Misc. cleanup

doc/guide/admin/install.sdf

@@ -11,8 +11,9 @@ Building and installing OpenLDAP requires several steps: installing
 prerequisite software, configuring OpenLDAP itself, making, and finally
 installing.  The following sections describe this process in detail.
 
-In case you haven't already obtained OpenLDAP it is available at the following
-location: {{URL: ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release.tgz}}
+In case you haven't already obtained OpenLDAP it is available at
+the following location:
+{{URL: ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release.tgz}}.
 
 The {{ORG[expand]OLP}} also maintains an extensive site
 ({{URL:http://www.OpenLDAP.org/}}) on the World Wide Web.  The site
@@ -22,6 +23,7 @@ properly install OpenLDAP Software.  This includes:
 !block table; align=Center; coltags="N,URL"; \
 	title="Table 4.1: Other OpenLDAP resources"
 Resource			URL
+Document Catalog		http://www.OpenLDAP.org/doc/
 Frequently Asked Questions	http://www.OpenLDAP.org/faq/
 Issue Tracking System		http://www.OpenLDAP.org/its/
 Mailing Lists			http://www.OpenLDAP.org/lists/
@@ -31,13 +33,14 @@ Support Page 			http://www.OpenLDAP.org/support/
  
 H2: Prerequisite software
 
-OpenLDAP relies a number of software packages distributed by third
-parties.  Depending on the features you intend to use, you may have
-to download and install a number of additional software packages.
-This section details commonly needed third party software packages
-you might have to install.  Note that some of these third party
-packages may depend on additional software packages.  Install each
-package per installation instructions provided with it.
+OpenLDAP Software relies upon a number of software packages distributed
+by third parties.  Depending on the features you intend to use,
+you may have to download and install a number of additional
+software packages.  This section details commonly needed third party
+software packages you might have to install.  Note that some of
+these third party packages may depend on additional software
+packages.  Install each package per installation instructions
+provided with it.
 
 H3: {{TERM[expand]TLS}}
 
@@ -243,6 +246,6 @@ source directory, type:
 
 You should examine the output of this command carefully to make sure
 everything is installed correctly. You will find the configuration files
-for slapd in {{F:/usr/local/etc/openldap}} by default.  See chapter 5 for more
-information on the configuration files.
+for slapd in {{F:/usr/local/etc/openldap}} by default.  See the
+{{SECT:The slapd Configuration File}} chapter for additional information.
 

doc/guide/admin/replication.sdf

@@ -380,9 +380,9 @@ DSA may expect these attributes to be named
 {{EX:lastModifiedBy}} and {{EX:lastModifiedTime}}.
 
 A solution to this attribute naming problem is to have the
-ldapd read oidtables that map {{EX:modifiersName}} to the
-Object Identifier ({{TERM:OID}}) for the {{EX:lastModifiedBy}} attribute and
-{{EX:modifyTimeStamp}} to the OID for the {{EX:lastModifiedTime}}
-attribute. Since attribute names are carried as OIDs over
-DAP, this should perform the appropriate translation of
-attribute names.
+LDAP/DAP gateway to map {{EX:modifiersName}} to the Object
+Identifier ({{TERM:OID}}) for the {{EX:lastModifiedBy}}
+attribute and {{EX:modifyTimeStamp}} to the OID for the
+{{EX:lastModifiedTime}} attribute. Since attribute names
+are carried as OIDs over DAP, this should perform the
+appropriate translation of attribute names.

doc/guide/admin/schema.sdf

@@ -4,10 +4,10 @@
 
 H1: Schema Specification
 
-This chapter describes how to extend {{slapd}}(8) schema.  The
-first section details how to extend schema using provided
-schema files.  The second section details how to define
-new schema items.
+This chapter describes how to extend the schema used by {{slapd}}(8).
+The first section details optional schema definitions provided
+in the distribution and where to obtain other definitions.  The
+second section details how to define new schema items.
 
