.TH SLAPD-LDAP 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 1998-2013 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2017 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.\" $OpenLDAP$
.SH NAME
.B [tls_cacert=<file>]
.B [tls_cacertdir=<path>]
.B [tls_reqcert=never|allow|try|demand]
-.B [tls_ciphersuite=<ciphers>]
+.B [tls_cipher_suite=<ciphers>]
.B [tls_protocol_min=<major>[.<minor>]]
.B [tls_crlcheck=none|peer|all]
.RS
-Allows to define the parameters of the authentication method that is
+Allows one to define the parameters of the authentication method that is
internally used by the proxy to collect info related to access control,
and whenever an operation occurs with the identity of the rootdn
of the LDAP proxy database.
.B [tls_cacert=<file>]
.B [tls_cacertdir=<path>]
.B [tls_reqcert=never|allow|try|demand]
-.B [tls_ciphersuite=<ciphers>]
+.B [tls_cipher_suite=<ciphers>]
.B [tls_protocol_min=<version>]
.B [tls_crlcheck=none|peer|all]
.RS
-Allows to define the parameters of the authentication method that is
+Allows one to define the parameters of the authentication method that is
internally used by the proxy to authorize connections that are
authenticated by other databases.
Direct binds are always proxied without any idassert handling.
do not return search reference responses.
By default, they are returned unless request is LDAPv2.
+.TP
+.B omit-unknown-schema <NO|yes>
+If
+.BR yes ,
+do not return objectClasses or attributes that are not known to the local server.
+The default is to return all schema elements.
+
.TP
.B noundeffilter <NO|yes>
If
.TP
.B onerr {CONTINUE|stop}
-This directive allows to select the behavior in case an error is returned
+This directive allows one to select the behavior in case an error is returned
by the remote server during a search.
The default, \fBcontinue\fP, consists in returning success.
If the value is set to \fBstop\fP, the error is returned to the client.
.TP
.B timeout [<op>=]<val> [...]
-This directive allows to set per-operation timeouts.
+This directive allows one to set per-operation timeouts.
Operations can be
\fB<op> ::= bind, add, delete, modrdn, modify, compare, search\fP
.B [tls_cacert=<file>]
.B [tls_cacertdir=<path>]
.B [tls_reqcert=never|allow|try|demand]
-.B [tls_ciphersuite=<ciphers>]
+.B [tls_cipher_suite=<ciphers>]
.B [tls_crlcheck=none|peer|all]
.RS
Specify the use of TLS when a regular connection is initialized. The