--- /dev/null
+diff -up nss_ldap-253/ldap-nss.c.padl418 nss_ldap-253/ldap-nss.c
+--- nss_ldap-253/ldap-nss.c.padl418 2010-11-17 14:08:24.000000000 +0000
++++ nss_ldap-253/ldap-nss.c 2010-11-18 00:34:22.000000000 +0000
+@@ -1272,9 +1272,14 @@ do_init (void)
+ }
+ }
+
+- __session.ls_conn = NULL;
++ /* looks like a problem. could be initialized, but not connected */
++ if (__session.ls_state != LS_UNINITIALIZED)
++ {
++ debug ("<== do_init (already initialized)");
++ goto initialized;
++ }
++
+ __session.ls_timestamp = 0;
+- __session.ls_state = LS_UNINITIALIZED;
+
+ #if defined(HAVE_PTHREAD_ONCE) && defined(HAVE_PTHREAD_ATFORK)
+ if (pthread_once (&__once, do_atfork_setup) != 0)
+@@ -1394,6 +1399,7 @@ do_init (void)
+
+ debug ("<== do_init (initialized session)");
+
++initialized:
+ return NSS_SUCCESS;
+ }
+
+@@ -1614,6 +1620,7 @@ do_open (void)
+ }
+ else
+ {
++ syslog(LOG_ERR, "nss-ldap: do_open: do_start_tls failed:stat=%d", stat);
+ do_close ();
+ debug ("<== do_open (TLS startup failed)");
+ return stat;