.TH LDAP.CONF 5 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
-.\" Copyright 1998-2004 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2005 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.UC 6
.SH NAME
Specifies the URI(s) of an LDAP server(s) to which the
.I LDAP
library should connect. The URI scheme may be either
-.BR ldap or
+.B ldap
+or
.B ldaps
which refer to LDAP over TCP and LDAP over SSL (TLS) respectively.
Each server's name can be specified as a
is deprecated in favor of
.BR URI.
.TP
+.B REFERRALS <on/true/yes/off/false/no>
+Specifies if the client should automatically follow referrals returned
+by LDAP servers.
+The default is on.
+Note that the command line tools
+.BR ldapsearch (1)
+&co always override this option.
+.TP
.B SIZELIMIT <integer>
Specifies a size limit to use when performing searches. The
number should be a non-negative integer. \fISIZELIMIT\fP of zero (0)
certificate is provided, or a bad certificate is provided, the session
is immediately terminated. This is the default setting.
.RE
+.TP
+.B TLS_CRLCHECK <level>
+Specifies if the Certificate Revocation List (CRL) of the CA should be
+used to verify if the server certificates have not been revoked. This
+requires
+.B TLS_CACERTDIR
+parameter to be set.
+.B <level>
+can be specified as one of the following keywords:
+.RS
+.TP
+.B none
+No CRL checks are performed
+.TP
+.B peer
+Check the CRL of the peer certificate
+.TP
+.B all
+Check the CRL for a whole certificate chain
+.RE
.SH "ENVIRONMENT VARIABLES"
.TP
LDAPNOINIT
.I $CWD/ldaprc
local ldap configuration file
.SH "SEE ALSO"
-.BR ldap (3)
+.BR ldap (3),
+.BR openssl (1),
+.BR sasl (3)
.SH AUTHOR
Kurt Zeilenga, The OpenLDAP Project
.SH ACKNOWLEDGEMENTS