Okay, this will help me 100%. I want to ensure that replication is done over TLS. In the replica stanza I can enable TLS with 'tls=yes'. Fine. Question: If slurpd can't get TLS working will it quit, or revert to cleartext? If it will revert, is there a way I can stop that? Something like -ZZ for ldapsearch? Basically, I'd rather slurpd fail than do anything in cleartext.