diff --git a/CHANGES b/CHANGES
index 400ce62cfe9307217b0bf2fe4ad2f998d665a79b..55c7144f604f0261013e02673e858c7dd2236c64 100644
--- a/CHANGES
+++ b/CHANGES
@@ -40,6 +40,7 @@ OpenLDAP 2.4.17 Engineering
Documentation
admin24 fixed example regex (ITS#6052)
admin24 removed temporary back-monitor note (ITS#6130)
+ man page consistency fixes (ITS#6023)
ldapsearch(1) output format description (ITS#6146)
ldap.conf(5) improve sizelimit/timelimit limits (ITS#6127)
slapd.conf(5) pidfile/argsfile description fix (ITS#5975)
diff --git a/doc/man/man1/ldapcompare.1 b/doc/man/man1/ldapcompare.1
index a8cd5d4fa2aafe56336e6d58e719de00de6bca7e..2de69dd1a0a9adef501c25044884a40902b4821a 100644
--- a/doc/man/man1/ldapcompare.1
+++ b/doc/man/man1/ldapcompare.1
@@ -13,7 +13,7 @@ ldapcompare \- LDAP compare tool
[\c
.BR \-z ]
[\c
-.BR \-M[M] ]
+.BR \-M [ M ]]
[\c
.BI \-d \ debuglevel\fR]
[\c
@@ -31,9 +31,9 @@ ldapcompare \- LDAP compare tool
[\c
.BI \-p \ ldapport\fR]
[\c
-.BI \-P \ 2\fR\||\|\fI3\fR]
+.BR \-P \ { 2 \||\| 3 }]
[\c
-.BR \-O \ security-properties ]
+.BI \-O \ security-properties\fR]
[\c
.BR \-I ]
[\c
@@ -49,10 +49,12 @@ ldapcompare \- LDAP compare tool
[\c
.BI \-Y \ mech\fR]
[\c
-.BR \-Z[Z] ]
-.IR DN \ <
-.BR attr:value \ |
-.BR attr::b64value \ >
+.BR \-Z [ Z ]]
+.IR DN
+{\c
+.BI attr: value
+|
+.BI attr:: b64value\fR}
.SH DESCRIPTION
.I ldapcompare
is a shell-accessible interface to the
@@ -66,14 +68,14 @@ name in the directory. \fIAttr\fP should be a known attribute. If
followed by one colon, the assertion \fIvalue\fP should be provided
as a string. If followed by two colons, the base64 encoding of the
value is provided. The result code of the compare is provided as
-the exit code and, unless ran with -z, the program prints
+the exit code and, unless ran with \fB\-z\fP, the program prints
TRUE, FALSE, or UNDEFINED on standard output.
.LP
.SH OPTIONS
.TP
.B \-n
Show what would be done, but don't actually perform the compare. Useful for
-debugging in conjunction with -v.
+debugging in conjunction with \fB\-v\fP.
.TP
.B \-v
Run in verbose mode, with many diagnostics written to standard output.
@@ -82,7 +84,7 @@ Run in verbose mode, with many diagnostics written to standard output.
Run in quiet mode, no output is written. You must check the return
status. Useful in shell scripts.
.TP
-.B \-M[M]
+.BR \-M [ M ]
Enable manage DSA IT control.
.B \-MM
makes control critical.
@@ -97,7 +99,7 @@ Use simple authentication instead of SASL.
.TP
.BI \-D \ binddn
Use the Distinguished Name \fIbinddn\fP to bind to the LDAP directory.
-For SASL Binds, the server is expected to ignore this value.
+For SASL binds, the server is expected to ignore this value.
.TP
.B \-W
Prompt for simple authentication.
@@ -120,7 +122,7 @@ by default appends a trailing newline to the echoed string.
The recommended portable way to store a cleartext password in a file
for use with this option is to use
.BR slappasswd (8)
-with \fI{CLEARTEXT}\fP as hash and the option \fI\-n\fP.
+with \fI{CLEARTEXT}\fP as hash and the option \fB\-n\fP.
.TP
.BI \-H \ ldapuri
Specify URI(s) referring to the ldap server(s); only the protocol/host/port
@@ -129,13 +131,13 @@ is expected.
.TP
.BI \-h \ ldaphost
Specify an alternate host on which the ldap server is running.
-Deprecated in favor of -H.
+Deprecated in favor of \fB\-H\fP.
.TP
.BI \-p \ ldapport
Specify an alternate TCP port where the ldap server is listening.
-Deprecated in favor of -H.
+Deprecated in favor of \fB\-H\fP.
.TP
-.BI \-P \ 2\fR\||\|\fI3
+.BR \-P \ { 2 \||\| 3 }
Specify the LDAP protocol version to use.
.TP
.BI \-O \ security-properties
@@ -160,20 +162,17 @@ depends on the actual SASL mechanism used.
Specify the requested authorization ID for SASL bind.
.I authzid
must be one of the following formats:
-.B dn:\c
-.I <distinguished name>
+.BI dn: "<distinguished name>"
or
-.B u:\c
-.I <username>
+.BI u: <username>
.TP
.BI \-Y \ mech
Specify the SASL mechanism to be used for authentication. If it's not
specified, the program will choose the best mechanism the server knows.
.TP
-.B \-Z[Z]
+.BR \-Z [ Z ]
Issue StartTLS (Transport Layer Security) extended operation. If you use
-.B \-ZZ\c
-, the command will require the operation to be successful.
+\fB\-ZZ\fP, the command will require the operation to be successful.
.SH EXAMPLES
.nf
ldapcompare "uid=babs,dc=example,dc=com" sn:Jensen
diff --git a/doc/man/man1/ldapdelete.1 b/doc/man/man1/ldapdelete.1
index 328bd9206faa987aa72e19214730103e24fba481..5e2191aff62db6f626ad19502d80f6fd703e9f1c 100644
--- a/doc/man/man1/ldapdelete.1
+++ b/doc/man/man1/ldapdelete.1
@@ -13,7 +13,7 @@ ldapdelete \- LDAP delete entry tool
[\c
.BR \-c ]
[\c
-.BR \-M[M] ]
+.BR \-M [ M ]]
[\c
.BI \-d \ debuglevel\fR]
[\c
@@ -31,11 +31,11 @@ ldapdelete \- LDAP delete entry tool
[\c
.BI \-h \ ldaphost\fR]
[\c
-.BI \-P \ 2\fR\||\|\fI3\fR]
+.BR \-P \ { 2 \||\| 3 }]
[\c
.BI \-p \ ldapport\fR]
[\c
-.BR \-O \ security-properties ]
+.BI \-O \ security-properties\fR]
[\c
.BI \-U \ authcid\fR]
[\c
@@ -55,9 +55,9 @@ ldapdelete \- LDAP delete entry tool
[\c
.BI \-z \ sizelimit\fR]
[\c
-.BR \-Z[Z] ]
+.BR \-Z [ Z ]]
[\c
-.IR dn ]...
+.IR DN \ [ ... ]]
.SH DESCRIPTION
.I ldapdelete
is a shell-accessible interface to the
@@ -69,14 +69,14 @@ opens a connection to an LDAP server, binds, and deletes one or more
entries. If one or more \fIDN\fP arguments are provided, entries with
those Distinguished Names are deleted. Each \fIDN\fP should be provided
using the LDAPv3 string representation as defined in RFC 4514.
-If no \fIdn\fP arguments
+If no \fIDN\fP arguments
are provided, a list of DNs is read from standard input (or from
-\fIfile\fP if the -f flag is used).
+\fIfile\fP if the \fB\-f\fP flag is used).
.SH OPTIONS
.TP
.B \-n
Show what would be done, but don't actually delete entries. Useful for
-debugging in conjunction with -v.
+debugging in conjunction with \fB\-v\fP.
.TP
.B \-v
Use verbose mode, with many diagnostics written to standard output.
