Commit 4ee2ae8f authored by Kurt Zeilenga's avatar Kurt Zeilenga
Browse files

StartTLS cleanup

parent 553f59b9
......@@ -206,7 +206,7 @@ If OpenLDAP is built with Transport Layer Security support, there
are more options you can specify. These options are used when an
.B ldaps:// URI
is selected (by default or otherwise) or when the application
negotiates TLS by issuing the LDAP Start TLS operation.
negotiates TLS by issuing the LDAP StartTLS operation.
.TP
.B TLS_CACERT <filename>
Specifies the file that contains certificates for all of the Certificate
......
......@@ -302,12 +302,12 @@ underlying libldap, with rebinding eventually performed if the
.TP
.B tls {[try-]start|[try-]propagate}
execute the start TLS extended operation when the connection is initialized;
execute the StartTLS extended operation when the connection is initialized;
only works if the URI directive protocol scheme is not \fBldaps://\fP.
\fBpropagate\fP issues the Start TLS exop only if the original
\fBpropagate\fP issues the StartTLS operation only if the original
connection did.
The \fBtry-\fP prefix instructs the proxy to continue operations
if start TLS failed; its use is highly deprecated.
if the StartTLS operation failed; its use is highly deprecated.
.TP
.B t-f-support {NO|yes|discover}
......
......@@ -308,12 +308,12 @@ overridden by any per-target directive.
.TP
.B tls {[try-]start|[try-]propagate}
execute the start TLS extended operation when the connection is initialized;
execute the StartTLS extended operation when the connection is initialized;
only works if the URI directive protocol scheme is not \fBldaps://\fP.
\fBpropagate\fP issues the Start TLS exop only if the original
\fBpropagate\fP issues the StartTLS operation only if the original
connection did.
The \fBtry-\fP prefix instructs the proxy to continue operations
if start TLS failed; its use is highly deprecated.
if the StartTLS operation failed; its use is highly deprecated.
If set before any target specification, it affects all targets, unless
overridden by any per-target directive.
......@@ -662,7 +662,7 @@ modifyAttrDN modify AVA
modrDN modrdn
newSuperiorDN modrdn
deleteDN delete
exopPasswdDN passwd exop DN if proxy
exopPasswdDN password modify extended operation DN if proxy
.fi
.RE
.LP
......
......@@ -411,10 +411,10 @@ disables acceptance of anonymous bind requests.
.B bind_simple
disables simple (bind) authentication.
.B tls_2_anon
disables Start TLS from forcing session to anonymous status (see also
.BR tls_authc ).
disables forcing session to anonymous status (see also
.BR tls_authc ) upon StartTLS operation receipt.
.B tls_authc
disables StartTLS if authenticated (see also
dissallow the StartTLS operation if authenticated (see also
.BR tls_2_anon ).
.HP
.hy 0
......
......@@ -326,7 +326,7 @@ referralAttrDN add/modify DN portion of referrals
modrDN modrdn
newSuperiorDN modrdn
deleteDN delete
exopPasswdDN passwd exop DN
exopPasswdDN password modify extended operation DN
.fi
.RE
.LP
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment