diff --git a/CHANGES b/CHANGES
index ca3c9bb601647ab726de6990e09dcfb4a3c19a02..c1d913eebd20edf8a02991c2cf10b4dcb310da50 100644
--- a/CHANGES
+++ b/CHANGES
@@ -46,7 +46,13 @@ OpenLDAP 2.4.17 Engineering
 		admin24 removed temporary back-monitor note (ITS#6130)
 		admin24 slapd.conf to cn=config conversion process (ITS#6060)
 		man page consistency fixes (ITS#6023)
+		ldapcompare(1) note -e option (ITS#6107)
+		ldapdelete(1) note -e option (ITS#6107)
+		ldapmodify(1) note -e option (ITS#6107)
+		ldapmodrdn(1) note -e option (ITS#6107)
 		ldapsearch(1) output format description (ITS#6146)
+		ldapurl(1) note -e option (ITS#6107)
+		ldapwhoami(1) note -e option (ITS#6107)
 		ldap.conf(5) improve sizelimit/timelimit limits (ITS#6127)
 		slapd.conf(5) pidfile/argsfile description fix (ITS#5975)
 		slapd-config(5) pidfile/argsfile description fix (ITS#5975)
diff --git a/doc/man/man1/ldapcompare.1 b/doc/man/man1/ldapcompare.1
index 2de69dd1a0a9adef501c25044884a40902b4821a..d703c99dbbedeeb2e79328ea9de8fdaec3cda29f 100644
--- a/doc/man/man1/ldapcompare.1
+++ b/doc/man/man1/ldapcompare.1
@@ -33,6 +33,10 @@ ldapcompare \- LDAP compare tool
 [\c
 .BR \-P \ { 2 \||\| 3 }]
 [\c
+.BR \-e \ [ ! ] \fIext\fP [ =\fIextparam\fP ]]
+[\c
+.BR \-E \ [ ! ] \fIext\fP [ =\fIextparam\fP ]]
+[\c
 .BI \-O \ security-properties\fR]
 [\c
 .BR \-I ]
@@ -140,6 +144,36 @@ Deprecated in favor of \fB\-H\fP.
 .BR \-P \ { 2 \||\| 3 }
 Specify the LDAP protocol version to use.
 .TP
+.BR \-e \ [ ! ] \fIext\fP [ =\fIextparam\fP ]
+.TP
+.BR \-E \ [ ! ] \fIext\fP [ =\fIextparam\fP ]
+
+Specify general extensions with \fB\-e\fP and search extensions with \fB\-E\fP.
+\'\fB!\fP\' indicates criticality.
+
+General extensions:
+.nf
+  [!]assert=<filter>   (an RFC 4515 Filter)
+  [!]authzid=<authzid> ("dn:<dn>" or "u:<user>")
+  [!]manageDSAit
+  [!]noop
+  ppolicy
+  [!]postread[=<attrs>]        (a comma-separated attribute list)
+  [!]preread[=<attrs>] (a comma-separated attribute list)
+  abandon, cancel (SIGINT sends abandon/cancel; not really controls)
+.fi
+
+Search extensions:
+.nf
+  [!]domainScope                               (domain scope)
+  [!]mv=<filter>                               (matched values filter)
+  [!]pr=<size>[/prompt|noprompt]       (paged results/prompt)
+  [!]sss=[\-]<attr[:OID]>[/[\-]<attr[:OID]>...]  (server side sorting)
+  [!]subentries[=true|false]           (subentries)
+  [!]sync=ro[/<cookie>]                        (LDAP Sync refreshOnly)
+          rp[/<cookie>][/<slimit>]     (LDAP Sync refreshAndPersist)
+.fi
+.TP
 .BI \-O \ security-properties
 Specify SASL security properties.
