From 27dd7a538303a8a6f73ece911c829f484cdc6609 Mon Sep 17 00:00:00 2001
From: Howard Chu <hyc@openldap.org>
Date: Mon, 8 Jan 2007 20:38:42 +0000
Subject: [PATCH] syncrepl inherits default TLS settings from main slapd config

---
 doc/man/man5/slapd-config.5 | 8 +++-----
 doc/man/man5/slapd.conf.5   | 8 +++-----
 2 files changed, 6 insertions(+), 10 deletions(-)

diff --git a/doc/man/man5/slapd-config.5 b/doc/man/man5/slapd-config.5
index b22ba1bf75..f0dbc1fea2 100644
--- a/doc/man/man5/slapd-config.5
+++ b/doc/man/man5/slapd-config.5
@@ -1781,11 +1781,9 @@ parameter specifies use of the StartTLS extended operation
 to establish a TLS session before Binding to the provider. If the
 .B critical
 argument is supplied, the session will be aborted if the StartTLS request
-fails. Otherwise the syncrepl session continues without TLS.  Note that the
-main slapd TLS settings are not used by the syncrepl engine;
-by default the TLS parameters from ETCDIR/ldap.conf will be used.
-TLS settings may be specified here, in which case the ldap.conf settings
-will be completely ignored.
+fails. Otherwise the syncrepl session continues without TLS. The
+tls_reqcert setting defaults to "demand" and the other TLS settings
+default to the same as the main slapd TLS settings.
 
 Rather than replicating whole entries, the consumer can query logs of
 data modifications. This mode of operation is referred to as \fIdelta
diff --git a/doc/man/man5/slapd.conf.5 b/doc/man/man5/slapd.conf.5
index 776a07c8c7..4db7b1c1b7 100644
--- a/doc/man/man5/slapd.conf.5
+++ b/doc/man/man5/slapd.conf.5
@@ -1689,11 +1689,9 @@ parameter specifies use of the StartTLS extended operation
 to establish a TLS session before Binding to the provider. If the
 .B critical
 argument is supplied, the session will be aborted if the StartTLS request
-fails. Otherwise the syncrepl session continues without TLS.  Note that the
-main slapd TLS settings are not used by the syncrepl engine;
-by default the TLS parameters from ETCDIR/ldap.conf will be used.
-TLS settings may be specified here, in which case the ldap.conf settings
-will be completely ignored.
+fails. Otherwise the syncrepl session continues without TLS. The
+tls_reqcert setting defaults to "demand" and the other TLS settings
+default to the same as the main slapd TLS settings.
 
 Rather than replicating whole entries, the consumer can query logs of
 data modifications. This mode of operation is referred to as \fIdelta
-- 
2.39.5