- if (conn->c_ops != NULL) {
- if (conn->c_ops != op || op->o_next != NULL)
- return(LDAP_OPERATIONS_ERROR);
+ if (( conn->c_ops != NULL &&
+ (conn->c_ops != op || op->o_next != NULL)) ||
+ ( conn->c_pending_ops != NULL))
+ {
+ *text = "cannot start TLS when operations our outstanding";
+ rc = LDAP_OPERATIONS_ERROR;
+ goto done;
+ }
+
+ if ( ( global_disallows & SLAP_DISALLOW_TLS_AUTHC ) &&
+ ( conn->c_dn != NULL ) )
+ {
+ *text = "cannot start TLS after authentication";
+ rc = LDAP_OPERATIONS_ERROR;
+ goto done;