diff --git a/CHANGES b/CHANGES
index d870a4712f82781b8acb720799188479006bd687..05f1d23d28f69213a4219c16b78018ae046c8588 100644
--- a/CHANGES
+++ b/CHANGES
@@ -15,6 +15,7 @@ OpenLDAP 2.4.18 Engineering
 	Fixed slapd subordinate needs a suffix (ITS#6216)
 	Fixed slapd tools to properly close database (ITS#6214)
 	Fixed slapd uninitialized SlapReply components (ITS#6101)
+	Fixed slapd-meta starttls with targets (ITS#6190)
 	Fixed slapd-ndb startup (ITS#6203)
 	Fixed slapd-relay various issues (ITS#6133)
 	Fixed slapd-relay response/cleanup callback mismatch (ITS#6154)
diff --git a/servers/slapd/back-meta/back-meta.h b/servers/slapd/back-meta/back-meta.h
index 3c0395200e3e62778174fb4f0f5945cf6f27a2ed..898b6f2c77670ae15654aebf62bc9e958911e728 100644
--- a/servers/slapd/back-meta/back-meta.h
+++ b/servers/slapd/back-meta/back-meta.h
@@ -301,6 +301,14 @@ typedef struct metatarget_t {
 #define	META_BACK_TGT_ISSET(mt,f)		( ( (mt)->mt_flags & (f) ) == (f) )
 #define	META_BACK_TGT_ISMASK(mt,m,f)		( ( (mt)->mt_flags & (m) ) == (f) )
 
+#define META_BACK_TGT_SAVECRED(mt)		META_BACK_TGT_ISSET( (mt), LDAP_BACK_F_SAVECRED )
+
+#define META_BACK_TGT_USE_TLS(mt)		META_BACK_TGT_ISSET( (mt), LDAP_BACK_F_USE_TLS )
+#define META_BACK_TGT_PROPAGATE_TLS(mt)		META_BACK_TGT_ISSET( (mt), LDAP_BACK_F_PROPAGATE_TLS )
+#define META_BACK_TGT_TLS_CRITICAL(mt)		META_BACK_TGT_ISSET( (mt), LDAP_BACK_F_TLS_CRITICAL )
+
+#define META_BACK_TGT_CHASE_REFERRALS(mt)	META_BACK_TGT_ISSET( (mt), LDAP_BACK_F_CHASE_REFERRALS )
+
 #define	META_BACK_TGT_T_F(mt)			META_BACK_TGT_ISMASK( (mt), LDAP_BACK_F_T_F_MASK, LDAP_BACK_F_T_F )
 #define	META_BACK_TGT_T_F_DISCOVER(mt)		META_BACK_TGT_ISMASK( (mt), LDAP_BACK_F_T_F_MASK2, LDAP_BACK_F_T_F_DISCOVER )
 
diff --git a/servers/slapd/back-meta/bind.c b/servers/slapd/back-meta/bind.c
index 3b3f520736d66623a7ccfb3d78abbd4992522e5f..9c972902520dec1a7795eee87886d1a7cfec8a34 100644
--- a/servers/slapd/back-meta/bind.c
+++ b/servers/slapd/back-meta/bind.c
@@ -538,7 +538,7 @@ meta_back_single_bind(
 	LDAP_BACK_CONN_ISBOUND_SET( msc );
 	mc->mc_authz_target = candidate;
 
-	if ( LDAP_BACK_SAVECRED( mi ) ) {
+	if ( META_BACK_TGT_SAVECRED( mt ) ) {
 		if ( !BER_BVISNULL( &msc->msc_cred ) ) {
 			memset( msc->msc_cred.bv_val, 0,
 				msc->msc_cred.bv_len );
@@ -1539,7 +1539,7 @@ meta_back_proxy_authz_bind( metaconn_t *mc, int candidate, Operation *op, SlapRe
 				LDAP_BACK_CONN_ISBOUND_SET( msc );
 				ber_bvreplace( &msc->msc_bound_ndn, &binddn );
 
-				if ( LDAP_BACK_SAVECRED( mi ) ) {
+				if ( META_BACK_TGT_SAVECRED( mt ) ) {
 					if ( !BER_BVISNULL( &msc->msc_cred ) ) {
 						memset( msc->msc_cred.bv_val, 0,
 							msc->msc_cred.bv_len );
diff --git a/servers/slapd/back-meta/config.c b/servers/slapd/back-meta/config.c
index eb62e267591ae5b28e444c3385241ff9529afb6f..de6114dffa1e50eb37e52555152f6c232f07aecc 100644
--- a/servers/slapd/back-meta/config.c
+++ b/servers/slapd/back-meta/config.c
@@ -640,6 +640,10 @@ meta_back_db_config(
 		