@@ -87,7 +87,7 @@ Continuous operation mode. Errors are reported, but
will continue with deletions. The default is to exit after
reporting an error.
.TP
-.B \-M[M]
+.BR \-M [ M ]
Enable manage DSA IT control.
.B \-MM
makes control critical.
@@ -106,7 +106,7 @@ Use simple authentication instead of SASL.
.TP
.BI \-D \ binddn
Use the Distinguished Name \fIbinddn\fP to bind to the LDAP directory.
-For SASL Binds, the server is expected to ignore this value.
+For SASL binds, the server is expected to ignore this value.
.TP
.B \-W
Prompt for simple authentication.
@@ -126,13 +126,13 @@ is expected.
.TP
.BI \-h \ ldaphost
Specify an alternate host on which the ldap server is running.
-Deprecated in favor of -H.
+Deprecated in favor of \fB\-H\fP.
.TP
.BI \-p \ ldapport
Specify an alternate TCP port where the ldap server is listening.
-Deprecated in favor of -H.
+Deprecated in favor of \fB\-H\fP.
.TP
-.BI \-P \ 2\fR\||\|\fI3
+.BR \-P \ { 2 \||\| 3 }
Specify the LDAP protocol version to use.
.TP
.B \-r
@@ -144,7 +144,7 @@ happily delete large portions of your tree. Use with care.
.BI \-z \ sizelimit
Use \fIsizelimit\fP when searching for children DN to delete,
to circumvent any server-side size limit. Only useful in conjunction
-with \-r.
+with \fB\-r\fP.
.TP
.BI \-O \ security-properties
Specify SASL security properties.
@@ -168,20 +168,17 @@ depends on the actual SASL mechanism used.
Specify the requested authorization ID for SASL bind.
.I authzid
must be one of the following formats:
-.B dn:\c
-.I <distinguished name>
+.BI dn: "<distinguished name>"
or
-.B u:\c
-.I <username>
+.BI u: <username>
.TP
.BI \-Y \ mech
Specify the SASL mechanism to be used for authentication. If it's not
specified, the program will choose the best mechanism the server knows.
.TP
-.B \-Z[Z]
+.BR \-Z [ Z ]
Issue StartTLS (Transport Layer Security) extended operation. If you use
-.B \-ZZ\c
-, the command will require the operation to be successful.
+\fB\-ZZ\fP, the command will require the operation to be successful.
.SH EXAMPLE
The following command:
.LP
diff --git a/doc/man/man1/ldapexop.1 b/doc/man/man1/ldapexop.1
index 1cbb5170d6aa8cb312afed6d2446bc5fbe31e862..f857dd2056664b12c5499c78fb5077d8ebf132e7 100644
--- a/doc/man/man1/ldapexop.1
+++ b/doc/man/man1/ldapexop.1
@@ -24,7 +24,7 @@ ldapexop
[\c
.BI \-D \ binddn\fR]
[\c
-.BI \-e \ [!]ext[=extparam]\fR]
+.BR \-e \ [ ! ] \fIext\fP [ =\fIextparam\fP ]]
[\c
.BI \-f \ file\fR]
[\c
@@ -40,7 +40,7 @@ ldapexop
[\c
.BI \-O \ security-properties\fR]
[\c
-.BI \-o \ [!]ext[=extparam]\fR]
+.BI \-o \ opt\fR[\fP = optparam\fR]]
[\c
.BI \-p \ port\fR]
[\c
@@ -66,8 +66,8 @@ ldapexop
[\c
.BI \-Y \ mech\fR]
[\c
-.BR \-Z[Z] ]
-\ {
+.BR \-Z [ Z ]]
+{\c
.I oid
|
.BI oid: data
@@ -78,8 +78,7 @@ ldapexop
|
.BI cancel \ cancel-id
|
-.BI refresh \ DN \ \fR[\fIttl\fR]
-}
+.BI refresh \ DN \ \fR[\fIttl\fR]}
.SH DESCRIPTION
ldapexop issues the LDAP extended operation specified by \fBoid\fP
@@ -128,7 +127,7 @@ Set the LDAP debugging level to \fIlevel\fP.
.BI \-D \ binddn
Use the Distinguished Name \fIbinddn\fP to bind to the LDAP directory.
.TP
-.BI \-e \ [!]ext[=extparam]
+.BR \-e \ [ ! ] \fIext\fP [ =\fIextparam\fP ]
Specify general extensions. \'!\' indicates criticality.
.nf
[!]assert=<filter> (RFC 4528; a RFC 4515 Filter string)
@@ -152,7 +151,7 @@ Read operations from \fIfile\fP.
.TP
.BI \-h \ host
Specify the host on which the ldap server is running.
-Deprecated in favor of \fB-H\fP.
+Deprecated in favor of \fB\-H\fP.
.TP
.BI \-H \ URI
Specify URI(s) referring to the ldap server(s); only the protocol/host/port
@@ -165,7 +164,7 @@ only as needed.
.TP
.BI \-n
Show what would be done but don't actually do it.
-Useful for debugging in conjunction with \fB-v\fP.
+Useful for debugging in conjunction with \fB\-v\fP.
.TP
.BI \-N
Do not use reverse DNS to canonicalize SASL host name.
@@ -173,7 +172,7 @@ Do not use reverse DNS to canonicalize SASL host name.
.BI \-O \ security-properties
Specify SASL security properties.
.TP
-.BI \-o \ opt[=optparam]
+.BI \-o \ opt\fR[\fP = optparam\fR]
Specify general options:
.nf
nettimeout=<timeout> (in seconds, or "none" or "max")
@@ -181,7 +180,7 @@ Specify general options:
.TP
.BI \-p \ port
Specify the TCP port where the ldap server is listening.
-Deprecated in favor of \fB-H\fP.
+Deprecated in favor of \fB\-H\fP.
.TP
.BI \-Q
Enable SASL Quiet mode. Never prompt.
@@ -199,7 +198,7 @@ Run in verbose mode, with many diagnostics written to standard output.
.TP
.BI \-V
Print version info and usage message.
-If\fB-VV\fP is given, only the version information is printed.
+If\fB\-VV\fP is given, only the version information is printed.
.TP
.BI \-w \ passwd
Use \fIpasswd\fP as the password for simple authentication.
@@ -215,11 +214,9 @@ Use simple authentication instead of SASL.
Specify the requested authorization ID for SASL bind.
.I authzid
must be one of the following formats:
-.B dn:\c
-.I <distinguished name>
+.BI dn: "<distinguished name>"
or
-.B u:\c
-.I <username>
+.BI u: <username>
.TP
.BI \-y \ file
Use complete contents of \fIfile\fP as the password for
@@ -229,9 +226,9 @@ simple authentication.
Specify the SASL mechanism to be used for authentication.
Without this option, the program will choose the best mechanism the server knows.
.TP
-.B \-Z[Z]
+.BR \-Z [ Z ]
Issue StartTLS (Transport Layer Security) extended operation.
-Giving it twice (\fB-ZZ\fP) will require the operation to be successful.
+Giving it twice (\fB\-ZZ\fP) will require the operation to be successful.
.SH DIAGNOSTICS
Exit status is zero if no errors occur.
@@ -248,5 +245,5 @@ with \fBldapexop\fP.
Do not expect it to be complete or absolutely correct.
