Move Cyrus SASL initializing forward

diff --git a/libraries/libldap/open.c b/libraries/libldap/open.c
index 451d3a0b767df46c00576aa4882c479093a39390..fcfd80ddaa421326b70a69fb8ffd8db37eb3ba5b 100644 (file)
--- a/libraries/libldap/open.c
+++ b/libraries/libldap/open.c
@@ -321,6 +321,14 @@ ldap_int_open_connection(
                INT_MAX, (void *)"ldap_" );
 #endif
 
+#ifdef HAVE_CYRUS_SASL
+       /* establish Cyrus SASL context prior to starting TLS so
+               that SASL EXTERNAL might be used */
+       if( sasl_host != NULL ) {
+               ldap_int_sasl_open( ld, conn, sasl_host, sasl_ssf );
+       }
+#endif
+
 #ifdef HAVE_TLS
        if (ld->ld_options.ldo_tls_mode == LDAP_OPT_X_TLS_HARD ||
                strcmp( srv->lud_scheme, "ldaps" ) == 0 )
@@ -337,12 +345,6 @@ ldap_int_open_connection(
        }
 #endif
 
-#ifdef HAVE_CYRUS_SASL
-       if( sasl_host != NULL ) {
-               ldap_int_sasl_open( ld, conn, sasl_host, sasl_ssf );
-       }
-#endif
-
 #ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
        if ( conn->lconn_krbinstance == NULL ) {
                char *c;