 	/* save bind creds for referral rebinds? */
 	} else if ( strcasecmp( argv[ 0 ], "rebind-as-user" ) == 0 ) {
+		unsigned	*flagsp = mi->mi_ntargets ?
+				&mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_flags
+				: &mi->mi_flags;
+
 		if ( argc > 2 ) {
 			Debug( LDAP_DEBUG_ANY,
 	"%s: line %d: \"rebind-as-user {NO|yes}\" takes 1 argument.\n",
@@ -651,16 +655,16 @@ meta_back_db_config(
 			Debug( LDAP_DEBUG_ANY,
 	"%s: line %d: deprecated use of \"rebind-as-user {FALSE|true}\" with no arguments.\n",
 			    fname, lineno, 0 );
-			mi->mi_flags |= LDAP_BACK_F_SAVECRED;
+			*flagsp |= LDAP_BACK_F_SAVECRED;
 
 		} else {
 			switch ( check_true_false( argv[ 1 ] ) ) {
 			case 0:
-				mi->mi_flags &= ~LDAP_BACK_F_SAVECRED;
+				*flagsp &= ~LDAP_BACK_F_SAVECRED;
 				break;
 
 			case 1:
-				mi->mi_flags |= LDAP_BACK_F_SAVECRED;
+				*flagsp |= LDAP_BACK_F_SAVECRED;
 				break;
 
 			default:
diff --git a/servers/slapd/back-meta/conn.c b/servers/slapd/back-meta/conn.c
index be59cd3ea890112002ceba3d350f4366110579a5..09f918956b9a6abcf016dc8406d94b0db47786ae 100644
--- a/servers/slapd/back-meta/conn.c
+++ b/servers/slapd/back-meta/conn.c
@@ -418,13 +418,13 @@ retry_lock:;
 
 	/* automatically chase referrals ("chase-referrals [{yes|no}]" statement) */
 	ldap_set_option( msc->msc_ld, LDAP_OPT_REFERRALS,
-		LDAP_BACK_CHASE_REFERRALS( mi ) ? LDAP_OPT_ON : LDAP_OPT_OFF );
+		META_BACK_TGT_CHASE_REFERRALS( mt ) ? LDAP_OPT_ON : LDAP_OPT_OFF );
 
 #ifdef HAVE_TLS
 	/* start TLS ("tls [try-]{start|propagate}" statement) */
-	if ( ( LDAP_BACK_USE_TLS( mi )
+	if ( ( META_BACK_TGT_USE_TLS( mt )
 		|| ( op->o_conn->c_is_tls
-			&& LDAP_BACK_PROPAGATE_TLS( mi ) ) )
+			&& META_BACK_TGT_PROPAGATE_TLS( mt ) ) )
 		&& !is_ldaps )
 	{
 #ifdef SLAP_STARTTLS_ASYNCHRONOUS
@@ -526,7 +526,7 @@ retry:;
 		 * overlay, where the "uri" can be parsed out of a referral */
 		if ( rs->sr_err == LDAP_SERVER_DOWN
 			|| ( rs->sr_err != LDAP_SUCCESS
-				&& LDAP_BACK_TLS_CRITICAL( mi ) ) )
+				&& META_BACK_TGT_TLS_CRITICAL( mt ) ) )
 		{
 
 #ifdef DEBUG_205
diff --git a/servers/slapd/back-meta/search.c b/servers/slapd/back-meta/search.c
index 171221421df2c7f5271f00914c72b2ea9e971c4c..c729ea29227f24302e4e5b41b55524c124e6b9a1 100644
--- a/servers/slapd/back-meta/search.c
+++ b/servers/slapd/back-meta/search.c
@@ -199,7 +199,7 @@ meta_search_dobind_init(
 		 * because the connection is not shared until bind is over */
 		if ( !BER_BVISNULL( &binddn ) ) {
 			ber_bvreplace( &msc->msc_bound_ndn, &binddn );
-			if ( LDAP_BACK_SAVECRED( mi ) && !BER_BVISNULL( &cred ) ) {
+			if ( META_BACK_TGT_SAVECRED( mt ) && !BER_BVISNULL( &cred ) ) {
 				if ( !BER_BVISNULL( &msc->msc_cred ) ) {
 					memset( msc->msc_cred.bv_val, 0,
 						msc->msc_cred.bv_len );