ITS#2570 - don't permanently give up on TLS due to transient failures

diff --git a/servers/slurpd/ldap_op.c b/servers/slurpd/ldap_op.c
index a5308058dc5767d0b5a236a85e2cc34cf00c216c..879932f806edc3b7ab68ad94e478c6032122bcbe 100644 (file)
--- a/servers/slurpd/ldap_op.c
+++ b/servers/slurpd/ldap_op.c
@@ -763,6 +763,7 @@ do_bind(
 )
 {
     int                ldrc;
+    int                do_tls = ri->ri_tls;
 
     *lderr = 0;
 
@@ -885,7 +886,7 @@ retry:
        }
        ldap_set_option(ri->ri_ldp, LDAP_OPT_RESTART, LDAP_OPT_ON);
 
-       if( ri->ri_tls ) {
+       if( do_tls ) {
                int err = ldap_start_tls_s(ri->ri_ldp, NULL, NULL);
 
                if( err != LDAP_SUCCESS ) {
@@ -907,7 +908,7 @@ retry:
                                ri->ri_ldp = NULL;
                                return BIND_ERR_TLS_FAILED;
                        }
-                       ri->ri_tls = TLS_OFF;
+                       do_tls = TLS_OFF;
                        goto retry;
                }
        }