diff --git a/servers/slapd/daemon.c b/servers/slapd/daemon.c
index ccde6b07880984207d7ff78b0fc425c3f4842ed4..53490b9927dbe59260930098acb7e2be71392d04 100644
--- a/servers/slapd/daemon.c
+++ b/servers/slapd/daemon.c
@@ -314,6 +314,8 @@ slapd_daemon_task(
 
 	if( !inetd ) {
 		for ( l = 0; l < N_LISTENERS; l++ ) {
+			if ( listeners[l].tcps < 0 )
+				continue;
 			if ( listen( listeners[l].tcps, 5 ) == -1 ) {
 				int err = errno;
 				Debug( LDAP_DEBUG_ANY,
@@ -400,6 +402,8 @@ slapd_daemon_task(
 #endif
 
 		for ( l = 0; l < N_LISTENERS; l++ ) {
+			if ( listeners[l].tcps < 0 )
+				continue;
 			FD_SET( (unsigned) listeners[l].tcps, &readfds );
 		}
 
@@ -422,6 +426,8 @@ slapd_daemon_task(
 #endif
 
 		for ( i = 0; i < N_LISTENERS; i++ ) {
+			if ( listeners[l].tcps < 0 )
+				continue;
 			Debug( LDAP_DEBUG_CONNS,
 			"daemon: select: tcps=%d active_threads=%d tvp=%s\n",
 			       listeners[i].tcps, at,
@@ -481,6 +487,8 @@ slapd_daemon_task(
 			int len = sizeof(from);
 			long id;
 
+			if ( listeners[l].tcps < 0 )
+				continue;
 			if ( !FD_ISSET( listeners[l].tcps, &readfds ) )
 				continue;
 
diff --git a/servers/slapd/main.c b/servers/slapd/main.c
index 5d818835aad7153caf657ebd15afe7e63ab97f18..2da444a9fc09ff18b0aa6a5112ea7405566c9a66 100644
--- a/servers/slapd/main.c
+++ b/servers/slapd/main.c
@@ -148,6 +148,7 @@ int main( int argc, char **argv )
 #endif
 	char        *serverName;
 	int         serverMode = SLAP_SERVER_MODE;
+	int		use_tls_port = 0;
 
 	(void) memset( (void*) &bind_addr, '\0', sizeof(bind_addr));
 	bind_addr.sin_family = AF_INET;
@@ -209,7 +210,7 @@ int main( int argc, char **argv )
 				 "n:"
 #endif
 #ifdef HAVE_TLS
-			     "P:"
+			     "P:T"
 #endif
 			     )) != EOF ) {
 		switch ( i ) {
@@ -339,6 +340,10 @@ int main( int argc, char **argv )
 		case 'n':  /* NT service name */
 			NTservice = ch_strdup( optarg );
 			break;
+#endif
+#ifdef HAVE_TLS
+		case 'T':  /* Bind on TLS port */
+			use_tls_port = 1;
 #endif
 		default:
 			usage( argv[0] );
@@ -387,9 +392,13 @@ int main( int argc, char **argv )
 	if ( tcps == -1 )
 		goto destroy;
 #ifdef HAVE_TLS
-	tls_tcps = set_socket( inetd ? NULL : &tls_bind_addr );
-	if ( tls_tcps == -1 )
-		goto destroy;
+	if ( use_tls_port ) {
+		tls_tcps = set_socket( inetd ? NULL : &tls_bind_addr );
+		if ( tls_tcps == -1 )
+			goto destroy;
+	} else {
+		tls_tcps = -1;
+	}
 #endif
 
 	(void) SIGNAL( LDAP_SIGUSR1, slap_do_nothing );