diff --git a/libraries/libldap/ldap-tls.h b/libraries/libldap/ldap-tls.h
index 9f01ddda12..669f87025b 100644
--- a/libraries/libldap/ldap-tls.h
+++ b/libraries/libldap/ldap-tls.h
@@ -34,7 +34,7 @@ typedef void (TI_ctx_free)(tls_ctx *ctx);
 typedef int (TI_ctx_init)(struct ldapoptions *lo, struct ldaptls *lt, int is_server);
 
 typedef tls_session *(TI_session_new)(tls_ctx *ctx, int is_server);
-typedef int (TI_session_connect)(LDAP *ld, tls_session *s);
+typedef int (TI_session_connect)(LDAP *ld, tls_session *s, const char *name_in);
 typedef int (TI_session_accept)(tls_session *s);
 typedef int (TI_session_upflags)(Sockbuf *sb, tls_session *s, int rc);
 typedef char *(TI_session_errmsg)(tls_session *s, int rc, char *buf, size_t len );
diff --git a/libraries/libldap/tls2.c b/libraries/libldap/tls2.c
index 72827a1a3b..d2107a51fb 100644
--- a/libraries/libldap/tls2.c
+++ b/libraries/libldap/tls2.c
@@ -376,7 +376,7 @@ ldap_int_tls_connect( LDAP *ld, LDAPConn *conn, const char *host )
 			lo->ldo_tls_connect_cb( ld, ssl, ctx, lo->ldo_tls_connect_arg );
 	}
 
-	err = tls_imp->ti_session_connect( ld, ssl );
+	err = tls_imp->ti_session_connect( ld, ssl, host );
 
 #ifdef HAVE_WINSOCK
 	errno = WSAGetLastError();
diff --git a/libraries/libldap/tls_g.c b/libraries/libldap/tls_g.c
index ef0f44e208..a1c0b49c60 100644
--- a/libraries/libldap/tls_g.c
+++ b/libraries/libldap/tls_g.c
@@ -420,7 +420,7 @@ tlsg_session_accept( tls_session *session )
 }
 
 static int
-tlsg_session_connect( LDAP *ld, tls_session *session )
+tlsg_session_connect( LDAP *ld, tls_session *session, const char *name_in )
 {
 	return tlsg_session_accept( session);
 }
diff --git a/libraries/libldap/tls_o.c b/libraries/libldap/tls_o.c
index d417ba2656..a9b0f539e6 100644
--- a/libraries/libldap/tls_o.c
+++ b/libraries/libldap/tls_o.c
@@ -524,12 +524,16 @@ tlso_session_new( tls_ctx *ctx, int is_server )
 }
 
 static int
-tlso_session_connect( LDAP *ld, tls_session *sess )
+tlso_session_connect( LDAP *ld, tls_session *sess, const char *name_in )
 {
 	tlso_session *s = (tlso_session *)sess;
+	int rc;
 
+#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
+	SSL_set_tlsext_host_name( s, name_in );
+#endif
 	/* Caller expects 0 = success, OpenSSL returns 1 = success */
-	int rc = SSL_connect( s ) - 1;
+	rc = SSL_connect( s ) - 1;
 	return rc;
 }