+
+	case LDIF_PUT_URL: /* url value */
+		*(*out)++ = '<';
+		len++;
+		break;
+
+	case LDIF_PUT_B64: /* base64 value */
+		*(*out)++ = ':';
+		len++;
+		break;
+	}
+
+	switch( type ) {
+	case LDIF_PUT_TEXT:
+	case LDIF_PUT_URL:
+	case LDIF_PUT_B64:
+		*(*out)++ = ' ';
+		len++;
+		/* fall-thru */
+
+	case LDIF_PUT_COMMENT:
+		/* pre-encoded names */
+		for ( i=0; i < vlen; i++ ) {
+			if ( len > LDIF_LINE_WIDTH ) {
+				*(*out)++ = '\n';
+				*(*out)++ = ' ';
+				len = 1;
+			}
+
+			*(*out)++ = val[i];
+			len++;
+		}
+		*(*out)++ = '\n';
+		return;
+	}
+
+	save = *out;
+	savelen = len;
+
+	*(*out)++ = ' ';
+	len++;
+
+	stop = (const unsigned char *) (val + vlen);
+
+	if ( type == LDIF_PUT_VALUE
+		&& isgraph( (unsigned char) val[0] ) && val[0] != ':' && val[0] != '<'
+		&& isgraph( (unsigned char) val[vlen-1] )
+#ifndef LDAP_BINARY_DEBUG
+		&& strstr( name, ";binary" ) == NULL
+#endif
+#ifndef LDAP_PASSWD_DEBUG
+		&& !ldif_must_b64_encode( name )
+#endif
+	) {
+		int b64 = 0;
+
+		for ( byte = (const unsigned char *) val; byte < stop;
+		    byte++, len++ )
+		{
+			if ( !isascii( *byte ) || !isprint( *byte ) ) {
+				b64 = 1;
+				break;
+			}
+			if ( len > LDIF_LINE_WIDTH+LDIF_KLUDGE ) {
+				*(*out)++ = '\n';
+				*(*out)++ = ' ';
+				len = 1;
+			}
+			*(*out)++ = *byte;
+		}
+
+		if( !b64 ) {
+			*(*out)++ = '\n';
+			return;
+		}
+	}
+
+	*out = save;
+	*(*out)++ = ':';
+	*(*out)++ = ' ';
+	len = savelen + 2;
+
+	/* convert to base 64 (3 bytes => 4 base 64 digits) */
+	for ( byte = (const unsigned char *) val;
+		byte < stop - 2;
+	    byte += 3 )
+	{
+		bits = (byte[0] & 0xff) << 16;
+		bits |= (byte[1] & 0xff) << 8;
+		bits |= (byte[2] & 0xff);
+
+		for ( i = 0; i < 4; i++, len++, bits <<= 6 ) {
+			if ( len > LDIF_LINE_WIDTH+LDIF_KLUDGE ) {
+				*(*out)++ = '\n';
+				*(*out)++ = ' ';
+				len = 1;
+			}
+
+			/* get b64 digit from high order 6 bits */
+			*(*out)++ = nib2b64[ (bits & 0xfc0000L) >> 18 ];
+		}
+	}
+
+	/* add padding if necessary */
+	if ( byte < stop ) {
+		for ( i = 0; byte + i < stop; i++ ) {
+			buf[i] = byte[i];
+		}
+		for ( pad = 0; i < 3; i++, pad++ ) {
+			buf[i] = '\0';
+		}
+		byte = buf;
+		bits = (byte[0] & 0xff) << 16;
+		bits |= (byte[1] & 0xff) << 8;
+		bits |= (byte[2] & 0xff);
+
+		for ( i = 0; i < 4; i++, len++, bits <<= 6 ) {
+			if ( len > LDIF_LINE_WIDTH+LDIF_KLUDGE ) {
+				*(*out)++ = '\n';
+				*(*out)++ = ' ';
+				len = 1;
+			}
+
+			if( i + pad < 4 ) {
+				/* get b64 digit from low order 6 bits */
+				*(*out)++ = nib2b64[ (bits & 0xfc0000L) >> 18 ];
+			} else {
+				*(*out)++ = '=';
+			}
+		}
+	}
+	*(*out)++ = '\n';
+}
+
+
+/*
+ * ldif_type_and_value return BER malloc'd, zero-terminated LDIF line
+ */
+char *
+ldif_put(
+	int type,
+	LDAP_CONST char *name,
+	LDAP_CONST char *val,
+	ber_len_t vlen )
+{
+    char	*buf, *p;
+    ber_len_t nlen;
+
+    nlen = ( name != NULL ) ? strlen( name ) : 0;
+
+	buf = (char *) ber_memalloc( LDIF_SIZE_NEEDED( nlen, vlen ) + 1 );
+
+    if ( buf == NULL ) {
+		log_msg((LOG_ERROR_LEVEL,
+			"ldif_put: ber_memalloc failed!"));
+		return NULL;
+    }
+
+    p = buf;
+    ldif_sput( &p, type, name, val, vlen );
+    *p = '\0';
+
+    return( buf );
+}
+
+
