diff --git a/servers/slapd/bind.c b/servers/slapd/bind.c
index 45c2fab3fb..81898e3ea0 100644
--- a/servers/slapd/bind.c
+++ b/servers/slapd/bind.c
@@ -57,7 +57,9 @@ do_bind(
 	 * Force to connection to "anonymous" until bind succeeds.
 	 */
 	ldap_pvt_thread_mutex_lock( &conn->c_mutex );
+	if ( conn->c_sasl_bind_in_progress ) be = conn->c_authz_backend;
 	connection2anonymous( conn );
+	if ( conn->c_sasl_bind_in_progress ) conn->c_authz_backend = be;
 	ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
 
 	if ( op->o_dn.bv_val != NULL ) {
diff --git a/servers/slapd/saslauthz.c b/servers/slapd/saslauthz.c
index b6a9cd9420..ea2fa2430f 100644
--- a/servers/slapd/saslauthz.c
+++ b/servers/slapd/saslauthz.c
@@ -495,11 +495,10 @@ void slap_sasl2dn( Connection *conn, struct berval *saslname, struct berval *dn
 		uri.scope, LDAP_DEREF_NEVER, 1, 0,
 		filter, NULL, NULL, 1 );
 	
+FINISHED:
 	if( dn->bv_len ) {
 		conn->c_authz_backend = be;
 	}
-
-FINISHED:
 	if( uri.dn.bv_len ) ch_free( uri.dn.bv_val );
 	if( uri.filter.bv_len ) ch_free( uri.filter.bv_val );
 	if( filter ) filter_free( filter );