.SH ACKNOWLEDGEMENTS
-The OpenLDAP Project <http://www.openldap.org/>
+.so ../Project
diff --git a/doc/man/man1/ldapmodify.1 b/doc/man/man1/ldapmodify.1
index 31269c13428aea561279d038f924db85f40b7f8b..5c8794995b7de7b0f6c8b806c8100ce6164b84d6 100644
--- a/doc/man/man1/ldapmodify.1
+++ b/doc/man/man1/ldapmodify.1
@@ -17,7 +17,7 @@ ldapmodify, ldapadd \- LDAP modify entry and LDAP add entry tools
[\c
.BR \-v ]
[\c
-.BR \-M[M] ]
+.BR \-M [ M ]]
[\c
.BI \-d \ debuglevel\fR]
[\c
@@ -35,9 +35,9 @@ ldapmodify, ldapadd \- LDAP modify entry and LDAP add entry tools
[\c
.BI \-p \ ldapport\fR]
[\c
-.BI \-P \ 2\fR\||\|\fI3\fR]
+.BR \-P \ { 2 \||\| 3 }]
[\c
-.BR \-O \ security-properties ]
+.BI \-O \ security-properties\fR]
[\c
.BR \-I ]
[\c
@@ -53,7 +53,7 @@ ldapmodify, ldapadd \- LDAP modify entry and LDAP add entry tools
[\c
.BI \-Y \ mech\fR]
[\c
-.BR \-Z[Z] ]
+.BR \-Z [ Z ]]
[\c
.BI \-f \ file\fR]
.LP
@@ -67,7 +67,7 @@ ldapmodify, ldapadd \- LDAP modify entry and LDAP add entry tools
[\c
.BR \-v ]
[\c
-.BR \-M[M] ]
+.BR \-M [ M ]]
[\c
.BI \-d \ debuglevel\fR]
[\c
@@ -85,9 +85,9 @@ ldapmodify, ldapadd \- LDAP modify entry and LDAP add entry tools
[\c
.BI \-p \ ldapport\fR]
[\c
-.BI \-P \ 2\fR\||\|\fI3\fR]
+.BR \-P \ { 2 \||\| 3 }]
[\c
-.BR \-O \ security-properties ]
+.BI \-O \ security-properties\fR]
[\c
.BR \-I ]
[\c
@@ -103,7 +103,7 @@ ldapmodify, ldapadd \- LDAP modify entry and LDAP add entry tools
[\c
.BI \-Y \ mech\fR]
[\c
-.BR \-Z[Z] ]
+.BR \-Z [ Z ]]
[\c
.BI \-f \ file\fR]
.SH DESCRIPTION
@@ -118,12 +118,12 @@ library calls.
.B ldapadd
is implemented as a hard link to the ldapmodify tool. When invoked as
.B ldapadd
-the -a (add new entry) flag is turned on automatically.
+the \fB\-a\fP (add new entry) flag is turned on automatically.
.LP
.B ldapmodify
opens a connection to an LDAP server, binds, and modifies or adds entries.
The entry information is read from standard input or from \fIfile\fP through
-the use of the -f option.
+the use of the \fB\-f\fP option.
.SH OPTIONS
.TP
.B \-a
@@ -142,16 +142,16 @@ reporting an error.
.BI \-S \ file
Add or change records which where skipped due to an error are written to \fIfile\fP
and the error message returned by the server is added as a comment. Most useful in
-conjunction with -c.
+conjunction with \fB\-c\fP.
.TP
.B \-n
Show what would be done, but don't actually modify entries. Useful for
-debugging in conjunction with -v.
+debugging in conjunction with \fB\-v\fP.
.TP
.B \-v
Use verbose mode, with many diagnostics written to standard output.
.TP
-.B \-M[M]
+.BR \-M [ M ]
Enable manage DSA IT control.
.B \-MM
makes control critical.
@@ -170,7 +170,7 @@ Use simple authentication instead of SASL.
.TP
.BI \-D \ binddn
Use the Distinguished Name \fIbinddn\fP to bind to the LDAP directory.
-For SASL Binds, the server is expected to ignore this value.
+For SASL binds, the server is expected to ignore this value.
.TP
.B \-W
Prompt for simple authentication.
@@ -190,13 +190,13 @@ is expected.
.TP
.BI \-h \ ldaphost
Specify an alternate host on which the ldap server is running.
-Deprecated in favor of -H.
+Deprecated in favor of \fB\-H\fP.
.TP
.BI \-p \ ldapport
Specify an alternate TCP port where the ldap server is listening.
-Deprecated in favor of -H.
+Deprecated in favor of \fB\-H\fP.
.TP
-.BI \-P \ 2\fR\||\|\fI3
+.BR \-P \ { 2 \||\| 3 }
Specify the LDAP protocol version to use.
.TP
.BI \-O \ security-properties
@@ -221,22 +221,20 @@ depends on the actual SASL mechanism used.
Specify the requested authorization ID for SASL bind.
.I authzid
must be one of the following formats:
-.B dn:\c
-.I <distinguished name>
+.BI dn: "<distinguished name>"
or
-.B u:\c
-.I <username>
+.BI u: <username>
.TP
.BI \-Y \ mech
Specify the SASL mechanism to be used for authentication. If it's not
specified, the program will choose the best mechanism the server knows.
.TP
-.B \-Z[Z]
+.BR \-Z [ Z ]
Issue StartTLS (Transport Layer Security) extended operation. If you use
.B \-ZZ\c
, the command will require the operation to be successful.
.SH INPUT FORMAT
-The contents of \fIfile\fP (or standard input if no \-f flag is given on
+The contents of \fIfile\fP (or standard input if no \fB\-f\fP flag is given on
the command line) must conform to the format defined in
.BR ldif (5)
(LDIF as defined in RFC 2849).
@@ -250,21 +248,21 @@ exists and has the contents:
changetype: modify
replace: mail
mail: modme@example.com
- -
+ \-
add: title
title: Grand Poobah
- -
+ \-
add: jpegPhoto
jpegPhoto:< file:///tmp/modme.jpeg
- -
+ \-
delete: description
- -
+ \-
.fi
.LP
the command:
.LP
.nf
- ldapmodify -f /tmp/entrymods
+ ldapmodify \-f /tmp/entrymods
.fi
.LP
will replace the contents of the "Modify Me" entry's
@@ -296,7 +294,7 @@ exists and has the contents:
the command:
.LP
.nf
- ldapadd -f /tmp/newentry
+ ldapadd \-f /tmp/newentry
.fi
.LP
will add a new entry for Babs Jensen, using the values from the
@@ -315,7 +313,7 @@ exists and has the contents:
the command:
.LP
.nf
- ldapmodify -f /tmp/entrymods
+ ldapmodify \-f /tmp/entrymods
.fi
.LP
will remove Babs Jensen's entry.
diff --git a/doc/man/man1/ldapmodrdn.1 b/doc/man/man1/ldapmodrdn.1
index 646f3f4ed6ea31f703c33717cfb2d629afbdc2bd..22a0d887a6bcb16af49d4aeee2b0d77143121626 100644
--- a/doc/man/man1/ldapmodrdn.1
+++ b/doc/man/man1/ldapmodrdn.1
@@ -17,7 +17,7 @@ ldapmodrdn \- LDAP rename entry tool
[\c
.BR \-c ]
[\c
-.BR \-M[M] ]
+.BR \-M [ M ]]
[\c
.BI \-d \ debuglevel\fR]
[\c
@@ -35,9 +35,9 @@ ldapmodrdn \- LDAP rename entry tool
[\c
.BI \-p \ ldapport\fR]
[\c
-.BI \-P \ 2\fR\||\|\fI3\fR]
+.BR \-P \ { 2 \||\| 3 }]
[\c
-.BR \-O \ security-properties ]
+.BI \-O \ security-properties\fR]
[\c
.BR \-I ]
[\c
@@ -53,7 +53,7 @@ ldapmodrdn \- LDAP rename entry tool
[\c
.BI \-Y \ mech\fR]
[\c
-.BR \-Z[Z] ]
+.BR \-Z [ Z ]]
[\c
.BI \-f \ file\fR]
[\c
@@ -82,7 +82,7 @@ child of the new superior.) This option is not supported in LDAPv2.
.TP
.B \-n
Show what would be done, but don't actually change entries. Useful for
-debugging in conjunction with -v.
+debugging in conjunction with \fB\-v\fP.
.TP
.B \-v
Use verbose mode, with many diagnostics written to standard output.