 H2: Distributed Schema Files
 
@@ -46,11 +46,11 @@ in provided files.
 
 H2: Extending Schema
 
-Schema used by {{slapd}}(8) can be extended to support additional
+Schema used by {{slapd}}(8) may be extended to support additional
 syntaxes, matching rules, attribute types, and object classes.
 This chapter details how to add attribute types and object classes
 using the syntaxes and matching rules already support by slapd.
-slapd(8) can also be extended to support additional syntaxes
+slapd can also be extended to support additional syntaxes
 and matching rules, but this requires some programming and hence
 is not discussed here.
 
@@ -64,11 +64,11 @@ There are five steps to defining new schema:
 H3: Object Identifiers
 
 Each schema element is identified by a globally unique
-{{TERM[expand]OID}} ({{TERM:OID}}).  OIDs are also used to identify
+{{TERM[expand]OID}} (OID).  OIDs are also used to identify
 other objects.
 They are commonly found in protocols described by {{TERM:ASN.1}}.  In
-particular, they are heavy used by {{Simple Network Management
-Protocol}} (SNMP).  As OIDs are hierarchical, your organization
+particular, they are heavy used by {{TERM[expand]SNMP}} (SNMP).
+As OIDs are hierarchical, your organization
 can obtain one OID and branch it as needed.  For example,
 if your organization were assigned OID {{EX:1.1}}, you could branch
 the tree as follows:
@@ -98,10 +98,10 @@ service) see {{URL:http://www.alvestrand.no/harald/objectid/}}.
 .{{Under no circumstances should you use a fictious OID!}} 
 
 To obtain a fully registered OID at {{no cost}}, apply for
-a OID under {{ORG[expand]IANA}} maintained
+a OID under {{ORG[expand]IANA}} (IANA) maintained
 {{Private Enterprise}} arch.  Any private enterprise (organization)
 may request an OID to be assigned under this arch.  Just fill
-out the form at {{URL: http://www.iana.org/cgi-bin/enterprise.pl}}
+out the {{ORG:IANA}} form at {{URL: http://www.iana.org/cgi-bin/enterprise.pl}}
 and your official OID will be sent to you usually within a few days.
 Your base OID will be something like {{EX:1.3.6.1.4.1.X}} were {{EX:X}}
 is an integer.
@@ -210,22 +210,49 @@ the first listed name when returning results.
 The first attribute, {{EX:name}}, has a syntax of directory string
 (a UTF-8 encoded Unicode string) with a recommend maximun length.
 Note that syntaxes is specified by OID.  In addition, the equality
-and substring matching uses case ignore rules.  Below are tables of
-{{slapd}}(8) supported syntax and matching rules.
+and substring matching uses case ignore rules.  Below are tables 
+listing commonly used supported syntax and matching rules.
 
 !block table; align=Center; coltags="EX,EX,N"; \
 	title="Table 6.3: Supported Syntaxes"
-Name		OID				Description
-directoryString	1.3.6.1.4.1.1466.115.121.1.15	A directory string
+Name			OID				Description
+binary			1.3.6.1.4.1.1466.115.121.1.5	BER/DER data
+boolean			1.3.6.1.4.1.1466.115.121.1.7	boolean value
+distinguishedName	1.3.6.1.4.1.1466.115.121.1.15	DN
+directoryString		1.3.6.1.4.1.1466.115.121.1.15	UTF-8 string
+IA5String		1.3.6.1.4.1.1466.115.121.1.26	ASCII string
+Integer			1.3.6.1.4.1.1466.115.121.1.27	integer
+Name and Optional UID	1.3.6.1.4.1.1466.115.121.1.34	DN plus UID
+Numeric String		1.3.6.1.4.1.1466.115.121.1.36	numeric string
+OID			1.3.6.1.4.1.1466.115.121.1.38	object identifier
+Octet String		1.3.6.1.4.1.1466.115.121.1.40	arbitary octets
+Printable String	1.3.6.1.4.1.1466.115.121.1.44	printable string
 !endblock
 
