-.RS
-Note: the
-.B binddn
-/
-.B bindpw
-values are also used to propagate user authorization by means of the
-.B proxyAuthz
-mechanism when operations performed by users bound to another backend
-are propagated to back-ldap.
+.TP
+.B bindpw <password>
+Password used with the bind DN above.
+.TP
+.B proxyauthzdn "<administrative DN for proxyAuthz purposes>"
+DN which is used to propagate the client's identity to the target
+by means of the proxyAuthz control when the client does not
+belong to the DIT fragment that is being proxyied by back-ldap.
+This is useful when operations performed by users bound to another
+backend are propagated through back-ldap.