diff --git a/src/ldapauth.c b/src/ldapauth.c
index 090b898..3175fdf 100644
--- a/src/ldapauth.c
+++ b/src/ldapauth.c
@@ -49,7 +49,7 @@ oal_ldap_escape(char *dst, size_t size, const char *src)
  * @returns 1 on success, 0 on error and fills config->error
  */
 int
-oal_connect(LDAP * ld,
+oal_connect(LDAP ** ld,
             oal_config_t * const config,
             const char * const binddn,
             const char * const bindpass)
@@ -59,7 +59,7 @@ oal_connect(LDAP * ld,
   struct timeval tv = { 30, 0 };
   int rc = 0;
 
-  if ((rc = ldap_initialize(&ld, config->bindurls)) != LDAP_SUCCESS) {
+  if ((rc = ldap_initialize(ld, config->bindurls)) != LDAP_SUCCESS) {
     snprintf(config->error, sizeof(config->error), "can't connnect to ldap server(s): %s", strerror(errno));
     return 1;
   }
@@ -68,35 +68,35 @@ oal_connect(LDAP * ld,
     tv.tv_sec = config->bindtimeout;
 
   /* hardcoded options */
-  if (ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &ldapver) != LDAP_OPT_SUCCESS) {
+  if (ldap_set_option(*ld, LDAP_OPT_PROTOCOL_VERSION, &ldapver) != LDAP_OPT_SUCCESS) {
     snprintf(config->error, sizeof(config->error), "can't set ldap protocol version");
     return 1;
   }
-  if (ldap_set_option(ld, LDAP_OPT_SIZELIMIT, &sizelimit) != LDAP_OPT_SUCCESS) {
+  if (ldap_set_option(*ld, LDAP_OPT_SIZELIMIT, &sizelimit) != LDAP_OPT_SUCCESS) {
     snprintf(config->error, sizeof(config->error), "can't set max results limit");
     return 1;
   }
   /* timeouts */
-  if (ldap_set_option(ld, LDAP_OPT_NETWORK_TIMEOUT, &tv) != LDAP_OPT_SUCCESS) {
+  if (ldap_set_option(*ld, LDAP_OPT_NETWORK_TIMEOUT, &tv) != LDAP_OPT_SUCCESS) {
     snprintf(config->error, sizeof(config->error), "can't set network timeout: %d", config->bindtimeout);
     return 1;
   }
-  if (ldap_set_option(ld, LDAP_OPT_TIMEOUT,         &tv) != LDAP_OPT_SUCCESS) {
+  if (ldap_set_option(*ld, LDAP_OPT_TIMEOUT,         &tv) != LDAP_OPT_SUCCESS) {
     snprintf(config->error, sizeof(config->error), "can't set search timeout: %d", config->bindtimeout);
     return 1;
   }
   /* TODO: hardcoded */
-  if (ldap_set_option(ld, LDAP_OPT_REFERRALS, LDAP_OPT_OFF) != LDAP_OPT_SUCCESS) {
+  if (ldap_set_option(*ld, LDAP_OPT_REFERRALS, LDAP_OPT_OFF) != LDAP_OPT_SUCCESS) {
     snprintf(config->error, sizeof(config->error), "can't set follow referrals to 'off'");
     return 1;
   }
   /* required */
-  if (ldap_set_option(ld, LDAP_OPT_DEFBASE,   config->basedn) != LDAP_OPT_SUCCESS) {
+  if (ldap_set_option(*ld, LDAP_OPT_DEFBASE,   config->basedn) != LDAP_OPT_SUCCESS) {
     snprintf(config->error, sizeof(config->error), "can't set searchbase: %s", config->basedn);
     return 1;
   }
 
-  if ((rc = ldap_simple_bind_s(ld, binddn, bindpass)) != LDAP_SUCCESS) {
+  if ((rc = ldap_simple_bind_s(*ld, binddn, bindpass)) != LDAP_SUCCESS) {
     snprintf(config->error, sizeof(config->error), "can't bind to ldap server: %s", ldap_err2string(rc));
     return 1;
   }
@@ -152,7 +152,7 @@ oal_check_cred(oal_config_t * const config,
     goto cleanup;
   }
 
-  if (oal_connect(ald, config, udn, password) == 0) {
+  if (oal_connect(&ald, config, udn, password) == 0) {
     rc = 1;
     ldap_unbind(ald);
     goto cleanup;