@@ -92,33 +92,33 @@ Continuous operation mode. Errors are reported, but ldapmodrdn
will continue with modifications. The default is to exit after
reporting an error.
.TP
-.B \-M[M]
+.BR \-M [ M ]
Enable manage DSA IT control.
.B \-MM
makes control critical.
.TP
-.B \-d debuglevel
+.BI \-d \ debuglevel
Set the LDAP debugging level to \fIdebuglevel\fP.
.B ldapmodrdn
must be
compiled with LDAP_DEBUG defined for this option to have any effect.
.TP
-.B \-f file
+.BI \-f \ file
Read the entry modification information from \fIfile\fP instead of from
standard input or the command-line.
.TP
.B \-x
Use simple authentication instead of SASL.
.TP
-.B \-D binddn
+.BI \-D \ binddn
Use the Distinguished Name \fIbinddn\fP to bind to the LDAP directory.
-For SASL Binds, the server is expected to ignore this value.
+For SASL binds, the server is expected to ignore this value.
.TP
.B \-W
Prompt for simple authentication.
This is used instead of specifying the password on the command line.
.TP
-.B \-w passwd
+.BI \-w \ passwd
Use \fIpasswd\fP as the password for simple authentication.
.TP
.BI \-y \ passwdfile
@@ -132,13 +132,13 @@ is expected.
.TP
.BI \-h \ ldaphost
Specify an alternate host on which the ldap server is running.
-Deprecated in favor of -H.
+Deprecated in favor of \fB\-H\fP.
.TP
.BI \-p \ ldapport
Specify an alternate TCP port where the ldap server is listening.
-Deprecated in favor of -H.
+Deprecated in favor of \fB\-H\fP.
.TP
-.BI \-P \ 2\fR\||\|\fI3
+.BR \-P \ { 2 \||\| 3 }
Specify the LDAP protocol version to use.
.TP
.BI \-O \ security-properties
@@ -163,28 +163,23 @@ depends on the actual SASL mechanism used.
Specify the requested authorization ID for SASL bind.
.I authzid
must be one of the following formats:
-.B dn:\c
-.I <distinguished name>
+.BI dn: "<distinguished name>"
or
-.B u:\c
-.I <username>
+.BI u: <username>
.TP
.BI \-Y \ mech
Specify the SASL mechanism to be used for authentication. If it's not
specified, the program will choose the best mechanism the server knows.
.TP
-.B \-Z[Z]
+.BR \-Z [ Z ]
Issue StartTLS (Transport Layer Security) extended operation. If you use
-.B \-ZZ\c
-, the command will require the operation to be successful.
+\fB\-ZZ\fP, the command will require the operation to be successful.
.SH INPUT FORMAT
If the command-line arguments \fIdn\fP and \fIrdn\fP are given, \fIrdn\fP
will replace the RDN of the entry specified by the DN, \fIdn\fP.
.LP
Otherwise, the contents of \fIfile\fP (or standard input if
-no
-.RI \- f
-flag is given) should consist of one or more entries.
+no \fB\-f\fP flag is given) should consist of one or more entries.
.LP
.nf
Distinguished Name (DN)
@@ -205,7 +200,7 @@ exists and has the contents:
the command:
.LP
.nf
- ldapmodrdn -r -f /tmp/entrymods
+ ldapmodrdn \-r \-f /tmp/entrymods
.fi
.LP
will change the RDN of the "Modify Me" entry from "Modify Me" to
diff --git a/doc/man/man1/ldappasswd.1 b/doc/man/man1/ldappasswd.1
index 828fae08b9a8157f45cf1850db5b0ca7194410cd..4b74541cdab26027201234c773d22c29f8135234 100644
--- a/doc/man/man1/ldappasswd.1
+++ b/doc/man/man1/ldappasswd.1
@@ -39,7 +39,7 @@ ldappasswd \- change the password of an LDAP entry
[\c
.BI \-y \ passwdfile\fR]
[\c
-.BR \-O \ security-properties ]
+.BI \-O \ security-properties\fR]
[\c
.BR \-I ]
[\c
@@ -55,7 +55,7 @@ ldappasswd \- change the password of an LDAP entry
[\c
.BI \-Y \ mech\fR]
[\c
-.BR \-Z[Z] ]
+.BR \-Z [ Z ]]
[\c
.IR user ]
.SH DESCRIPTION
@@ -94,7 +94,7 @@ Use simple authentication instead of SASL.
.TP
.BI \-D \ binddn
Use the Distinguished Name \fIbinddn\fP to bind to the LDAP directory.
-For SASL Binds, the server is expected to ignore this value.
+For SASL binds, the server is expected to ignore this value.
.TP
.BI \-d \ debuglevel
Set the LDAP debugging level to \fIdebuglevel\fP.
@@ -108,16 +108,15 @@ is expected.
.TP
.BI \-h \ ldaphost
Specify an alternate host on which the ldap server is running.
-Deprecated in favor of -H.
+Deprecated in favor of \fB\-H\fP.
.TP
.BI \-p \ ldapport
Specify an alternate TCP port where the ldap server is listening.
-Deprecated in favor of -H.
+Deprecated in favor of \fB\-H\fP.
.TP
.B \-n
Do not set password. (Can be useful when used in conjunction with
-.BR \-v \ or
-.BR \-d )
+\fB\-v\fP or \fB\-d\fP)
.TP
.BI \-S
Prompt for new password.
@@ -165,7 +164,7 @@ depends on the actual SASL mechanism used.
Specify the requested authorization ID for SASL bind.
.I authzid
must be one of the following formats:
-.BI dn: <distinguished name>
+.BI dn: "<distinguished name>"
or
.BI u: <username>\fP.
.TP
@@ -173,10 +172,9 @@ or
Specify the SASL mechanism to be used for authentication. If it's not
specified, the program will choose the best mechanism the server knows.
.TP
-.B \-Z[Z]
+.BR \-Z [ Z ]
Issue StartTLS (Transport Layer Security) extended operation. If you use
-.BR \-ZZ ,
-the command will require the operation to be successful
+\fB\-ZZ\fP, the command will require the operation to be successful
.SH SEE ALSO
.BR ldap_sasl_bind (3),
.BR ldap_extended_operation (3),
diff --git a/doc/man/man1/ldapsearch.1 b/doc/man/man1/ldapsearch.1
index bdd33d7bdadd1cf2eaced4090542cba84a415a22..8133aaf2b759e18fb9ea4bddb967adac770e8cee 100644
--- a/doc/man/man1/ldapsearch.1
+++ b/doc/man/man1/ldapsearch.1
@@ -15,7 +15,7 @@ ldapsearch \- LDAP search tool
[\c
.BR \-v ]
[\c
-.BR \-t[t] ]
+.BR \-t [ t ]]
[\c
.BI \-T \ path\fR]
[\c
@@ -23,9 +23,9 @@ ldapsearch \- LDAP search tool
[\c
.BR \-A ]
[\c
-.BR \-L[L[L]] ]
+.BR \-L [ L [ L ]]]
[\c
-.BR \-M[M] ]
+.BR \-M [ M ]]
[\c
.BI \-S \ attribute\fR]
[\c
@@ -51,21 +51,21 @@ ldapsearch \- LDAP search tool
[\c
.BI \-b \ searchbase\fR]
[\c
-.BI \-s \ base\fR\||\|\fIone\fR\||\|\fIsub\fR\||\|\fIchildren\fR]
+.BR \-s \ { base \||\| one \||\| sub \||\| children }]
[\c
-.BI \-a \ never\fR\||\|\fIalways\fR\||\|\fIsearch\fR\||\|\fIfind\fR]
+.BR \-a \ { never \||\| always \||\| search \||\| find }]
[\c
-.BI \-P \ 2\fR\||\|\fI3\fR]
+.BR \-P \ { 2 \||\| 3 }]
[\c
-.BR \-e \ [!]ext[=extparam]]
+.BR \-e \ [ ! ] \fIext\fP [ =\fIextparam\fP ]]
[\c
-.BR \-E \ [!]ext[=extparam]]
+.BR \-E \ [ ! ] \fIext\fP [ =\fIextparam\fP ]]
[\c
.BI \-l \ timelimit\fR]
[\c
.BI \-z \ sizelimit\fR]
[\c
-.BR \-O \ security-properties ]
+.BI \-O \ security-properties\fR]
[\c
.BR \-I ]
[\c
@@ -79,7 +79,7 @@ ldapsearch \- LDAP search tool
[\c
.BI \-Y \ mech\fR]
[\c
-.BR \-Z[Z] ]
+.BR \-Z [ Z ]]
.I filter
[\c
.IR attrs... ]
@@ -123,19 +123,19 @@ in the output.
