further clarify size limit related issues in sync replication (ITS#5243)

doc/man/man5/slapd.conf.5

@@ -1298,6 +1298,12 @@ is requested cannot exceed the
 size limit of regular searches unless extended by the
 .B prtotal
 switch.
+
+The \fBlimits\fP statement is typically used to let an unlimited
+number of entries to be returned by searches performed
+with the identity used by the consumer for synchronization purposes
+by means of the RFC 4533 LDAP Content Synchronization protocol
+(see \fBsyncrepl\fP for details).
 .RE
 .TP
 .B maxderefdepth <depth>
@@ -1550,7 +1556,9 @@ It is a non-negative integer having no more than three digits.
 .B provider
 specifies the replication provider site containing the master content
 as an LDAP URI. If <port> is not given, the standard LDAP port number
-(389 or 636) is used. The content of the
+(389 or 636) is used.
+
+The content of the
 .B syncrepl
 replica is defined using a search
 specification as its result set. The consumer
@@ -1558,16 +1566,21 @@ specification as its result set. The consumer
 will send search requests to the provider
 .B slapd
 according to the search specification. The search specification includes
-.B searchbase, scope, filter, attrs, attrsonly, sizelimit,
+.BR searchbase ", " scope ", " filter ", " attrs ", " attrsonly ", " sizelimit ", "
 and
 .B timelimit
 parameters as in the normal search specification. 
 The \fBscope\fP defaults to \fBsub\fP, the \fBfilter\fP defaults to
-\fB(objectclass=*)\fP, and there is no default \fBsearchbase\fP. The
+\fB(objectclass=*)\fP, while there is no default \fBsearchbase\fP. The
 \fBattrs\fP list defaults to \fB"*,+"\fP to return all user and operational
 attributes, and \fBattrsonly\fP is unset by default.
 The \fBsizelimit\fP and \fBtimelimit\fP only
 accept "unlimited" and positive integers, and both default to "unlimited".
+The \fBsizelimit\fP parameter defines a consumer requested limitation
+on the number of entries that can be returned by the search; as such,
+it is intended to implement partial replication based on the size
+of the replicated database.
+
 The LDAP Content Synchronization protocol has two operation types.
 In the
 .B refreshOnly
@@ -1591,10 +1604,18 @@ For example, retry="60 10 300 3" lets the consumer retry every 60 seconds
 for the first 10 times and then retry every 300 seconds for the next 3
 times before stop retrying. The `+' in <# of retries> means indefinite
 number of retries until success.
+
 The schema checking can be enforced at the LDAP Sync
 consumer site by turning on the
 .B schemachecking
-parameter. The default is off.
+parameter. The default is \fBoff\fP.
+Schema checking \fBon\fP means that replicated entries must have
+a structural objectClass, must obey to objectClass requirements
+in terms of required/allowed attributes, and that naming attributes
+and distinguished values must be present.
+As a consequence, schema checking should be \fBoff\fP when partial
+replication is used.
+
 The
 .B starttls
 parameter specifies use of the StartTLS extended operation
@@ -1603,6 +1624,7 @@ StartTLS request fails and the
 .B critical
 argument was used, the session will be aborted. Otherwise the syncrepl
 session continues without TLS.
+
 A
 .B bindmethod
 of 
@@ -1635,6 +1657,11 @@ keyword above) for a SASL bind can be set with the
 option. A non default SASL realm can be set with the
 .B realm 
 option.
+The identity used for synchronization by the consumer should be allowed
+to receive an unlimited number of entries in response to a search request;
+this can be accomplished by either allowing unlimited \fBsizelimit\fP
+or by setting an appropriate \fBlimits\fP statement in the consumer's
+configuration (see \fBsizelimit\fP and \fBlimits\fP for details).
 
 Rather than replicating whole entries, the consumer can query logs of
 data modifications. This mode of operation is referred to as \fIdelta