list of hosts may be provided.
.B HOST
is deprecated in favor of
-.BR URI.
+.BR URI .
.TP
.B PORT <port>
Specifies the default port used when connecting to LDAP servers(s).
.B always
Aliases are dereferenced both in searching and in locating the base object
of the search.
+.RE
.SH SASL OPTIONS
If OpenLDAP is built with Simple Authentication and Security Layer support,
there are more options you can specify.
.RE
.SH TLS OPTIONS
If OpenLDAP is built with Transport Layer Security support, there
-are more options you can specify.
-.TP
-.B TLS <level>
-Specifies whether client connections should use TLS by default. The
-.B <level>
-can be specified as one of the following keywords:
-.RS
-.TP
-.B never
-This is the default. Connections will be opened in the clear unless
-TLS is explicitly specified (e.g. using an "ldaps://" URL.)
-.TP
-.B hard
-All connections will be established with TLS.
-Note that using this option effectively makes the library open every
-session as an ldaps session and is incompatible with the LDAPv3 StartTLS
-request.
-.RE
+are more options you can specify. These options are used when an
+.B ldaps:// URI
+is selected (by default or otherwise) or when the application
+negotiates TLS by issuing the LDAP Start TLS operation.
.TP
.B TLS_CACERT <filename>
Specifies the file that contains certificates for all of the Certificate
These keywords are equivalent. The server certificate is requested. If no
certificate is provided, or a bad certificate is provided, the session
is immediately terminated. This is the default setting.
+.RE
.SH "ENVIRONMENT VARIABLES"
.TP
LDAPNOINIT