.B \-v
Run in verbose mode, with many diagnostics written to standard output.
.TP
-.B \-t[t]
-A single -t writes retrieved non-printable values to a set of temporary
+.BR \-t [ t ]
+A single \fB\-t\fP writes retrieved non-printable values to a set of temporary
files. This is useful for dealing with values containing non-character
-data such as jpegPhoto or audio. A second -t writes all retrieved values to
+data such as jpegPhoto or audio. A second \fB\-t\fP writes all retrieved values to
files.
.TP
.BI \-T \ path
Write temporary files to directory specified by \fIpath\fP (default:
-/var/tmp/)
+\fB/var/tmp/\fP)
.TP
.BI \-F \ prefix
-URL prefix for temporary files. Default is file://\fIpath\fP/ where
-\fIpath\fP is /var/tmp/ or specified with -T.
+URL prefix for temporary files. Default is \fBfile://\fIpath\fP where
+\fIpath\fP is \fB/var/tmp/\fP or specified with \fB\-T\fP.
.TP
.B \-A
Retrieve attributes only (no values). This is useful when you just want to
@@ -145,12 +145,12 @@ specific values.
.B \-L
Search results are display in LDAP Data Interchange Format detailed in
.BR ldif (5).
-A single -L restricts the output to LDIFv1.
-A second -L disables comments.
-A third -L disables printing of the LDIF version.
+A single \fB\-L\fP restricts the output to LDIFv1.
+ A second \fB\-L\fP disables comments.
+A third \fB\-L\fP disables printing of the LDIF version.
The default is to use an extended version of LDIF.
.TP
-.B \-M[M]
+.BR \-M [ M ]
Enable manage DSA IT control.
.B \-MM
makes control critical.
@@ -162,8 +162,7 @@ the entries are sorted by the components of their Distinguished Name. See
.BR ldap_sort (3)
for more details. Note that
.B ldapsearch
-normally prints out entries as it receives them. The use of the
-.B \-S
+normally prints out entries as it receives them. The use of the \fB\-S\fP
option defeats this behavior, causing all entries to be retrieved,
then sorted, then printed.
.TP
@@ -181,17 +180,17 @@ the \fB%\fP character in the pattern will be regarded as an error.
Where it is desired that the search filter include a \fB%\fP character,
the character should be encoded as \fB\\25\fP (see RFC 4515).
If \fIfile\fP is a single
-\fI-\fP character, then the lines are read from standard input.
+\fB\-\fP character, then the lines are read from standard input.
.B ldapsearch
will exit when the first non-successful search result is returned,
-unless -c is used.
+unless \fB\-c\fP is used.
.TP
.B \-x
Use simple authentication instead of SASL.
.TP
.BI \-D \ binddn
Use the Distinguished Name \fIbinddn\fP to bind to the LDAP directory.
-For SASL Binds, the server is expected to ignore this value.
+For SASL binds, the server is expected to ignore this value.
.TP
.B \-W
Prompt for simple authentication.
@@ -216,50 +215,50 @@ and must be escaped according to RFC 2396.
.TP
.BI \-h \ ldaphost
Specify an alternate host on which the ldap server is running.
-Deprecated in favor of -H.
+Deprecated in favor of \fB\-H\fP.
.TP
.BI \-p \ ldapport
Specify an alternate TCP port where the ldap server is listening.
-Deprecated in favor of -H.
+Deprecated in favor of \fB\-H\fP.
.TP
.BI \-b \ searchbase
Use \fIsearchbase\fP as the starting point for the search instead of
the default.
.TP
-.BI \-s \ base\fR\||\|\fIone\fR\||\|\fIsub\fR\||\|\fIchildren
+.BR \-s \ { base \||\| one \||\| sub \||\| children }
Specify the scope of the search to be one of
-.IR base ,
-.IR one ,
-.IR sub ,
+.BR base ,
+.BR one ,
+.BR sub ,
or
-.I children
+.B children
to specify a base object, one-level, subtree, or children search.
The default is
-.IR sub .
+.BR sub .
Note:
.I children
scope requires LDAPv3 subordinate feature extension.
.TP
-.BI \-a \ never\fR\||\|\fIalways\fR\||\|\fIsearch\fR\||\|\fIfind
+.BR \-a \ { never \||\| always \||\| search \||\| find }
Specify how aliases dereferencing is done. Should be one of
-.IR never ,
-.IR always ,
-.IR search ,
+.BR never ,
+.BR always ,
+.BR search ,
or
-.I find
+.B find
to specify that aliases are never dereferenced, always dereferenced,
dereferenced when searching, or dereferenced only when locating the
base object for the search. The default is to never dereference aliases.
.TP
-.BI \-P \ 2\fR\||\|\fI3
+.BR \-P \ { 2 \||\| 3 }
Specify the LDAP protocol version to use.
.TP
-.B \-e \fI[!]ext[=extparam]\fP
+.BR \-e \ [ ! ] \fIext\fP [ =\fIextparam\fP ]
.TP
-.B \-E \fI[!]ext[=extparam]\fP
+.BR \-E \ [ ! ] \fIext\fP [ =\fIextparam\fP ]
-Specify general extensions with -e and search extensions with -E.
-\'!\' indicates criticality.
+Specify general extensions with \fB\-e\fP and search extensions with \fB\-E\fP.
+\'\fB!\fP\' indicates criticality.
General extensions:
.nf
@@ -278,7 +277,7 @@ Search extensions:
[!]domainScope (domain scope)
[!]mv=<filter> (matched values filter)
[!]pr=<size>[/prompt|noprompt] (paged results/prompt)
- [!]sss=[-]<attr[:OID]>[/[-]<attr[:OID]>...] (server side sorting)
+ [!]sss=[\-]<attr[:OID]>[/[\-]<attr[:OID]>...] (server side sorting)
[!]subentries[=true|false] (subentries)
[!]sync=ro[/<cookie>] (LDAP Sync refreshOnly)
rp[/<cookie>][/<slimit>] (LDAP Sync refreshAndPersist)
@@ -332,20 +331,17 @@ depends on the actual SASL mechanism used.
Specify the requested authorization ID for SASL bind.
.I authzid
must be one of the following formats:
-.B dn:\c
-.I <distinguished name>
+.BI dn: "<distinguished name>"
or
-.B u:\c
-.I <username>
+.BI u: <username>
.TP
.BI \-Y \ mech
Specify the SASL mechanism to be used for authentication. If it's not
specified, the program will choose the best mechanism the server knows.
.TP
-.B \-Z[Z]
+.BR \-Z [ Z ]
Issue StartTLS (Transport Layer Security) extended operation. If you use
-.B \-ZZ\c
-, the command will require the operation to be successful.
+\fB\-ZZ\fP, the command will require the operation to be successful.
.SH OUTPUT FORMAT
If one or more entries are found, each entry is written to standard
output in LDAP Data Interchange Format or
@@ -364,14 +360,14 @@ output in LDAP Data Interchange Format or
...
