--- a/src/auth/db-ldap.c	Wed Mar 05 00:56:28 2008 +0200
+++ b/src/auth/db-ldap.c	Wed Mar 05 01:10:57 2008 +0200
@@ -573,6 +573,11 @@
 #ifdef LDAP_HAVE_START_TLS_S
 		ret = ldap_start_tls_s(conn->ld, NULL, NULL);
 		if (ret != LDAP_SUCCESS) {
+			if (ret == LDAP_OPERATIONS_ERROR &&
+			    strncmp(conn->set.uris, "ldaps:", 6) == 0) {
+				i_fatal("LDAP: Don't use both tls=yes "
+					"and ldaps URI");
+			}
 			i_error("LDAP: ldap_start_tls_s() failed: %s",
 				ldap_err2string(ret));
 			return -1;