->
+> 
 
 !block table; align=Center; coltags="EX,N"; \
 	title="Table 6.4: Supported Matching Rules"
-Name		Description
-caseIgnoreMatch	case insensitive, space insensitive matching
-caseExactMatch	case sensitive, space insensitive matching
+Name				Type		Description
+booleanMatch			equality	boolean
+objectIdentiferMatch		equality	OID
+distinguishedNameMatch		equality	DN
+uniqueMemberMatch		equality	DN with optional UID
+numericStringMatch		equality	numerical
+numericStringOrderingMatch	ordering	numerical
+numericStringSubstringsMatch	substrings	numerical
+caseIgnoreMatch			equality	case insensitive, space insensitive
+caseIgnoreOrderingMatch		ordering	case insensitive, space insensitive
+caseIgnoreSubstringsMatch	substrings	case insensitive, space insensitive
+caseExactMatch			equality	case sensitive, space insensitive
+caseExactOrderingMatch		ordering	case sensitive, space insensitive
+caseExactSubstringsMatch	substrings	case sensitive, space insensitive
+caseIgnoreIA5Match		equality	case insensitive, space insensitive
+caseIgnoreOrderingIA5Match	ordering	case insensitive, space insensitive
+caseIgnoreSubstringsIA5Match	substrings	case insensitive, space insensitive
+caseExactIA5Match		equality	case sensitive, space insensitive
+caseExactOrderingIA5Match	ordering	case sensitive, space insensitive
+caseExactSubstringsIA5Match	substrings	case sensitive, space insensitive
 !endblock
 
 The second attribute, {{EX:cn}}, is a subtype of {{EX:name}} hence

doc/guide/admin/slapdconfig.sdf

@@ -7,7 +7,7 @@ H1: The slapd Configuration File
 Once the software has been built and installed, you are ready
 to configure {{slapd}}(8) for use at your site. The slapd
 runtime configuration is primarily accomplished through the
-{{I:slapd.conf}}(5) file, normally installed in the
+{{slapd.conf}}(5) file, normally installed in the
 {{EX:/usr/local/etc/openldap}} directory.
 
 An alternate configuration file can be specified via a
@@ -143,13 +143,13 @@ loop detection is done.
 H4: loglevel <integer>
 
 This directive specifies the level at which debugging statements
-and operation statistics should be syslogged (currently
-logged to the {{syslogd}}(8) LOG_LOCAL4 facility). You must
-have compiled slapd with -DLDAP_DEBUG for this to work
-(except for the two statistics levels, which are always enabled).
-Log levels are additive. To display what numbers correspond
-to what kind of debugging, invoke slapd with the  ? flag or
-consult the table below. The possible values for <integer> are:
+and operation statistics should be syslogged (currently logged to
+the {{syslogd}}(8) {EX:LOG_LOCAL4}} facility). You must have
+configured OpenLDAP {{EX:--enable-debug}} (the default) for this
+to work (except for the two statistics levels, which are always
+enabled).  Log levels are additive. To display what numbers
+correspond to what kind of debugging, invoke slapd with {{EX:-?}}
+or consult the table below. The possible values for <integer> are:
 
 !block table; colaligns="RL"; align=Center; \
 	title="Table 5.1: Debugging Levels"
@@ -262,8 +262,11 @@ perform" error.
 H4: replica
 
 >	replica host=<hostname>[:<port>]
->		"binddn=<DN>"
->		[bindmethod={ simple | kerberos }]
+>		[bindmethod={ simple | kerberos | sasl }]
+>		["binddn=<DN>"]
+>		[mech=<mech>]
+>		[authcid=<identity>]
+>		[authzid=<identity>]
 >		[credentials=<password>]
 >		[srvtab=<filename>]
 
@@ -277,23 +280,31 @@ The {{EX:binddn=}} parameter gives the DN to bind as for updates to
 the slave slapd. It should be a DN which has read/write
 access to the slave slapd's database, typically given as a
 {{EX:rootdn}} in the slave's config file. It must also match the
-updatedn directive in the slave slapd's config file. Since DNs are
+{{EX:updatedn}} directive in the slave slapd's config file. Since DNs are
 likely to contain embedded spaces, the entire {{EX:"binddn=<DN>"}}
 string should be enclosed in double quotes.
 
