--- samba-3.0.9/source/libads/ldap.c.tls	2004-12-01 13:52:46.063127488 -0500
+++ samba-3.0.9/source/libads/ldap.c	2004-12-01 13:56:10.551040600 -0500
@@ -219,6 +219,7 @@
 ADS_STATUS ads_connect(ADS_STRUCT *ads)
 {
 	int version = LDAP_VERSION3;
+	int rc = LDAP_SUCCESS;
 	ADS_STATUS status;
 
 	ads->last_attempt = time(NULL);
@@ -254,6 +255,19 @@
 
 	ldap_set_option(ads->ld, LDAP_OPT_PROTOCOL_VERSION, &version);
 
+	if (lp_ldap_ssl() == LDAP_SSL_START_TLS) {
+#ifdef LDAP_OPT_X_TLS
+		if ((rc = ldap_start_tls_s(ads->ld, NULL, NULL)) != LDAP_SUCCESS) {
+			DEBUG(1,("StartTLS failed: %s(%X)\n",ldap_err2string(rc),rc));
+		} else {
+			DEBUG(3,("StartTLS issued: using a TLS connection\n"));
+		}
+#else
+		DEBUG(0,("ads_connect: StartTLS not supported by LDAP client libraries!\n"));
+		//return LDAP_OPERATIONS_ERROR;
+#endif
+	}
+
 	if (!ads->auth.user_name) {
 		/* have to use the userPrincipalName value here and 
 		   not servicePrincipalName; found by Guenther Deschner @ Sernet */