ITS#8099 bindconf ciphersuite setting is 'tls_cipher_suite'

[openldap] / doc / guide / admin / slapdconfig.sdf

diff --git a/doc/guide/admin/slapdconfig.sdf b/doc/guide/admin/slapdconfig.sdf
index 8bbc05f4e0bddaa3c7c8bd3b4f3c3599ec35019e..0ba13b58fff45b64dec2203a60c375409cbdb62c 100644 (file)
--- a/doc/guide/admin/slapdconfig.sdf
+++ b/doc/guide/admin/slapdconfig.sdf
@@ -1,5 +1,5 @@
 # $OpenLDAP$
-# Copyright 1999-2015 The OpenLDAP Foundation, All Rights Reserved.
+# Copyright 1999-2016 The OpenLDAP Foundation, All Rights Reserved.
 # COPYING RESTRICTIONS APPLY, see COPYRIGHT.
 
 H1: The slapd Configuration File
@@ -413,7 +413,7 @@ H4: syncrepl
 >              [tls_cacert=<file>]
 >              [tls_cacertdir=<path>]
 >              [tls_reqcert=never|allow|try|demand]
->              [tls_ciphersuite=<ciphers>]
+>              [tls_cipher_suite=<ciphers>]
 >              [tls_crlcheck=none|peer|all]
 >              [logbase=<base DN>]
 >              [logfilter=<filter str>]
@@ -520,10 +520,8 @@ The {{EX:starttls}} parameter specifies use of the StartTLS extended
 operation to establish a TLS session before authenticating to the provider.
 If the {{EX:critical}} argument is supplied, the session will be aborted
 if the StartTLS request fails.  Otherwise the syncrepl session continues
-without TLS.  Note that the main slapd TLS settings are not used by the
-syncrepl engine; by default the TLS parameters from a {{ldap.conf}}(5)
-configuration file will be used.  TLS settings may be specified here,
-in which case any {{ldap.conf}}(5) settings will be completely ignored.
+without TLS.  The tls_reqcert setting defaults to {{EX:"demand"}} and the
+other TLS settings default to the same as the main slapd TLS settings.
 
 Rather than replicating whole entries, the consumer can query logs
 of data modifications.  This mode of operation is referred to as