ITS#8022 don't skip TLS init for ldaps:// targets

servers/slapd/back-meta/conn.c

@@ -424,7 +424,7 @@ retry_lock:;
 	slap_client_keepalive(msc->msc_ld, &mt->mt_tls.sb_keepalive);
 
 #ifdef HAVE_TLS
-	if ( !is_ldaps ) {
+	{
 		slap_bindconf *sb = NULL;
 
 		if ( ispriv ) {
@@ -439,13 +439,15 @@ retry_lock:;
 			ldap_set_option( msc->msc_ld, LDAP_OPT_X_TLS_CTX, sb->sb_tls_ctx );
 		}
 
-		if ( sb == &mt->mt_idassert.si_bc && sb->sb_tls_ctx ) {
-			do_start_tls = 1;
+		if ( !is_ldaps ) {
+			if ( sb == &mt->mt_idassert.si_bc && sb->sb_tls_ctx ) {
+				do_start_tls = 1;
 
-		} else if ( META_BACK_TGT_USE_TLS( mt )
-			|| ( op->o_conn->c_is_tls && META_BACK_TGT_PROPAGATE_TLS( mt ) ) )
-		{
-			do_start_tls = 1;
+			} else if ( META_BACK_TGT_USE_TLS( mt )
+				|| ( op->o_conn->c_is_tls && META_BACK_TGT_PROPAGATE_TLS( mt ) ) )
+			{
+				do_start_tls = 1;
+			}
 		}
 	}