ITS#7700 - Update syncrepl configuration bits with missing parameters

doc/guide/admin/slapdconfig.sdf

@@ -229,7 +229,7 @@ from a search operation.
 
 >	sizelimit 500
 
-See the {{SECT:Limits}} section of this guide and slapd.conf(5)
+See the {{SECT:Limits}} section of this guide and {{slapd.conf}}(5)
 for more details.
 
 H4: timelimit <integer>
@@ -243,7 +243,7 @@ exceeded timelimit will be returned.
 
 >	timelimit 3600
 
-See the {{SECT:Limits}} section of this guide and slapd.conf(5)
+See the {{SECT:Limits}} section of this guide and {{slapd.conf}}(5)
 for more details.
 
 
@@ -309,7 +309,7 @@ H4: limits <who> <limit> [<limit> [...]]
 
 Specify time and size limits based on who initiated an operation.
 
-See the {{SECT:Limits}} section of this guide and slapd.conf(5)
+See the {{SECT:Limits}} section of this guide and {{slapd.conf}}(5)
 for more details.
 
 
@@ -388,17 +388,20 @@ H4: syncrepl
 
 >	syncrepl rid=<replica ID>
 >		provider=ldap[s]://<hostname>[:port]
+>		searchbase=<base DN>
 >		[type=refreshOnly|refreshAndPersist]
 >		[interval=dd:hh:mm:ss]
 >		[retry=[<retry interval> <# of retries>]+]
->		searchbase=<base DN>
 >		[filter=<filter str>]
 >		[scope=sub|one|base]
 >		[attrs=<attr list>]
+>		[exattrs=<attr list>]
 >		[attrsonly]
 >		[sizelimit=<limit>]
 >		[timelimit=<limit>]
 >		[schemachecking=on|off]
+>		[network-timeout=<seconds>]
+>		[timeout=<seconds>]
 >		[bindmethod=simple|sasl]
 >		[binddn=<DN>]
 >		[saslmech=<mech>]
@@ -407,6 +410,7 @@ H4: syncrepl
 >		[credentials=<passwd>]
 >		[realm=<realm>]
 >		[secprops=<properties>]
+>		[keepalive=<idle>:<probes>:<interval>]
 >		[starttls=yes|critical]
 >		[tls_cert=<file>]
 >		[tls_key=<file>]
@@ -415,6 +419,8 @@ H4: syncrepl
 >		[tls_reqcert=never|allow|try|demand]
 >		[tls_cipher_suite=<ciphers>]
 >		[tls_crlcheck=none|peer|all]
+>		[tls_protocol_min=<major>[.<minor>]]
+>		[suffixmassage=<real DN>]
 >		[logbase=<base DN>]
 >		[logfilter=<filter str>]
 >		[syncdata=default|accesslog|changelog]
@@ -452,7 +458,7 @@ The content of the syncrepl replica is defined using a search
 specification as its result set. The consumer slapd will
 send search requests to the provider slapd according to the search
 specification. The search specification includes {{EX:searchbase}},
-{{EX:scope}}, {{EX:filter}}, {{EX:attrs}}, {{EX:attrsonly}},
+{{EX:scope}}, {{EX:filter}}, {{EX:attrs}}, {{EX:exattrs}}, {{EX:attrsonly}},
 {{EX:sizelimit}}, and {{EX:timelimit}} parameters as in the normal
 search specification. The {{EX:searchbase}} parameter has no
 default value and must always be specified. The {{EX:scope}} defaults
@@ -460,7 +466,8 @@ to {{EX:sub}}, the {{EX:filter}} defaults to {{EX:(objectclass=*)}},
 {{EX:attrs}} defaults to {{EX:"*,+"}} to replicate all user and operational
 attributes, and {{EX:attrsonly}} is unset by default. Both {{EX:sizelimit}}
 and {{EX:timelimit}} default to "unlimited", and only positive integers
-or "unlimited" may be specified.
+or "unlimited" may be specified. The {{EX:exattrs}} option may also be used
+to specify attributes that should be omitted from incoming entries.
 
 The {{TERM[expand]LDAP Sync}} protocol has two operation
 types: {{EX:refreshOnly}} and {{EX:refreshAndPersist}}.
@@ -490,6 +497,12 @@ required by the schema definition.
 If it is turned off, entries will be stored without checking
 schema conformance. The default is off.
 
+The {{EX:network-timeout}} parameter sets how long the consumer will
+wait to establish a network connection to the provider.  Once a
+connection is established, the {{EX:timeout}} parameter determines how
+long the consumer will wait for the initial Bind request to complete.  The
+defaults for these parameters come from {{ldap.conf}}(5).
+
 The {{EX:binddn}} parameter gives the DN to bind as for the
 syncrepl searches to the provider slapd. It should be a DN
 which has read access to the replication content in the
@@ -516,6 +529,17 @@ The {{EX:realm}} parameter specifies a realm which a certain
 mechanisms authenticate the identity within. The {{EX:secprops}}
 parameter specifies Cyrus SASL security properties.
 
+The {{EX:keepalive} parameter sets the values of idle, probes, and interval
+used to check whether a socket is alive;  idle is the number of seconds a
+connection needs to remain idle before TCP starts sending keepalive probes;
+probes is the maximum number of keepalive probes TCP should send before
+dropping the connection; interval is interval in seconds between individual
+keepalive probes.  Only some systems support the customization of these
+values; the keepalive parameter is ignored otherwise, and system-wide
+settings are used. For example, keepalive="240:10:30" will send a keepalive
+probe 10 times, every 30 seconds, after 240 seconds of idle activity.  If
+no response to the probes is received, the connection will be dropped.
+
 The {{EX:starttls}} parameter specifies use of the StartTLS extended
 operation to establish a TLS session before authenticating to the provider.
 If the {{EX:critical}} argument is supplied, the session will be aborted
@@ -523,6 +547,11 @@ if the StartTLS request fails.  Otherwise the syncrepl session continues
 without TLS.  The tls_reqcert setting defaults to {{EX:"demand"}} and the
 other TLS settings default to the same as the main slapd TLS settings.
 
+The {{EX:suffixmassage}} parameter allows the consumer to pull entries
+from a remote directory whose DN suffix differs from the local directory.
+The portion of the remote entries' DNs that matches the searchbase will
+be replaced with the suffixmassage DN.
+
 Rather than replicating whole entries, the consumer can query logs
 of data modifications.  This mode of operation is referred to as
 {{delta syncrepl}}.  In addition to the above parameters, the