diff --git a/.gitignore b/.gitignore
index 7e0ec57..1a1c3ad 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,2 @@
 SOURCES/ltb-project-openldap-ppolicy-check-password-1.1.tar.gz
-SOURCES/openldap-2.4.57.tgz
+SOURCES/openldap-2.4.59.tgz
diff --git a/.openldap.metadata b/.openldap.metadata
index efc624d..07f3e42 100644
--- a/.openldap.metadata
+++ b/.openldap.metadata
@@ -1,2 +1,2 @@
 444fe85f8c42d97355d88ec295b18ecb58faeb52 SOURCES/ltb-project-openldap-ppolicy-check-password-1.1.tar.gz
-1cffa70a3ea8545948041fd113f8f53bc24d6d87 SOURCES/openldap-2.4.57.tgz
+b154d06bbf40fafafb34fffc4b116946d931efef SOURCES/openldap-2.4.59.tgz
diff --git a/SPECS/openldap.spec b/SPECS/openldap.spec
index 0d45ae7..6459ead 100644
--- a/SPECS/openldap.spec
+++ b/SPECS/openldap.spec
@@ -6,8 +6,8 @@
 %global so_ver 2
 
 Name: openldap
-Version: 2.4.57
-Release: 8%{?dist}
+Version: 2.4.59
+Release: 3%{?dist}
 Summary: LDAP support libraries
 License: OpenLDAP
 URL: http://www.openldap.org/
@@ -191,7 +191,7 @@ popd
 
 %set_build_flags
 # enable experimental support for LDAP over UDP (LDAP_CONNECTIONLESS)
-export CFLAGS="${CFLAGS} ${LDFLAGS} -Wl,--as-needed -DLDAP_CONNECTIONLESS -DLDAP_USE_NON_BLOCKING_TLS -DOPENSSL_NO_MD2"
+export CFLAGS="${CFLAGS} ${LDFLAGS} -Wl,--as-needed -Wl,-z,now -DLDAP_CONNECTIONLESS -DLDAP_USE_NON_BLOCKING_TLS -DOPENSSL_NO_MD2"
 
 pushd openldap-%{version}
 %configure \
@@ -330,7 +330,7 @@ for lib in $(ls | grep libldap_r-); do
     then
         so_ver_short="${libsplit[3]}"
         unset IFS
-        gcc -shared -o "%{buildroot}%{_libdir}/libldap-${version}.so.${so_ver_short}" -Wl,--no-as-needed \
+        gcc -shared -o "%{buildroot}%{_libdir}/libldap-${version}.so.${so_ver_short}" -Wl,--no-as-needed -Wl,-z,now \
                -Wl,-soname -Wl,libldap-${version}.so.${so_ver_short} -L "%{buildroot}%{_libdir}" -lldap_r
     else
         so_ver_full="${libsplit[3]}.${libsplit[4]}.${libsplit[5]}"
@@ -556,6 +556,17 @@ exit 0
 %{_libdir}/libldap-2.4*.so.*
 
 %changelog
+* Thu Sep 23 2021 Simon Pichugin <spichugi@redhat.com> - 2.4.59-3
+- Enable BIND_NOW for the linked library too. Related: rhbz#2002747
+
+* Wed Sep 22 2021 Simon Pichugin <spichugi@redhat.com> - 2.4.59-2
+- Enable BIND_NOW to prevent GOT overwrite attacks.
+- Ignore badfuncs error in rpminspect because it's a false positive
+  Related: rhbz#2002747
+
+* Tue Sep 14 2021 Simon Pichugin <spichugi@redhat.com> - 2.4.59-1
+- Rebase openldap to 2.4.59 Related: rhbz#2002747
+
 * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 2.4.57-8
 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
   Related: rhbz#1991688