port level security for auth and anon

I am looking for help with setup of security with my openldap config.

I currently have RHEL 6 with ldap:// and ldaps:// working for both auth binds and anon binds.

What I want to do is allow anon binds on ldap:// and require authentication over an encrypted stream on ldaps://

my current access is set to:

access to attrs=userPassword by anonymous auth by self read by * none

access to * by * read

I do not have a security statement in my slapd.conf.

I have tried a few things such as changing the userpassword access to:

access to userPassword

by anonymous auth sasl_ssf=128 break by anonymous auth tls=128 by self read

but the syntax is not correct and the config will not load with above.

Any help would be great.

Chris Jackson