 .TP
diff --git a/doc/man/man1/ldapdelete.1 b/doc/man/man1/ldapdelete.1
index 5e2191aff62db6f626ad19502d80f6fd703e9f1c..3287d91751965351bf7302c4e794d239b0ddf207 100644
--- a/doc/man/man1/ldapdelete.1
+++ b/doc/man/man1/ldapdelete.1
@@ -33,6 +33,10 @@ ldapdelete \- LDAP delete entry tool
 [\c
 .BR \-P \ { 2 \||\| 3 }]
 [\c
+.BR \-e \ [ ! ] \fIext\fP [ =\fIextparam\fP ]]
+[\c
+.BR \-E \ [ ! ] \fIext\fP [ =\fIextparam\fP ]]
+[\c
 .BI \-p \ ldapport\fR]
 [\c
 .BI \-O \ security-properties\fR]
@@ -135,6 +139,36 @@ Deprecated in favor of \fB\-H\fP.
 .BR \-P \ { 2 \||\| 3 }
 Specify the LDAP protocol version to use.
 .TP
+.BR \-e \ [ ! ] \fIext\fP [ =\fIextparam\fP ]
+.TP
+.BR \-E \ [ ! ] \fIext\fP [ =\fIextparam\fP ]
+
+Specify general extensions with \fB\-e\fP and search extensions with \fB\-E\fP.
+\'\fB!\fP\' indicates criticality.
+
+General extensions:
+.nf
+  [!]assert=<filter>   (an RFC 4515 Filter)
+  [!]authzid=<authzid> ("dn:<dn>" or "u:<user>")
+  [!]manageDSAit
+  [!]noop
+  ppolicy
+  [!]postread[=<attrs>]        (a comma-separated attribute list)
+  [!]preread[=<attrs>] (a comma-separated attribute list)
+  abandon, cancel (SIGINT sends abandon/cancel; not really controls)
+.fi
+
+Search extensions:
+.nf
+  [!]domainScope                               (domain scope)
+  [!]mv=<filter>                               (matched values filter)
+  [!]pr=<size>[/prompt|noprompt]       (paged results/prompt)
+  [!]sss=[\-]<attr[:OID]>[/[\-]<attr[:OID]>...]  (server side sorting)
+  [!]subentries[=true|false]           (subentries)
+  [!]sync=ro[/<cookie>]                        (LDAP Sync refreshOnly)
+          rp[/<cookie>][/<slimit>]     (LDAP Sync refreshAndPersist)
+.fi
+.TP
 .B \-r
 Do a recursive delete.  If the DN specified isn't a leaf, its
 children, and all their children are deleted down the tree.  No
diff --git a/doc/man/man1/ldapmodify.1 b/doc/man/man1/ldapmodify.1
index 5c8794995b7de7b0f6c8b806c8100ce6164b84d6..02f7883c93435badfeb3dc1b03623204a9201724 100644
--- a/doc/man/man1/ldapmodify.1
+++ b/doc/man/man1/ldapmodify.1
@@ -37,6 +37,10 @@ ldapmodify, ldapadd \- LDAP modify entry and LDAP add entry tools
 [\c
 .BR \-P \ { 2 \||\| 3 }]
 [\c
+.BR \-e \ [ ! ] \fIext\fP [ =\fIextparam\fP ]]
+[\c
+.BR \-E \ [ ! ] \fIext\fP [ =\fIextparam\fP ]]
+[\c
 .BI \-O \ security-properties\fR]
 [\c
 .BR \-I ]
@@ -202,6 +206,36 @@ Specify the LDAP protocol version to use.
 .BI \-O \ security-properties
 Specify SASL security properties.
 .TP
+.BR \-e \ [ ! ] \fIext\fP [ =\fIextparam\fP ]
+.TP
+.BR \-E \ [ ! ] \fIext\fP [ =\fIextparam\fP ]
+
+Specify general extensions with \fB\-e\fP and search extensions with \fB\-E\fP.
+\'\fB!\fP\' indicates criticality.