.fi
.LP
-If the -t option is used, the URI of a temporary file
-is used in place of the actual value. If the -A option
+If the \fB\-t\fP option is used, the URI of a temporary file
+is used in place of the actual value. If the \fB\-A\fP option
is given, only the "attributename" part is written.
.SH EXAMPLE
The following command:
.LP
.nf
- ldapsearch -LLL "(sn=smith)" cn sn telephoneNumber
+ ldapsearch \-LLL "(sn=smith)" cn sn telephoneNumber
.fi
.LP
will perform a subtree search (using the default search base and
@@ -387,23 +383,23 @@ The output might look something like this if two entries are found:
cn: John Smith
cn: John T. Smith
sn: Smith
- sn;lang-en: Smith
- sn;lang-de: Schmidt
- telephoneNumber: 1 555 123-4567
+ sn;lang\-en: Smith
+ sn;lang\-de: Schmidt
+ telephoneNumber: 1 555 123\-4567
dn: uid=sss,dc=example,dc=com
cn: Steve Smith
cn: Steve S. Smith
sn: Smith
- sn;lang-en: Smith
- sn;lang-de: Schmidt
- telephoneNumber: 1 555 765-4321
+ sn;lang\-en: Smith
+ sn;lang\-de: Schmidt
+ telephoneNumber: 1 555 765\-4321
.fi
.LP
The command:
.LP
.nf
- ldapsearch -LLL -u -t "(uid=xyz)" jpegPhoto audio
+ ldapsearch \-LLL \-u \-t "(uid=xyz)" jpegPhoto audio
.fi
.LP
will perform a subtree search using the default search base for entries
@@ -416,14 +412,14 @@ requested attributes is found:
.nf
dn: uid=xyz,dc=example,dc=com
ufn: xyz, example, com
- audio:< file:///tmp/ldapsearch-audio-a19924
- jpegPhoto:< file:///tmp/ldapsearch-jpegPhoto-a19924
+ audio:< file:///tmp/ldapsearch\-audio\-a19924
+ jpegPhoto:< file:///tmp/ldapsearch\-jpegPhoto\-a19924
.fi
.LP
This command:
.LP
.nf
- ldapsearch -LLL -s one -b "c=US" "(o=University*)" o description
+ ldapsearch \-LLL \-s one \-b "c=US" "(o=University*)" o description
.fi
.LP
will perform a one-level search at the c=US level for all entries
@@ -446,7 +442,7 @@ and printed to standard output, resulting in output similar to this:
o: University of Colorado at Denver
o: UCD
o: CU/Denver
- o: CU-Denver
+ o: CU\-Denver
description: Institute for Higher Learning and Research
dn: o=University of Florida,c=US
diff --git a/doc/man/man1/ldapurl.1 b/doc/man/man1/ldapurl.1
index 5d1405a90b88f7172c372cbb83996c637579cd33..cf4e17364af5014f391c6b45bed7726024c330ea 100644
--- a/doc/man/man1/ldapurl.1
+++ b/doc/man/man1/ldapurl.1
@@ -11,7 +11,7 @@ ldapurl \- LDAP URL formatting tool
[\c
.BI \-b \ searchbase\fR]
[\c
-.BR \-E \ [!]ext[=extparam]]
+.BR \-E \ [ ! ] \fIext\fP [ =\fIextparam\fP ]]
[\c
.BI \-f \ filter\fR]
[\c
@@ -21,14 +21,14 @@ ldapurl \- LDAP URL formatting tool
[\c
.BI \-p \ ldapport\fR]
[\c
-.BI \-s \ base\fR\||\|\fIone\fR\||\|\fIsub\fR\||\|\fIchildren\fR]
+.BR \-s \ { base \||\| one \||\| sub \||\| children }]
[\c
.BI \-S \ scheme\fR]
.SH DESCRIPTION
.I ldapurl
is a command that allows to either compose or decompose LDAP URIs.
.LP
-When invoked with the \fI-H\fP option,
+When invoked with the \fB\-H\fP option,
.B ldapurl
extracts the components of the \fIldapuri\fP option argument,
unescaping hex-escaped chars as required.
@@ -37,17 +37,17 @@ It basically acts as a frontend to the
call.
Otherwise, it builds an LDAP URI based on the components
passed with the appropriate options, performing the inverse operation.
-Option \fI-H\fP is incompatible with options
-.IR \-a ,
-.IR \-b ,
-.IR \-E ,
-.IR \-f ,
-.IR \-H ,
-.IR \-h ,
-.IR \-p ,
-.IR \-S ,
+Option \fB\-H\fP is incompatible with options
+.BR \-a ,
+.BR \-b ,
+.BR \-E ,
+.BR \-f ,
+.BR \-H ,
+.BR \-h ,
+.BR \-p ,
+.BR \-S ,
and
-.IR \-s .
+.BR \-s .
.SH OPTIONS
.TP
.TP
@@ -57,7 +57,7 @@ Set a comma-separated list of attribute selectors.
.BI \-b \ searchbase
Set the \fIsearchbase\fP.
.TP
-.B \-E \fI[!]ext[=extparam]\fP
+.BR \-E \ [ ! ] \fIext\fP [ =\fIextparam\fP ]
Set URL extensions; \'!\' indicates criticality.
.TP
.BI \-f \ filter
@@ -77,22 +77,22 @@ Set the TCP port.
Set the URL scheme. Defaults for other fields, like \fIldapport\fP,
may depend on the value of \fIscheme\fP.
.TP
-.BI \-s \ base\fR\||\|\fIone\fR\||\|\fIsub\fR\||\|\fIchildren
+.BR \-s \ { base \||\| one \||\| sub \||\| children }
Specify the scope of the search to be one of
-.IR base ,
-.IR one ,
-.IR sub ,
+.BR base ,
+.BR one ,
+.BR sub ,
or
-.I children
+.B children
to specify a base object, one-level, subtree, or children search.
The default is
-.IR sub .
+.BR sub .
Note:
-.I children
+.B children
scope requires LDAPv3 subordinate feature extension.
.SH OUTPUT FORMAT
-If the \fI-H\fP option is used, the \fIldapuri\fP supplied
+If the \fB\-H\fP option is used, the \fIldapuri\fP supplied
is exploded in its components, which are printed to standard output
in an LDIF-like form.
.LP
@@ -102,7 +102,7 @@ is printed to standard output.
The following command:
.LP
.nf
- ldapuri -h ldap.example.com -b dc=example,dc=com -s sub -f (cn=Some One)
+ ldapuri \-h ldap.example.com \-b dc=example,dc=com \-s sub \-f "(cn=Some One)"
.fi
.LP
returns
@@ -114,7 +114,7 @@ returns
The command:
.LP
.nf
- ldapuri -H ldap://ldap.example.com:389/dc=example,dc=com??sub?(cn=Some%20One)
+ ldapuri \-H ldap://ldap.example.com:389/dc=example,dc=com??sub?(cn=Some%20One)
.fi
.LP
returns
diff --git a/doc/man/man1/ldapwhoami.1 b/doc/man/man1/ldapwhoami.1
index 159df0d932ea95549ffe684656fc188bfe4bb5ea..3abb05313feb706b44dfd165d714128b6ce4bdd9 100644
--- a/doc/man/man1/ldapwhoami.1
+++ b/doc/man/man1/ldapwhoami.1
@@ -45,7 +45,7 @@ ldapwhoami \- LDAP who am i? tool
[\c
.BI \-Y \ mech\fR]
[\c
-.BR \-Z[Z] ]
+.BR \-Z [ Z ]]
.SH DESCRIPTION
.I ldapwhoami
implements the LDAP "Who Am I?" extended operation.
@@ -58,7 +58,7 @@ operation.
.B \-n
Show what would be done, but don't actually perform the whoami operation.
Useful for
-debugging in conjunction with -v.
+debugging in conjunction with \fB\-v\fP.
