From bc05849a8d67b2d45096be1f4ab0f1fe439fcf3f Mon Sep 17 00:00:00 2001
From: Quanah Gibson-Mount <quanah@openldap.org>
Date: Thu, 26 Aug 2021 21:27:40 +0000
Subject: [PATCH] ITS#9646 - Fix verbiage for the try-propagate option

---
 doc/man/man5/slapd-asyncmeta.5 | 7 ++++---
 doc/man/man5/slapd-ldap.5      | 2 +-
 doc/man/man5/slapd-meta.5      | 7 ++++---
 3 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/doc/man/man5/slapd-asyncmeta.5 b/doc/man/man5/slapd-asyncmeta.5
index c1474aa90c..55660f80f4 100644
--- a/doc/man/man5/slapd-asyncmeta.5
+++ b/doc/man/man5/slapd-asyncmeta.5
@@ -474,10 +474,11 @@ connection unless the URI directive protocol scheme is \fBldaps://\fP.
 In that case this keyword may only be set to "ldaps" and the StartTLS
 operation will not be used.
 
-\fBpropagate\fP issues the StartTLS operation only if the original
-connection did.
+With \fBpropagate\fP, the proxy issues the StartTLS operation only if
+the original connection has a TLS layer set up.
 The \fBtry\-\fP prefix instructs the proxy to continue operations
-if the StartTLS operation failed; its use is highly deprecated.
+if the StartTLS operation failed; its use is \fBnot\fP recommended.
+
 The TLS settings default to the same as the main slapd TLS settings,
 except for
 .B tls_reqcert
diff --git a/doc/man/man5/slapd-ldap.5 b/doc/man/man5/slapd-ldap.5
index 1c29378287..ad423a9b62 100644
--- a/doc/man/man5/slapd-ldap.5
+++ b/doc/man/man5/slapd-ldap.5
@@ -626,7 +626,7 @@ connection unless the URI directive protocol scheme is \fBldaps://\fP.
 In that case this keyword may only be set to "ldaps" and the StartTLS
 operation will not be used.
 
-With \fBpropagate\fP, the proxy issues StartTLS operation only if
+With \fBpropagate\fP, the proxy issues the StartTLS operation only if
 the original connection has a TLS layer set up.
 The \fBtry\-\fP prefix instructs the proxy to continue operations
 if the StartTLS operation failed; its use is \fBnot\fP recommended.
diff --git a/doc/man/man5/slapd-meta.5 b/doc/man/man5/slapd-meta.5
index 0f659d1f8a..4101f7f006 100644
--- a/doc/man/man5/slapd-meta.5
+++ b/doc/man/man5/slapd-meta.5
@@ -754,10 +754,11 @@ connection unless the URI directive protocol scheme is \fBldaps://\fP.
 In that case this keyword may only be set to "ldaps" and the StartTLS
 operation will not be used.
 
-\fBpropagate\fP issues the StartTLS operation only if the original
-connection did.
+With \fBpropagate\fP, the proxy issues the StartTLS operation only if
+the original connection has a TLS layer set up.
 The \fBtry\-\fP prefix instructs the proxy to continue operations
-if the StartTLS operation failed; its use is highly deprecated.
+if the StartTLS operation failed; its use is \fBnot\fP recommended.
+
 The TLS settings default to the same as the main slapd TLS settings,
 except for
 .B tls_reqcert
-- 
2.47.3