diff --git a/README.md b/README.md
index 63600f8..4b24dbd 100644
--- a/README.md
+++ b/README.md
@@ -15,7 +15,7 @@ CLI tool to query LDAP/AD servers
 * Decodes certain well-known attributes (UUIDs, Timestamps, SID, userAccountControl)
 * Requires server to support [RFC 2696: Simple Paged Results](https://www.rfc-editor.org/rfc/rfc2696) for proper pagination
   * By default the first 1000 entries are shown, and it errors if there are more results
-  * Use `-all` to show all results
+  * Use `--all` to show all results
 
 ## Authentication, Protocol, Ports
 
diff --git a/src/ldaptool/search/_search.py b/src/ldaptool/search/_search.py
index 5a423b1..124f1f5 100644
--- a/src/ldaptool/search/_search.py
+++ b/src/ldaptool/search/_search.py
@@ -21,7 +21,7 @@ def search(*, config: Config, arguments: Arguments) -> typing.Iterable[Result]:
     if not arguments.base:
         arguments.base = realm.default_base(gc=arguments.gc)
 
-    ldap_con = ldap.initialize(realm.ldap_uri(gc=arguments.gc, tls=False, server=arguments.server))
+    ldap_con = ldap.initialize(realm.ldap_uri(gc=arguments.gc, tls=not arguments.krb, server=arguments.server))
     ldap_con.set_option(ldap.OPT_REFERRALS, 0)
     if arguments.krb:
         ldap_con.sasl_gssapi_bind_s()