From 5b304a3ae673bb9bd144b2c89ca707fced8fb543 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Kuzn=C3=ADk?= Date: Fri, 30 Aug 2019 14:02:20 +0100 Subject: [PATCH] ITS#9071 Document "tls none" for back-ldap --- doc/man/man5/slapd-ldap.5 | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/doc/man/man5/slapd-ldap.5 b/doc/man/man5/slapd-ldap.5 index c0235ad6b0..34ae9c6bae 100644 --- a/doc/man/man5/slapd-ldap.5 +++ b/doc/man/man5/slapd-ldap.5 @@ -584,7 +584,7 @@ is used. .HP .hy 0 -.B tls {[try\-]start|[try\-]propagate|ldaps} +.B tls {none|[try\-]start|[try\-]propagate|ldaps} .B [starttls=no] .B [tls_cert=] .B [tls_key=] @@ -594,12 +594,13 @@ is used. .B [tls_cipher_suite=] .B [tls_crlcheck=none|peer|all] .RS -Specify the use of TLS when a regular connection is initialized. The -StartTLS extended operation will be used unless the URI directive protocol -scheme is \fBldaps://\fP. In that case this keyword may only be -set to "ldaps" and the StartTLS operation will not be used. -\fBpropagate\fP issues the StartTLS operation only if the original -connection did. +Specify TLS settings for regular connections. + +The first parameter only applies to \fBldap://\fP connections and so +at the moment, \fBnone\fP and \fBldaps\fP are equivalent. + +With \fBpropagate\fP, the proxy issues StartTLS operation only if +the original connection has a TLS layer set up. The \fBtry\-\fP prefix instructs the proxy to continue operations if the StartTLS operation failed; its use is \fBnot\fP recommended.