.TP
.B \-v
Run in verbose mode, with many diagnostics written to standard output.
@@ -73,7 +73,7 @@ Use simple authentication instead of SASL.
.TP
.BI \-D \ binddn
Use the Distinguished Name \fIbinddn\fP to bind to the LDAP directory.
-For SASL Binds, the server is expected to ignore this value.
+For SASL binds, the server is expected to ignore this value.
.TP
.B \-W
Prompt for simple authentication.
@@ -93,14 +93,11 @@ is expected.
.TP
.BI \-h \ ldaphost
Specify an alternate host on which the ldap server is running.
-Deprecated in favor of -H.
+Deprecated in favor of \fB\-H\fP.
.TP
.BI \-p \ ldapport
Specify an alternate TCP port where the ldap server is listening.
-Deprecated in favor of -H.
-.TP
-.BI \-P \ 2\fR\||\|\fI3
-Specify the LDAP protocol version to use.
+Deprecated in favor of \fB\-H\fP.
.TP
.BI \-O \ security-properties
Specify SASL security properties.
@@ -124,23 +121,20 @@ depends on the actual SASL mechanism used.
Specify the requested authorization ID for SASL bind.
.I authzid
must be one of the following formats:
-.B dn:\c
-.I <distinguished name>
+.BI dn: "<distinguished name>"
or
-.B u:\c
-.I <username>
+.BI u: <username>
.TP
.BI \-Y \ mech
Specify the SASL mechanism to be used for authentication. If it's not
specified, the program will choose the best mechanism the server knows.
.TP
-.B \-Z[Z]
+.BR \-Z [ Z ]
Issue StartTLS (Transport Layer Security) extended operation. If you use
-.B \-ZZ\c
-, the command will require the operation to be successful.
+\fB\-ZZ\fP, the command will require the operation to be successful.
.SH EXAMPLE
.nf
- ldapwhoami -x -D "cn=Manager,dc=example,dc=com" -W
+ ldapwhoami \-x \-D "cn=Manager,dc=example,dc=com" \-W
.fi
.SH "SEE ALSO"
.BR ldap.conf (5),
diff --git a/doc/man/man3/lber-decode.3 b/doc/man/man3/lber-decode.3
index bbc8ba4bc0956f83abe7738fd10ba42ba032af4e..eb3c8c9c2835493719d771ab460babfc2b0966e9 100644
--- a/doc/man/man3/lber-decode.3
+++ b/doc/man/man3/lber-decode.3
@@ -5,7 +5,7 @@
.SH NAME
ber_get_next, ber_skip_tag, ber_peek_tag, ber_scanf, ber_get_int, ber_get_enum, ber_get_stringb, ber_get_stringa, ber_get_stringal, ber_get_stringbv, ber_get_null, ber_get_boolean, ber_get_bitstring, ber_first_element, ber_next_element \- OpenLDAP LBER simplified Basic Encoding Rules library routines for decoding
.SH LIBRARY
-OpenLDAP LBER (liblber, -llber)
+OpenLDAP LBER (liblber, \-llber)
.SH SYNOPSIS
.B #include <lber.h>
.LP
diff --git a/doc/man/man3/lber-encode.3 b/doc/man/man3/lber-encode.3
index 0c56e2cbf80d52e6d8f41acc8a05986bcdfdb165..30ede66a3f7a54505eceb0074920f2a5604a9d53 100644
--- a/doc/man/man3/lber-encode.3
+++ b/doc/man/man3/lber-encode.3
@@ -5,7 +5,7 @@
.SH NAME
ber_alloc_t, ber_flush, ber_flush2, ber_printf, ber_put_int, ber_put_enum, ber_put_ostring, ber_put_string, ber_put_null, ber_put_boolean, ber_put_bitstring, ber_start_seq, ber_start_set, ber_put_seq, ber_put_set \- OpenLDAP LBER simplified Basic Encoding Rules library routines for encoding
.SH LIBRARY
-OpenLDAP LBER (liblber, -llber)
+OpenLDAP LBER (liblber, \-llber)
.SH SYNOPSIS
.B #include <lber.h>
.LP
@@ -266,14 +266,14 @@ can be achieved like so:
rc = ber_printf( ber, "{siiiib{v}}", dn, scope, ali,
size, time, attrsonly, attrs );
- if( rc == -1 ) {
+ if( rc == \-1 ) {
/* error */
} else {
/* success */
}
.fi
.SH ERRORS
-If an error occurs during encoding, generally these routines return -1.
+If an error occurs during encoding, generally these routines return \-1.
.LP
.SH NOTES
.LP
diff --git a/doc/man/man3/lber-memory.3 b/doc/man/man3/lber-memory.3
index 1a6e75b433bee26890511233038e0d5c55febb8f..05fe20656b894cf7b95232ca803431daab6e0e6c 100644
--- a/doc/man/man3/lber-memory.3
+++ b/doc/man/man3/lber-memory.3
@@ -5,7 +5,7 @@
.SH NAME
ber_memalloc, ber_memcalloc, ber_memrealloc, ber_memfree, ber_memvfree \- OpenLDAP LBER memory allocators
.SH LIBRARY
-OpenLDAP LBER (liblber, -llber)
+OpenLDAP LBER (liblber, \-llber)
.SH SYNOPSIS
.B #include <lber.h>
.LP
diff --git a/doc/man/man3/lber-sockbuf.3 b/doc/man/man3/lber-sockbuf.3
index fd4b1e9a793b3bd7ff160622fedbf1f0aa8410b6..0eda289566e376bcdac7b7b16edb0446ef4a7f69 100644
--- a/doc/man/man3/lber-sockbuf.3
+++ b/doc/man/man3/lber-sockbuf.3
@@ -5,7 +5,7 @@
.SH NAME
ber_sockbuf_alloc, ber_sockbuf_free, ber_sockbuf_ctrl, ber_sockbuf_add_io, ber_sockbuf_remove_io, Sockbuf_IO \- OpenLDAP LBER I/O infrastructure
.SH LIBRARY
-OpenLDAP LBER (liblber, -llber)
+OpenLDAP LBER (liblber, \-llber)
.SH SYNOPSIS
.B #include <lber.h>
.LP
@@ -83,7 +83,7 @@ Retrieves the file descriptor associated to the
.B arg
must be a
.BR "ber_socket_t *" .
-The return value will be 1 if a valid descriptor was present, -1 otherwise.
+The return value will be 1 if a valid descriptor was present, \-1 otherwise.
.TP
.B LBER_SB_OPT_SET_FD
Sets the file descriptor of the
@@ -101,7 +101,7 @@ the
.BR Sockbuf .
.B arg
should be NULL to disable and non-NULL to enable the non-blocking state.
-The return value will be 1 for success, -1 otherwise.
+The return value will be 1 for success, \-1 otherwise.
.TP
.B LBER_SB_OPT_DRAIN
Flush (read and discard) all available input on the
diff --git a/doc/man/man3/lber-types.3 b/doc/man/man3/lber-types.3
index b777d3e77a80e69e0cd7d9f4ed73ff6bc86415d5..fbeeb8fde2e1743d9f17078a493f7ee9b5d22155 100644
--- a/doc/man/man3/lber-types.3
+++ b/doc/man/man3/lber-types.3
@@ -5,7 +5,7 @@
.SH NAME
ber_int_t, ber_uint_t, ber_len_t, ber_slen_t, ber_tag_t, struct berval, BerValue, BerVarray, BerElement, ber_bvfree, ber_bvecfree, ber_bvecadd, ber_bvarray_free, ber_bvarray_add, ber_bvdup, ber_dupbv, ber_bvstr, ber_bvstrdup, ber_str2bv, ber_alloc_t, ber_init, ber_init2, ber_free \- OpenLDAP LBER types and allocation functions
.SH LIBRARY
-OpenLDAP LBER (liblber, -llber)
+OpenLDAP LBER (liblber, \-llber)
.SH SYNOPSIS
.B #include <lber.h>
.LP
diff --git a/doc/man/man3/ldap.3 b/doc/man/man3/ldap.3
index c6ce70d964d04b7f42942ca0ed6eb01674cadee0..7b41f46c342ba5281bbd40dcf171fd045e8e689c 100644
--- a/doc/man/man3/ldap.3
+++ b/doc/man/man3/ldap.3
@@ -5,7 +5,7 @@
.SH NAME
ldap \- OpenLDAP Lightweight Directory Access Protocol API
.SH LIBRARY
-OpenLDAP LDAP (libldap, -lldap)
+OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
@@ -77,15 +77,15 @@ should use
to select version 3. The library manual pages assume version 3
has been selected.
