The issue should be fixed in HEAD both for back-meta and back-ldap; now if TLS is required by idassert it will be started. Moreover, back-meta now allows to specify tls options per-target. The man page has not been updated yet. Please test and report through the ITS. Thanks, p.