-The {{EX:bindmethod}} is either simple or Kerberos, depending on
-whether simple password-based authentication or Kerberos
-authentication is to be used when connecting to the slave
-slapd. Simple authentication requires a valid password be
-given. Kerberos authentication requires a valid srvtab file.
-
-The {{EX:credentials=}} parameter, which is only required if using
-simple authentication, gives the password for {{EX:binddn}} on the
-slave slapd.  Simple authentication is deprecated in favor of
-{{TERM:SASL}} based authentication services.
-
-The {{EX:srvtab=}} parameter is deprecated in favor of SASL
-based authentication services.
+The {{EX:bindmethod}} is {{EX:simple}} or {{EX:kerberos}} or {{EX:sasl}},
+depending on whether simple password-based authentication or Kerberos
+authentication or {{TERM:SASL}} authentication is to be used when connecting
+to the slave slapd.
+
+Simple authentication should not be used unless adequate integrity
+and privacy protections are in place (e.g. TLS or IPSEC).  Simple
+authentication requires specification of {{EX:binddn}} and
+{{EX:credentials}} parameters.
+
+Kerberos authentication is deprecated in favor of SASL authentication
+mechanisms, in particular the {EX:KERBEROS_V4}} and {{EX:GSSAPI}}
+mechanisms.  Kerberos authentication requires {{EX:binddn}} and
+{{EX:srvtab}} parameters.
+
+SASL authentication is generally recommended.  SASL authentication
+requires specification of a mechanism using the {{EX:mech}} parameter.
+Depending on the mechanism, an authentication identity and/or
+credentials can be specified using {{EX:authcid}} and {{EX:credentials}}
+respectively.  The {{EX:authzid}} parameter may be used to specify
+an authorization identity.
 
 See the {{SECT:Replication}} chapter for more information on how to
 use this directive.

doc/guide/preamble.sdf

@@ -47,7 +47,7 @@ OpenSSL  OpenSSL				http://www.openssl.org/
 Cyrus	 Cyrus					http://asg.web.cmu.edu/cyrus/
 Sleepy	 Sleepycat Software			http://www.sleepycat.com/
 FSF	 Free Software Foundation		http://www.fsf.org/
-GNU	 Gnu Not Unix 				http://www.gnu.org/
+GNU	 GNU Not Unix 				http://www.gnu.org/
 !endblock
 
 !block products; data
@@ -78,11 +78,12 @@ BNF	BNF
 CLDAP	Connection-less LDAP
 DAP	Directory Access Protocol
 DER	Distinguished Encoding Rules
+DIT	Directory Information Tree
 DN	Distinguished Name
-DSE	DSA-specific Entry
 DNS	Domain Name System
 DS	Draft Standard
-DSA	Directory System Agent
+DSA	Directory Service Agent
+DSE	DSA-specific Entry
 DUA	Directory User Agent
 FAQ	Frequently Asked Questions
 FYI	For Your Information
@@ -95,6 +96,7 @@ LBER	Lightweight BER
 LDAP	Lightweight Directory Access Protocol
 LDIF	LDAP Data Interchange Format
 LDBM	LDAP Database Manager
+MIB	Management Information Base
 OID	Object Identifier
 OSI	OSI
 PS	Proposed Standard
@@ -103,6 +105,8 @@ RFC	Request for Comments
 TCP	Transmission Control Protocol
 TLS	Transport Security Layer
 SASL	Simple Authentication and Security Layer
+SMTP	Simple Mail Transfer Protocol
+SNMP	Simple Network Management Protocol
 STD	Internet Standard
 UDP	User Datagram Protocol
 URI	Uniform Resource Identifier