ITS#9071 Document "tls none" for back-ldap

diff --git a/doc/man/man5/slapd-ldap.5 b/doc/man/man5/slapd-ldap.5
index c0235ad6b08c548157dd7deee8ad79d74f109a41..34ae9c6baec613a1c10a91be5d2b84a55a6b33c5 100644 (file)
--- a/doc/man/man5/slapd-ldap.5
+++ b/doc/man/man5/slapd-ldap.5
@@ -584,7 +584,7 @@ is used.
 
 .HP
 .hy 0
-.B tls {[try\-]start|[try\-]propagate|ldaps}
+.B tls {none|[try\-]start|[try\-]propagate|ldaps}
 .B [starttls=no]
 .B [tls_cert=<file>]
 .B [tls_key=<file>]
@@ -594,12 +594,13 @@ is used.
 .B [tls_cipher_suite=<ciphers>]
 .B [tls_crlcheck=none|peer|all]
 .RS
-Specify the use of TLS when a regular connection is initialized. The
-StartTLS extended operation will be used unless the URI directive protocol
-scheme is \fBldaps://\fP. In that case this keyword may only be
-set to "ldaps" and the StartTLS operation will not be used.
-\fBpropagate\fP issues the StartTLS operation only if the original
-connection did.
+Specify TLS settings for regular connections.
+
+The first parameter only applies to \fBldap://\fP connections and so
+at the moment, \fBnone\fP and \fBldaps\fP are equivalent.
+
+With \fBpropagate\fP, the proxy issues StartTLS operation only if
+the original connection has a TLS layer set up.
 The \fBtry\-\fP prefix instructs the proxy to continue operations
 if the StartTLS operation failed; its use is \fBnot\fP recommended.