diff --git a/CHANGES b/CHANGES
index 3927a823520cb9cf1388a8c83706946d0021329a..08209d40697cf1df3717e3d22186cd15c7175461 100644
--- a/CHANGES
+++ b/CHANGES
@@ -3,6 +3,7 @@ OpenLDAP 2.4 Change Log
 OpenLDAP 2.4.18 Engineering
 	Fixed client tools common options (ITS#6049)
 	Fixed liblber speed and other problems (ITS#6215)
+	Added libldap option for SASL_USERNAME (ITS#6257)
 	Fixed libldap error parsing (ITS#6197)
 	Fixed libldap native getpass usage (ITS#4643)
 	Fixed libldap tls_check_hostname for OpenSSL and MozNSS (ITS#6239)
diff --git a/include/ldap.h b/include/ldap.h
index ca748a23a07b03f04d368de6d8f1af113232dab8..5cda775cfd3da464368825f7a7193e7fa1cd19c7 100644
--- a/include/ldap.h
+++ b/include/ldap.h
@@ -186,6 +186,7 @@ LDAP_BEGIN_DECL
 #define LDAP_OPT_X_SASL_MAXBUFSIZE		0x6109
 #define LDAP_OPT_X_SASL_MECHLIST		0x610a /* read-only */
 #define LDAP_OPT_X_SASL_NOCANON			0x610b
+#define LDAP_OPT_X_SASL_USERNAME		0x610c /* read-only */
 
 /* OpenLDAP GSSAPI options */
 #define LDAP_OPT_X_GSSAPI_DO_NOT_FREE_CONTEXT      0x6200
diff --git a/libraries/libldap/cyrus.c b/libraries/libldap/cyrus.c
index 57d0304313c6da5b1f41ba10a476713e628e7108..5591682746a276dee2b6228d3e3bc50f14a7d90a 100644
--- a/libraries/libldap/cyrus.c
+++ b/libraries/libldap/cyrus.c
@@ -1013,6 +1013,31 @@ ldap_int_sasl_get_option( LDAP *ld, int option, void *arg )
 			*(int *)arg = (int) LDAP_BOOL_GET(&ld->ld_options, LDAP_BOOL_SASL_NOCANON );
 			break;
 
+		case LDAP_OPT_X_SASL_USERNAME: {
+			int sc;
+			char *username;
+			sasl_conn_t *ctx;
+
+			if( ld->ld_defconn == NULL ) {
+				return -1;
+			}
+
+			ctx = ld->ld_defconn->lconn_sasl_authctx;
+
+			if ( ctx == NULL ) {
+				return -1;
+			}
+
+			sc = sasl_getprop( ctx, SASL_USERNAME,
+				(SASL_CONST void **)(char **) &username );
+
+			if ( sc != SASL_OK ) {
+				return -1;
+			}
+
+			*(char **)arg = username;
+		} break;
+
 		case LDAP_OPT_X_SASL_SECPROPS:
 			/* this option is write only */
 			return -1;
@@ -1034,6 +1059,7 @@ ldap_int_sasl_set_option( LDAP *ld, int option, void *arg )
 
 	switch ( option ) {
 	case LDAP_OPT_X_SASL_SSF:
+	case LDAP_OPT_X_SASL_USERNAME:
 		/* This option is read-only */
 		return -1;