ITS#8022 don't skip TLS init for ldaps:// targets

diff --git a/servers/slapd/back-meta/conn.c b/servers/slapd/back-meta/conn.c
index d2e3c4399aee03469dd8eedab256fdb999e9b5d2..3a05d88af60e81462f65ae922c0f8835938d6a1c 100644 (file)
--- a/servers/slapd/back-meta/conn.c
+++ b/servers/slapd/back-meta/conn.c
@@ -424,7 +424,7 @@ retry_lock:;
        slap_client_keepalive(msc->msc_ld, &mt->mt_tls.sb_keepalive);
 
 #ifdef HAVE_TLS
-       if ( !is_ldaps ) {
+       {
                slap_bindconf *sb = NULL;
 
                if ( ispriv ) {
@@ -439,13 +439,15 @@ retry_lock:;
                        ldap_set_option( msc->msc_ld, LDAP_OPT_X_TLS_CTX, sb->sb_tls_ctx );
                }
 
-               if ( sb == &mt->mt_idassert.si_bc && sb->sb_tls_ctx ) {
-                       do_start_tls = 1;
+               if ( !is_ldaps ) {
+                       if ( sb == &mt->mt_idassert.si_bc && sb->sb_tls_ctx ) {
+                               do_start_tls = 1;
 
-               } else if ( META_BACK_TGT_USE_TLS( mt )
-                       || ( op->o_conn->c_is_tls && META_BACK_TGT_PROPAGATE_TLS( mt ) ) )
-               {
-                       do_start_tls = 1;
+                       } else if ( META_BACK_TGT_USE_TLS( mt )
+                               || ( op->o_conn->c_is_tls && META_BACK_TGT_PROPAGATE_TLS( mt ) ) )
+                       {
+                               do_start_tls = 1;
+                       }
                }
        }