Index: http_auth.c
===================================================================
--- http_auth.c	(revision 782)
+++ http_auth.c	(working copy)
@@ -49,6 +49,8 @@
 };
 #endif
 
+handler_t auth_ldap_init(server *srv, mod_auth_plugin_config *s);
+
 static const char base64_pad = '=';
 
 static const short base64_reverse_table[256] = {
@@ -577,11 +581,17 @@
 		
 		
 		/* 2. */
-		if (LDAP_SUCCESS != (ret = ldap_search_s(p->conf.ldap, p->conf.auth_ldap_basedn->ptr, LDAP_SCOPE_SUBTREE, p->ldap_filter->ptr, attrs, 0, &lm))) {
+		if (p->conf.ldap == NULL ||
+		    LDAP_SUCCESS != (ret = ldap_search_s(p->conf.ldap, p->conf.auth_ldap_basedn->ptr, LDAP_SCOPE_SUBTREE, p->ldap_filter->ptr, attrs, 0, &lm))) {
+			if (auth_ldap_init(srv, &p->conf) != HANDLER_GO_ON)
+				return -1;
+			if (LDAP_SUCCESS != (ret = ldap_search_s(p->conf.ldap, p->conf.auth_ldap_basedn->ptr, LDAP_SCOPE_SUBTREE, p->ldap_filter->ptr, attrs, 0, &lm))) {
+
 			log_error_write(srv, __FILE__, __LINE__, "sssb", 
 					"ldap:", ldap_err2string(ret), "filter:", p->ldap_filter);
 			
 			return -1;
+			}
 		}
 		
 		if (NULL == (first = ldap_first_entry(p->conf.ldap, lm))) {
Index: mod_auth.c
===================================================================
--- mod_auth.c	(revision 782)
+++ mod_auth.c	(working copy)
@@ -12,7 +12,9 @@
 #include "log.h"
 #include "response.h"
 
+handler_t auth_ldap_init(server *srv, mod_auth_plugin_config *s);
 
+
 /**
  * the basic and digest auth framework
  * 
@@ -505,8 +507,25 @@
 				close(fd);
 			}
 			break;
-		case AUTH_BACKEND_LDAP: 
+		case AUTH_BACKEND_LDAP: {
+			handler_t ret = auth_ldap_init(srv, s);
+			if (ret == HANDLER_ERROR)
+				return (ret);
+                        break;
+		}
+                default:
+                        break;
+                }
+        }
+
+        return HANDLER_GO_ON;
+}
+
+handler_t
+auth_ldap_init(server *srv, mod_auth_plugin_config *s)
+{
 #ifdef USE_LDAP
+			int ret;
 #if 0			
 			if (s->auth_ldap_basedn->used == 0) {
 				log_error_write(srv, __FILE__, __LINE__, "s", "ldap: auth.backend.ldap.base-dn has to be set");
@@ -546,6 +565,7 @@
 				}
 
 				if (s->auth_ldap_starttls) {
+#if 0
 					if (buffer_is_empty(s->auth_ldap_cafile)) {
 						log_error_write(srv, __FILE__, __LINE__, "s", "CA file has to be set");
 						
@@ -558,6 +578,7 @@
 						
 						return HANDLER_ERROR;
 					}
+#endif
 	
 					if (LDAP_OPT_SUCCESS != (ret = ldap_start_tls_s(s->ldap, NULL,  NULL))) {
 						log_error_write(srv, __FILE__, __LINE__, "ss", "ldap startTLS failed:", ldap_err2string(ret));
@@ -586,13 +607,7 @@
 			log_error_write(srv, __FILE__, __LINE__, "s", "no ldap support available");
 			return HANDLER_ERROR;
 #endif
-			break;
-		default:
-			break;
-		}
-	}
-	
-	return HANDLER_GO_ON;
+		return HANDLER_GO_ON;
 }
 
 int mod_auth_plugin_init(plugin *p) {