+
+General extensions:
+.nf
+  [!]assert=<filter>   (an RFC 4515 Filter)
+  [!]authzid=<authzid> ("dn:<dn>" or "u:<user>")
+  [!]manageDSAit
+  [!]noop
+  ppolicy
+  [!]postread[=<attrs>]        (a comma-separated attribute list)
+  [!]preread[=<attrs>] (a comma-separated attribute list)
+  abandon, cancel (SIGINT sends abandon/cancel; not really controls)
+.fi
+
+Search extensions:
+.nf
+  [!]domainScope                               (domain scope)
+  [!]mv=<filter>                               (matched values filter)
+  [!]pr=<size>[/prompt|noprompt]       (paged results/prompt)
+  [!]sss=[\-]<attr[:OID]>[/[\-]<attr[:OID]>...]  (server side sorting)
+  [!]subentries[=true|false]           (subentries)
+  [!]sync=ro[/<cookie>]                        (LDAP Sync refreshOnly)
+          rp[/<cookie>][/<slimit>]     (LDAP Sync refreshAndPersist)
+.fi
+.TP
 .B \-I
 Enable SASL Interactive mode.  Always prompt.  Default is to prompt
 only as needed.
diff --git a/doc/man/man1/ldapmodrdn.1 b/doc/man/man1/ldapmodrdn.1
index 22a0d887a6bcb16af49d4aeee2b0d77143121626..bfe5f9aced35a526535387f89d0ab9f1631ede82 100644
--- a/doc/man/man1/ldapmodrdn.1
+++ b/doc/man/man1/ldapmodrdn.1
@@ -37,6 +37,10 @@ ldapmodrdn \- LDAP rename entry tool
 [\c
 .BR \-P \ { 2 \||\| 3 }]
 [\c
+.BR \-e \ [ ! ] \fIext\fP [ =\fIextparam\fP ]]
+[\c
+.BR \-E \ [ ! ] \fIext\fP [ =\fIextparam\fP ]]
+[\c
 .BI \-O \ security-properties\fR]
 [\c
 .BR \-I ]
@@ -144,6 +148,36 @@ Specify the LDAP protocol version to use.
 .BI \-O \ security-properties
 Specify SASL security properties.
 .TP
+.BR \-e \ [ ! ] \fIext\fP [ =\fIextparam\fP ]
+.TP
+.BR \-E \ [ ! ] \fIext\fP [ =\fIextparam\fP ]
+
+Specify general extensions with \fB\-e\fP and search extensions with \fB\-E\fP.
+\'\fB!\fP\' indicates criticality.
+
+General extensions:
+.nf
+  [!]assert=<filter>   (an RFC 4515 Filter)
+  [!]authzid=<authzid> ("dn:<dn>" or "u:<user>")
+  [!]manageDSAit
+  [!]noop
+  ppolicy
+  [!]postread[=<attrs>]        (a comma-separated attribute list)
+  [!]preread[=<attrs>] (a comma-separated attribute list)
+  abandon, cancel (SIGINT sends abandon/cancel; not really controls)
+.fi
+
+Search extensions:
+.nf
+  [!]domainScope                               (domain scope)
+  [!]mv=<filter>                               (matched values filter)
+  [!]pr=<size>[/prompt|noprompt]       (paged results/prompt)
+  [!]sss=[\-]<attr[:OID]>[/[\-]<attr[:OID]>...]  (server side sorting)
+  [!]subentries[=true|false]           (subentries)
+  [!]sync=ro[/<cookie>]                        (LDAP Sync refreshOnly)
+          rp[/<cookie>][/<slimit>]     (LDAP Sync refreshAndPersist)
+.fi
+.TP
 .B \-I
 Enable SASL Interactive mode.  Always prompt.  Default is to prompt
 only as needed.
diff --git a/doc/man/man1/ldapurl.1 b/doc/man/man1/ldapurl.1
index cf4e17364af5014f391c6b45bed7726024c330ea..1c0beab6e84125797be796776bdb6ba8b255f407 100644
--- a/doc/man/man1/ldapurl.1
+++ b/doc/man/man1/ldapurl.1
@@ -11,6 +11,8 @@ ldapurl \- LDAP URL formatting tool
 [\c
 .BI \-b \ searchbase\fR]
 [\c
+.BR \-e \ [ ! ] \fIext\fP [ =\fIextparam\fP ]]
+[\c
 .BR \-E \ [ ! ] \fIext\fP [ =\fIextparam\fP ]]
 [\c
 .BI \-f \ filter\fR]
@@ -57,8 +59,36 @@ Set a comma-separated list of attribute selectors.
 .BI \-b \ searchbase
 Set the \fIsearchbase\fP.
