diff --git a/CHANGES b/CHANGES
index 5888a89bd6764ecf940e96fb7382c74bc12e3173..79c06e8170ff94e25a985614f595f3f5bca54021 100644
--- a/CHANGES
+++ b/CHANGES
@@ -87,6 +87,7 @@ OpenLDAP 2.4.24 Engineering
 		Fixed slapd-tester filter initialization (ITS#6735)
 		Removed antiquated SunOS LWP support (ITS#6669)
 	Documentation
+		admin24 guide fix examples (ITS#6681)
 		admin24 guide typo fixes (ITS#6609)
 		admin24 guide refint rootdn requirement (ITS#6364)
 		ldap_open(3) document ldap_set_urllist_proc (ITS#6601)
diff --git a/doc/guide/admin/appendix-common-errors.sdf b/doc/guide/admin/appendix-common-errors.sdf
index 124853b5c0405f11fb05a8e2fc1d50c902026504..9872917bce3480eae6efbf2fdeb3aec99f645f59 100644
--- a/doc/guide/admin/appendix-common-errors.sdf
+++ b/doc/guide/admin/appendix-common-errors.sdf
@@ -532,7 +532,8 @@ beyond reach of intruders.
 
 That's why the default keytab file is owned by root and protected from being 
 read by others. Do not mess with these permissions, build a different keytab 
-file for slapd instead.
+file for slapd instead, and make sure it is owned by the user that slapd
+runs as.
 
 To do this, start kadmin, and enter the following commands:
 
@@ -541,7 +542,7 @@ To do this, start kadmin, and enter the following commands:
 
 Then, on the shell, do:
 
->     chown ldap.ldap /etc/openldap/ldap.keytab
+>     chown ldap:ldap /etc/openldap/ldap.keytab
 >     chmod 600 /etc/openldap/ldap.keytab 
 
 Now you have to tell slapd (well, actually tell the gssapi library in Kerberos 5 
@@ -636,9 +637,9 @@ values of <n>.
 H3: ldap_*: Internal (implementation specific) error (80) - additional info: entry index delete failed
 
 This seems to be related with wrong ownership of the BDB's dir (/var/lib/ldap) 
-and files.
+and files. The files must be owned by the user that slapd runs as.
 
->    chmod -R openldap:openldap /var/lib/ldap 
+>    chown -R ldap:ldap /var/lib/ldap 
 
 fixes it in Debian