diff --git a/docs-xml/smbdotconf/ldap/ldapssl.xml b/docs-xml/smbdotconf/ldap/ldapssl.xml
index d785071ec4c..b2e953736b2 100644
--- a/docs-xml/smbdotconf/ldap/ldapssl.xml
+++ b/docs-xml/smbdotconf/ldap/ldapssl.xml
@@ -27,11 +27,11 @@
 		</listitem>
 
 		<listitem>
-			<para><parameter moreinfo="none">Start_tls</parameter> = Use
+			<para><parameter moreinfo="none">start tls</parameter> = Use
 			the LDAPv3 StartTLS extended operation (RFC2830) for
 			communicating with the directory server.</para>
 		</listitem>
 	</itemizedlist>
 </description>
-<value type="default">no</value>
+<value type="default">start tls</value>
 </samba:parameter>
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index 020eae6ad62..8f03ae8fd73 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -4879,7 +4879,7 @@ static void init_globals(bool first_time_only)
 	string_set(&Globals.szLdapIdmapSuffix, "");
 
 	string_set(&Globals.szLdapAdminDn, "");
-	Globals.ldap_ssl = LDAP_SSL_OFF;
+	Globals.ldap_ssl = LDAP_SSL_START_TLS;
 	Globals.ldap_passwd_sync = LDAP_PASSWD_SYNC_OFF;
 	Globals.ldap_delete_dn = False;
 	Globals.ldap_replication_sleep = 1000; /* wait 1 sec for replication */