From: Ryan Tandy <ryan@nardis.ca>
Date: Mon, 14 Jul 2014 16:42:14 +0000 (-0700)
Subject: ITS#7897 fix admin guide syncrepl TLS defaults
X-Git-Url: https://git.sur5r.net/?p=openldap;a=commitdiff_plain;h=cd5147703c0f06aff9d3640bccf5b8bfde37b2f2

ITS#7897 fix admin guide syncrepl TLS defaults

In 2.4 syncrepl was changed to take its TLS defaults from the slapd
configuration (commit 1cc1f9b) and the man page was updated to document
that (commit 27dd7a5). This updates the admin guide to match.
---

diff --git a/doc/guide/admin/slapdconf2.sdf b/doc/guide/admin/slapdconf2.sdf
index 6e1040cdf7..204c56a60c 100644
--- a/doc/guide/admin/slapdconf2.sdf
+++ b/doc/guide/admin/slapdconf2.sdf
@@ -669,10 +669,8 @@ The {{EX:starttls}} parameter specifies use of the StartTLS extended
 operation to establish a TLS session before authenticating to the provider.
 If the {{EX:critical}} argument is supplied, the session will be aborted
 if the StartTLS request fails.  Otherwise the syncrepl session continues
-without TLS.  Note that the main slapd TLS settings are not used by the
-syncrepl engine; by default the TLS parameters from a {{ldap.conf}}(5)
-configuration file will be used.  TLS settings may be specified here,
-in which case any {{ldap.conf}}(5) settings will be completely ignored.
+without TLS.  The tls_reqcert setting defaults to {{EX:"demand"}} and the
+other TLS settings default to the same as the main slapd TLS settings.
 
 Rather than replicating whole entries, the consumer can query logs
 of data modifications.  This mode of operation is referred to as
diff --git a/doc/guide/admin/slapdconfig.sdf b/doc/guide/admin/slapdconfig.sdf
index 8bbc05f4e0..f197b6c5d4 100644
--- a/doc/guide/admin/slapdconfig.sdf
+++ b/doc/guide/admin/slapdconfig.sdf
@@ -520,10 +520,8 @@ The {{EX:starttls}} parameter specifies use of the StartTLS extended
 operation to establish a TLS session before authenticating to the provider.
 If the {{EX:critical}} argument is supplied, the session will be aborted
 if the StartTLS request fails.  Otherwise the syncrepl session continues
-without TLS.  Note that the main slapd TLS settings are not used by the
-syncrepl engine; by default the TLS parameters from a {{ldap.conf}}(5)
-configuration file will be used.  TLS settings may be specified here,
-in which case any {{ldap.conf}}(5) settings will be completely ignored.
+without TLS.  The tls_reqcert setting defaults to {{EX:"demand"}} and the
+other TLS settings default to the same as the main slapd TLS settings.
 
 Rather than replicating whole entries, the consumer can query logs
 of data modifications.  This mode of operation is referred to as