On Fri, Sep 18, 2009 at 11:31 PM, Quanah Gibson-Mount <quanah(a)zimbra.com&gt; wrote: Hello, quick one about this, i read this page: http://www.openldap.org/doc/admin24/slapdconfig.html#syncrepl The part I am wondering about is this: "by default the TLS parameters from a ldap.conf(5) configuration file will be used. TLS settings may be specified here, in which case any ldap.conf(5) settings will be completely ignored" So i do have a valid /etc/ldap.conf which contains references to TLS cert and stuff, why do i need more settings in slapd.conf? Reason I am asking is when i add this, in the syncrepl section, it fails saying unknown directive: [starttls=yes|critical] [tls_cacert=<file>] For info, this is my ldap.conf: BASE dc=example, dc=com URI ldaps://masterldap.example.com:636/ TLS_CACERT /etc/ldap/cert/cacert.pem TLS_REQCERT demand Cheers, Steph