diff --git a/servers/slapd/root_dse.c b/servers/slapd/root_dse.c
index 942364e0057d1ab42f18868ae64a0c2039633341..c208c82e06f9c5252e918d03486e37ff5063d7d4 100644
--- a/servers/slapd/root_dse.c
+++ b/servers/slapd/root_dse.c
@@ -17,6 +17,12 @@
 
 #include "slap.h"
 
+static char *supportedFeatures[] = {
+	"1.3.6.1.4.1.4203.1.5.1", /* All Operational Attributes ("+") */
+	NULL
+};
+
+
 int
 root_dse_info(
 	Connection *conn,
@@ -36,6 +42,7 @@ root_dse_info(
 	AttributeDescription *ad_supportedExtension = slap_schema.si_ad_supportedExtension;
 	AttributeDescription *ad_supportedLDAPVersion = slap_schema.si_ad_supportedLDAPVersion;
 	AttributeDescription *ad_supportedSASLMechanisms = slap_schema.si_ad_supportedSASLMechanisms;
+	AttributeDescription *ad_supportedFeatures = slap_schema.si_ad_supportedFeatures;
 	AttributeDescription *ad_ref = slap_schema.si_ad_ref;
 
 	vals[0] = &val;
@@ -80,6 +87,13 @@ root_dse_info(
 		attr_merge( e, ad_supportedExtension, vals );
 	}
 
+	/* supportedFeatures */
+	for ( i=0; supportedFeatures[i] != NULL; i++ ) {
+		val.bv_val = supportedFeatures[i];
+		val.bv_len = strlen( val.bv_val );
+		attr_merge( e, ad_supportedFeatures, vals );
+	}
+
 	/* supportedLDAPVersion */
 	for ( i=LDAP_VERSION_MIN; i<=LDAP_VERSION_MAX; i++ ) {
 		if (( global_disallows & SLAP_DISALLOW_BIND_V2 ) &&
diff --git a/servers/slapd/schema/core.schema b/servers/slapd/schema/core.schema
index 3299ab3be34a7c881b0d10cde63fd8989dcd0e54..6e554a650ddb1dd8b9eac65e887c4d2452f8c87e 100644
--- a/servers/slapd/schema/core.schema
+++ b/servers/slapd/schema/core.schema
@@ -570,6 +570,32 @@ attributetype ( 1.3.6.1.4.1.250.1.32
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
 	SINGLE-VALUE )
 
+#
+# draft-zeilenga-ldap-features-xx.txt (supportedFeatures)
+#
+attributetype ( 1.3.6.1.4.1.4203.1.3.5
+      NAME 'supportedFeatures'
+      DESC 'features supported by the server'
+      EQUALITY objectIdentifierMatch
+      SYNTAX 1.3.6.1.4.1.1466.115.121.1.38
+      USAGE dSAOperation )
+
+#
+# RFC 3112 (authPassword)
+#
+attributetype ( 1.3.6.1.4.1.4203.666.1.1
+	NAME 'authPassword'
+	DESC 'OpenLDAP authentication password attribute'
+	SYNTAX 1.3.6.1.4.1.4203.666.2.2
+	USAGE dSAOperation )
+
+attributetype ( 1.3.6.1.4.1.4203.666.1.2
+	NAME 'supportedAuthPasswordSchemes'
+	DESC 'OpenLDAP supported authPassword schemes'
+	EQUALITY caseIgnoreIA5Match
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32}
+	NO-USER-MODIFICATION USAGE dSAOperation )
+
 #
 # OpenLDAP specific schema items
 #
diff --git a/servers/slapd/schema_prep.c b/servers/slapd/schema_prep.c
index ecb2ff1f13a9adabe98c38792d240a6347e23a8e..533047f0c0e353b9254f13e9e9d35e2148d8b71c 100644
--- a/servers/slapd/schema_prep.c
+++ b/servers/slapd/schema_prep.c
@@ -160,6 +160,8 @@ struct slap_schema_ad_map {
 		offsetof(struct slap_internal_schema, si_ad_supportedLDAPVersion) },
 	{ "supportedSASLMechanisms", NULL, NULL, NULL,
 		offsetof(struct slap_internal_schema, si_ad_supportedSASLMechanisms) },
+	{ "supportedFeatures", NULL, NULL, NULL,
+		offsetof(struct slap_internal_schema, si_ad_supportedFeatures) },
 
 	/* subschema subentry attributes */
 	{ "attributeTypes", NULL, NULL, NULL,
diff --git a/servers/slapd/slap.h b/servers/slapd/slap.h
index 5a2c43483a1c79e6a7d4cf080e7ec9ea69d17c8f..9789351261293622b525551476c44ea6b54978a3 100644
--- a/servers/slapd/slap.h
+++ b/servers/slapd/slap.h
@@ -450,6 +450,7 @@ struct slap_internal_schema {
 	AttributeDescription *si_ad_supportedExtension;
 	AttributeDescription *si_ad_supportedLDAPVersion;
 	AttributeDescription *si_ad_supportedSASLMechanisms;
+	AttributeDescription *si_ad_supportedFeatures;
 
 	/* subschema subentry attribute descriptions */
 	AttributeDescription *si_ad_objectClasses;