 .TP
+.BR \-e \ [ ! ] \fIext\fP [ =\fIextparam\fP ]
+.TP
 .BR \-E \ [ ! ] \fIext\fP [ =\fIextparam\fP ]
-Set URL extensions; \'!\' indicates criticality.
+
+Specify general extensions with \fB\-e\fP and search extensions with \fB\-E\fP.
+\'\fB!\fP\' indicates criticality.
+
+General extensions:
+.nf
+  [!]assert=<filter>   (an RFC 4515 Filter)
+  [!]authzid=<authzid> ("dn:<dn>" or "u:<user>")
+  [!]manageDSAit
+  [!]noop
+  ppolicy
+  [!]postread[=<attrs>]        (a comma-separated attribute list)
+  [!]preread[=<attrs>] (a comma-separated attribute list)
+  abandon, cancel (SIGINT sends abandon/cancel; not really controls)
+.fi
+
+Search extensions:
+.nf
+  [!]domainScope                               (domain scope)
+  [!]mv=<filter>                               (matched values filter)
+  [!]pr=<size>[/prompt|noprompt]       (paged results/prompt)
+  [!]sss=[\-]<attr[:OID]>[/[\-]<attr[:OID]>...]  (server side sorting)
+  [!]subentries[=true|false]           (subentries)
+  [!]sync=ro[/<cookie>]                        (LDAP Sync refreshOnly)
+          rp[/<cookie>][/<slimit>]     (LDAP Sync refreshAndPersist)
+.fi
+.TP
 .TP
 .BI \-f \ filter
 Set the URL filter.  No particular check on conformity with RFC 4515
diff --git a/doc/man/man1/ldapwhoami.1 b/doc/man/man1/ldapwhoami.1
index 3abb05313feb706b44dfd165d714128b6ce4bdd9..cbce6382d6bc8586ed52ade23f49456b426d04bd 100644
--- a/doc/man/man1/ldapwhoami.1
+++ b/doc/man/man1/ldapwhoami.1
@@ -29,6 +29,10 @@ ldapwhoami \- LDAP who am i? tool
 [\c
 .BI \-p \ ldapport\fR]
 [\c
+.BR \-e \ [ ! ] \fIext\fP [ =\fIextparam\fP ]]
+[\c
+.BR \-E \ [ ! ] \fIext\fP [ =\fIextparam\fP ]]
+[\c
 .BI \-O \ security-properties\fR]
 [\c
 .BR \-I ]
@@ -102,6 +106,36 @@ Deprecated in favor of \fB\-H\fP.
 .BI \-O \ security-properties
 Specify SASL security properties.
 .TP
+.BR \-e \ [ ! ] \fIext\fP [ =\fIextparam\fP ]
+.TP
+.BR \-E \ [ ! ] \fIext\fP [ =\fIextparam\fP ]
+
+Specify general extensions with \fB\-e\fP and search extensions with \fB\-E\fP.
+\'\fB!\fP\' indicates criticality.
+
+General extensions:
+.nf
+  [!]assert=<filter>   (an RFC 4515 Filter)
+  [!]authzid=<authzid> ("dn:<dn>" or "u:<user>")
+  [!]manageDSAit
+  [!]noop
+  ppolicy
+  [!]postread[=<attrs>]        (a comma-separated attribute list)
+  [!]preread[=<attrs>] (a comma-separated attribute list)
+  abandon, cancel (SIGINT sends abandon/cancel; not really controls)
+.fi
+
+Search extensions:
+.nf
+  [!]domainScope                               (domain scope)
+  [!]mv=<filter>                               (matched values filter)
+  [!]pr=<size>[/prompt|noprompt]       (paged results/prompt)
+  [!]sss=[\-]<attr[:OID]>[/[\-]<attr[:OID]>...]  (server side sorting)
+  [!]subentries[=true|false]           (subentries)
+  [!]sync=ro[/<cookie>]                        (LDAP Sync refreshOnly)
+          rp[/<cookie>][/<slimit>]     (LDAP Sync refreshAndPersist)
+.fi
+.TP
 .B \-I
 Enable SASL Interactive mode.  Always prompt.  Default is to prompt
 only as needed.