diff --git a/servers/lloadd/bind.c b/servers/lloadd/bind.c
index c0061f9f40..1006e010da 100644
--- a/servers/lloadd/bind.c
+++ b/servers/lloadd/bind.c
@@ -255,7 +255,7 @@ client_bind( void *ctx, void *arg )
     }
 
     op->o_upstream = upstream;
-    if ( upstream->c_features & SLAP_C_VC ) {
+    if ( lload_features & LLOAD_FEATURE_VC ) {
         rc = request_bind_as_vc( op );
     } else {
         rc = request_bind( op );
diff --git a/servers/lloadd/config.c b/servers/lloadd/config.c
index 8537d786c2..241c7220a1 100644
--- a/servers/lloadd/config.c
+++ b/servers/lloadd/config.c
@@ -69,6 +69,8 @@ char *global_host = NULL;
 static FILE *logfile;
 static char *logfileName;
 
+lload_features_t lload_features;
+
 ber_len_t sockbuf_max_incoming = SLAP_SB_MAX_INCOMING_DEFAULT;
 ber_len_t sockbuf_max_incoming_auth = SLAP_SB_MAX_INCOMING_AUTH;
 
@@ -104,6 +106,7 @@ static ConfigDriver config_tcp_buffer;
 static ConfigDriver config_restrict;
 static ConfigDriver config_loglevel;
 static ConfigDriver config_include;
+static ConfigDriver config_feature;
 #ifdef HAVE_TLS
 static ConfigDriver config_tls_option;
 static ConfigDriver config_tls_config;
@@ -227,6 +230,10 @@ static ConfigTable config_back_cf_table[] = {
         ARG_INT|ARG_MAGIC|CFG_RESCOUNT,
         &config_generic,
     },
+    { "feature", "name", 2, 0, 0,
+        ARG_MAGIC,
+        &config_feature,
+    },
     { "TLSCACertificate", NULL, 2, 2, 0,
 #ifdef HAVE_TLS
         CFG_TLS_CACERT|ARG_BINARY|ARG_MAGIC,
@@ -1014,6 +1021,27 @@ config_include( ConfigArgs *c )
     return rc;
 }
 
+static int
+config_feature( ConfigArgs *c )
+{
+    slap_verbmasks features[] = {
+        { BER_BVC("vc"), LLOAD_FEATURE_VC },
+        { BER_BVC("proxyauthz"), LLOAD_FEATURE_PROXYAUTHZ },
+        { BER_BVNULL, 0 }
+    };
+    slap_mask_t mask = 0;
+    int i;
+
+    i = verbs_to_mask( c->argc, c->argv, features, &mask );
+    if ( i ) {
+        Debug( LDAP_DEBUG_ANY, "%s: <%s> unknown feature %s\n", c->log,
+                c->argv[0], c->argv[i] );
+        return 1;
+    }
+    lload_features |= mask;
+    return 0;
+}
+
 #ifdef HAVE_TLS
 static int
 config_tls_cleanup( ConfigArgs *c )
diff --git a/servers/lloadd/proto-slap.h b/servers/lloadd/proto-slap.h
index 4643f00900..d5c3dfbaa8 100644
--- a/servers/lloadd/proto-slap.h
+++ b/servers/lloadd/proto-slap.h
@@ -219,6 +219,8 @@ LDAP_SLAPD_V (ber_len_t) sockbuf_max_incoming;
 LDAP_SLAPD_V (ber_len_t) sockbuf_max_incoming_auth;
 LDAP_SLAPD_V (int) slap_conn_max_pdus_per_cycle;
 
+LDAP_SLAPD_V (lload_features_t) lload_features;
+
 LDAP_SLAPD_V (slap_mask_t) global_allows;
 LDAP_SLAPD_V (slap_mask_t) global_disallows;
 
diff --git a/servers/lloadd/slap.h b/servers/lloadd/slap.h
index 01250e5c3b..39e97a0467 100644
--- a/servers/lloadd/slap.h
+++ b/servers/lloadd/slap.h
@@ -227,6 +227,11 @@ typedef struct config_reply_s ConfigReply; /* config.h */
 
 typedef struct Listener Listener;
 
+typedef enum {
+    LLOAD_FEATURE_VC = 1 << 0,
+    LLOAD_FEATURE_PROXYAUTHZ = 1 << 1,
+} lload_features_t;
+
 enum lload_tls_type {
     LLOAD_CLEARTEXT = 0,
     LLOAD_LDAPS,
@@ -279,13 +284,12 @@ struct Connection {
     struct event *c_read_event, *c_write_event;
 
     /* can only be changed by binding thread */
-    int c_features;
-#define SLAP_C_VC 1
-
     struct berval c_sasl_bind_mech; /* mech in progress */
     struct berval c_auth;           /* authcDN (possibly in progress) */
 
+#ifdef LDAP_API_FEATURE_VERIFY_CREDENTIALS
     struct berval c_vc_cookie;
+#endif /* LDAP_API_FEATURE_VERIFY_CREDENTIALS */
 
     /* Can be held while acquiring c_mutex to inject things into c_ops or
      * destroy the connection */