.B [authcId=<authentication ID>] [authzId=<authorization ID>]
.RS
Allows to define the parameters of the authentication method that is
-internally used by the proxy to collect info related to access control.
+internally used by the proxy to collect info related to access control,
+and whenever an operation occurs with the identity of the rootdn
+of the LDAP proxy database.
The identity defined by this directive, according to the properties
associated to the authentication method, is supposed to have read access
on the target server to attributes used on the proxy for ACL checking.
+
There is no risk of giving away such values; they are only used to
check permissions.
The default is to use
.BR simple
bind, with empty \fIbinddn\fP and \fIcredentials\fP,
which means that the related operations will be performed anonymously.
+If not set, and if \fBidassert-bind\fP is defined, this latter identity
+is used instead. See \fBidassert-bind\fP for details.
+
+The connection between the proxy database and the remote server
+associated to this identity is cached regardless of the lifespan
+of the client-proxy connection that first established it.
.B This identity is by no means implicitly used by the proxy
.B when the client connects anonymously.
.B idassert-authzFrom
patterns.
+The identity associated to this directive is also used for privileged
+operations whenever \fBidassert-bind\fP is defined and \fBacl-bind\fP
+is not. See \fBacl-bind\fP for details.
+
This directive obsoletes
.BR idassert-authcDN ,
.BR idassert-passwd ,
This directive causes a cached connection to be dropped an recreated
after it has been idle for the specified time.
+.TP
+.B network-timeout <time>
+Sets the network timeout value after which
+.BR poll (2)/ select (2)
+following a
+.BR connect (2)
+returns in case of no activity.
+The value is in seconds, and it can be specified as for
+.BR idle-timeout .
+
.TP
.B protocol\-version {0,2,3}
This directive indicates what protocol version must be used to contact
.TP
.B rebind-as-user {NO|yes}
If this option is given, the client's bind credentials are remembered
-for rebinds when chasing referrals. Useful when
-\fBchase-referrals\fP is set to \fByes\fP, useless otherwise.
+for rebinds, when trying to re-establish a broken connection,
+or when chasing a referral, if
+.B chase-referrals
+is set to
+.IR yes .
.TP
.B single\-conn {NO|yes}