The workaround doesn't work for TLS because openldap can only serve one certificate. One cannot use two different names for the slave and only one certificate, because the common name won't match and the TLS connection will error.