$NetBSD$

--- lib/check.c.orig	2001-03-26 05:36:41.000000000 -0500
+++ lib/check.c
@@ -92,6 +92,7 @@ int	check_challenge(scep_t *scep) {
 	char		*challenge, *dn;
 	X509_NAME	*subject;
 	LDAP		*ldap = NULL;
+	int		version3 = 3, rc;
 
 	/* the clientreq field in the scep structure contains the 	*/
 	/* request, even for getcertinitial messages where the request	*/
@@ -135,10 +136,18 @@ int	check_challenge(scep_t *scep) {
 			__FILE__, __LINE__, dn);
 
 	/* connect to the ldap directory				*/
-	ldap = ldap_open(scep->l.ldaphost, scep->l.ldapport);
-	if (ldap == NULL) {
-		BIO_printf(bio_err, "%s:%d: cannot connect to %s:%d\n",
-			__FILE__, __LINE__, scep->l.ldaphost, scep->l.ldapport);
+	rc = ldap_initialize(&ldap, scep->l.ldapuri);
+	if (rc || ldap == NULL) {
+		BIO_printf(bio_err, "%s:%d: cannot initialize LDAP connection to %s: %s (%d)\n",
+			__FILE__, __LINE__, scep->l.ldapuri != NULL ? scep->l.ldapuri : "<DEFAULT>", ldap_err2string(rc), rc);
+		syslog(LOG_ERR, "%s:%d: cannot initialize LDAP connection to %s: %s (%d)\n",
+			__FILE__, __LINE__, scep->l.ldapuri != NULL ? scep->l.ldapuri : "<DEFAULT>", ldap_err2string(rc), rc);
+		goto err;
+        }
+	if (ldap_set_option(ldap, LDAP_OPT_PROTOCOL_VERSION, &version3) 
+		!= LDAP_OPT_SUCCESS ) {
+		BIO_printf(bio_err, "%s:%d: couldn't set LDAP protocol version 3\n",
+			__FILE__, __LINE__);
 		goto err;
 	}
 
