diff --git a/libraries/libldap/cyrus.c b/libraries/libldap/cyrus.c
index eaf4f219accbe67f7b3727617c4424cde122ac2a..b6aae585c55a17c81ceb385700a09cab9f60f1f8 100644
--- a/libraries/libldap/cyrus.c
+++ b/libraries/libldap/cyrus.c
@@ -461,8 +461,7 @@ int
 ldap_int_sasl_open(
 	LDAP *ld, 
 	LDAPConn *lc,
-	const char * host,
-	ber_len_t ssf )
+	const char * host )
 {
 	int rc;
 	sasl_conn_t *ctx;
@@ -497,27 +496,6 @@ ldap_int_sasl_open(
 
 	lc->lconn_sasl_ctx = ctx;
 
-	if( ssf ) {
-#if SASL_VERSION_MAJOR >= 2
-		(void) sasl_setprop( ctx, SASL_SSF_EXTERNAL,
-			(void *) &ssf );
-#else
-		sasl_external_properties_t extprops;
-		memset(&extprops, 0L, sizeof(extprops));
-		extprops.ssf = ssf;
-
-		(void) sasl_setprop( ctx, SASL_SSF_EXTERNAL,
-			(void *) &extprops );
-#endif
-#ifdef NEW_LOGGING
-		LDAP_LOG ( TRANSPORT, DETAIL1, 
-			"ldap_int_sasl_open: ssf=%ld\n", (long) ssf, 0, 0 );
-#else
-		Debug( LDAP_DEBUG_TRACE, "ldap_int_sasl_open: ssf=%ld\n",
-			(long) ssf, 0, 0 );
-#endif
-	}
-
 	return LDAP_SUCCESS;
 }
 
diff --git a/libraries/libldap/ldap-int.h b/libraries/libldap/ldap-int.h
index 897569b59980b3453a286cde634f0cf9015dc579..ec0aa4883e4fdb8614d34873dcaa2efdfe3458e9 100644
--- a/libraries/libldap/ldap-int.h
+++ b/libraries/libldap/ldap-int.h
@@ -533,7 +533,7 @@ LDAP_F (int) ldap_int_sasl_init LDAP_P(( void ));
 
 LDAP_F (int) ldap_int_sasl_open LDAP_P((
 	LDAP *ld, LDAPConn *conn,
-	const char* host, ber_len_t ssf ));
+	const char* host ));
 LDAP_F (int) ldap_int_sasl_close LDAP_P(( LDAP *ld, LDAPConn *conn ));
 
 LDAP_F (int) ldap_int_sasl_external LDAP_P((
diff --git a/libraries/libldap/open.c b/libraries/libldap/open.c
index 5e7f69f092a13a6268784e1429247a373d856fe6..3552ec5d074f95d912858e4846ea3cb77d30a2af 100644
--- a/libraries/libldap/open.c
+++ b/libraries/libldap/open.c
@@ -235,7 +235,6 @@ ldap_int_open_connection(
 	int rc = -1;
 #ifdef HAVE_CYRUS_SASL
 	char *sasl_host = NULL;
-	int sasl_ssf = 0;
 #endif
 	char *host;
 	int port, proto;
@@ -326,7 +325,6 @@ ldap_int_open_connection(
 
 #ifdef HAVE_CYRUS_SASL
 			sasl_host = ldap_host_connected_to( conn->lconn_sb );
-			sasl_ssf = LDAP_PVT_SASL_LOCAL_SSF;
 #endif
 			break;
 #endif /* LDAP_PF_LOCAL */
@@ -352,20 +350,16 @@ ldap_int_open_connection(
 	/* establish Cyrus SASL context prior to starting TLS so
 		that SASL EXTERNAL might be used */
 	if( sasl_host != NULL ) {
-		ldap_int_sasl_open( ld, conn, sasl_host, sasl_ssf );
+		ldap_int_sasl_open( ld, conn, sasl_host );
 		LDAP_FREE( sasl_host );
 	}
-	/* sasl_ssf is set redundantly. Should probably remove it from
-	 * the ldap_int_sasl_open call since the TLS ssf isn't known
-	 * yet anyway.
-	 */
 	if( proto == LDAP_PROTO_IPC ) {
 		char authid[sizeof("uidNumber=4294967295,gidNumber=4294967295,"
 			"cn=peercred,cn=external,cn=auth")];
 		sprintf( authid, "uidNumber=%d,gidNumber=%d,"
 			"cn=peercred,cn=external,cn=auth",
 			geteuid(), getegid() );
-		ldap_int_sasl_external( ld, conn, authid, sasl_ssf );
+		ldap_int_sasl_external( ld, conn, authid, LDAP_PVT_SASL_LOCAL_SSF);
 	}
 #endif