.SH INPUT and OUTPUT PARAMETERS
-All character string input/output is expected to be/is UTF\-8
+All character string input/output is expected to be/is UTF-8
encoded Unicode (version 3.2).
.LP
Distinguished names (DN) (and relative distinguished names (RDN) to
-be passed to the LDAP routines should conform to RFC 4514 UTF\-8
+be passed to the LDAP routines should conform to RFC 4514 UTF-8
string representation.
.LP
Search filters to be passed to the search routines are to be
-constructed by hand and should conform to RFC 4515 UTF\-8
+constructed by hand and should conform to RFC 4515 UTF-8
string representation.
.LP
LDAP URLs to be passed to routines are expected to conform
diff --git a/doc/man/man3/ldap_abandon.3 b/doc/man/man3/ldap_abandon.3
index 7d2146ce2198a2a2d0c36f4a13e017a2f1d68d9e..5373fe3d4110b3117c4bdb0d1bb864834798320e 100644
--- a/doc/man/man3/ldap_abandon.3
+++ b/doc/man/man3/ldap_abandon.3
@@ -5,7 +5,7 @@
.SH NAME
ldap_abandon_ext \- Abandon an LDAP operation in progress
.SH LIBRARY
-OpenLDAP LDAP (libldap, -lldap)
+OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.B
diff --git a/doc/man/man3/ldap_add.3 b/doc/man/man3/ldap_add.3
index e6a054a91587fc2b6181d2ac434a6c5eb4d48a1e..54da417b2da0559d0b890c75489e9e551e17677f 100644
--- a/doc/man/man3/ldap_add.3
+++ b/doc/man/man3/ldap_add.3
@@ -5,7 +5,7 @@
.SH NAME
ldap_add_ext, ldap_add_ext_s \- Perform an LDAP add operation
.SH LIBRARY
-OpenLDAP LDAP (libldap, -lldap)
+OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.ft B
#include <ldap.h>
diff --git a/doc/man/man3/ldap_bind.3 b/doc/man/man3/ldap_bind.3
index 20f65c6ccaef89ec58c7ce0224dcbe3f6ad39fea..d4b12503a076a3ea2ffeb7b991aef2722e21787a 100644
--- a/doc/man/man3/ldap_bind.3
+++ b/doc/man/man3/ldap_bind.3
@@ -5,7 +5,7 @@
.SH NAME
ldap_bind, ldap_bind_s, ldap_simple_bind, ldap_simple_bind_s, ldap_sasl_bind, ldap_sasl_bind_s, ldap_sasl_interactive_bind_s, ldap_parse_sasl_bind_result, ldap_unbind, ldap_unbind_s, ldap_unbind_ext, ldap_unbind_ext_s, ldap_set_rebind_proc \- LDAP bind routines
.SH LIBRARY
-OpenLDAP LDAP (libldap, -lldap)
+OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.B #include <ldap.h>
@@ -267,7 +267,7 @@ and
.B ldap_unbind_ext_s()
allows the operations to specify controls.
.SH ERRORS
-Asynchronous routines will return -1 in case of error, setting the
+Asynchronous routines will return \-1 in case of error, setting the
\fIld_errno\fP parameter of the \fIld\fP structure. Synchronous
routines return whatever \fIld_errno\fP is set to. See
.BR ldap_error (3)
diff --git a/doc/man/man3/ldap_compare.3 b/doc/man/man3/ldap_compare.3
index 30d9ce1c8522c998090f246f608a48d5e7bd000e..d1c54d83ead8ce77f8eb006fc2bde3911310a685 100644
--- a/doc/man/man3/ldap_compare.3
+++ b/doc/man/man3/ldap_compare.3
@@ -5,7 +5,7 @@
.SH NAME
ldap_compare, ldap_compare_s, ldap_compare_ext, ldap_compare_ext_s \- Perform an LDAP compare operation.
.SH LIBRARY
-OpenLDAP LDAP (libldap, -lldap)
+OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
diff --git a/doc/man/man3/ldap_controls.3 b/doc/man/man3/ldap_controls.3
index dcda029e3bd5846bc785f1656c25e668517fbba5..526c887fae783144edd3653c7833deb3f7388e1c 100644
--- a/doc/man/man3/ldap_controls.3
+++ b/doc/man/man3/ldap_controls.3
@@ -7,7 +7,7 @@ ldap_control_create, ldap_control_find, ldap_control_dup,
ldap_controls_dup, ldap_control_free, ldap_controls_free
\- LDAP control manipulation routines
.SH LIBRARY
-OpenLDAP LDAP (libldap, -lldap)
+OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.B #include <ldap.h>
.LP
diff --git a/doc/man/man3/ldap_delete.3 b/doc/man/man3/ldap_delete.3
index 42ff0a835d15f7d43c0aae5786deaaa6dd00e642..a5c9418888d98041ba9013bbbf075376c0584bd8 100644
--- a/doc/man/man3/ldap_delete.3
+++ b/doc/man/man3/ldap_delete.3
@@ -5,7 +5,7 @@
.SH NAME
ldap_delete, ldap_delete_s, ldap_delete_ext, ldap_delete_ext_s \- Perform an LDAP delete operation.
.SH LIBRARY
-OpenLDAP LDAP (libldap, -lldap)
+OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
@@ -74,7 +74,7 @@ by calling one of
.BR ldap_perror (3)
and friends.
.B ldap_delete()
-returns -1 if something went wrong initiating the request. It returns the
+returns \-1 if something went wrong initiating the request. It returns the
non-negative message id of the request if things went ok.
.LP
.B ldap_delete_ext()
diff --git a/doc/man/man3/ldap_error.3 b/doc/man/man3/ldap_error.3
index 0167f4e0e724c63e0ecd7830842e1fbff6a26e1f..c3809c51596ad9b2e0faf5d6a7f38dad0fc0a391 100644
--- a/doc/man/man3/ldap_error.3
+++ b/doc/man/man3/ldap_error.3
@@ -5,7 +5,7 @@
.SH NAME
ldap_perror, ld_errno, ldap_result2error, ldap_errlist, ldap_err2string \- LDAP protocol error handling routines
.SH LIBRARY
-OpenLDAP LDAP (libldap, -lldap)
+OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
diff --git a/doc/man/man3/ldap_extended_operation.3 b/doc/man/man3/ldap_extended_operation.3
index 6a2f913dcbd38a7e71a01691a502dd5bf8281798..656fa0335a225ce72b2f2060d7a9b1e3d4336c8f 100644
--- a/doc/man/man3/ldap_extended_operation.3
+++ b/doc/man/man3/ldap_extended_operation.3
@@ -5,7 +5,7 @@
.SH NAME
ldap_extended_operation, ldap_extended_operation_s \- Extends the LDAP operations to the LDAP server.
.SH LIBRARY
-OpenLDAP LDAP (libldap, -lldap)
+OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
diff --git a/doc/man/man3/ldap_first_attribute.3 b/doc/man/man3/ldap_first_attribute.3
index ce21416d75bc94491e943e6c13489610c8415ea7..db68db3d8181280e35d1ed107a33e7b2df6ac6cc 100644
--- a/doc/man/man3/ldap_first_attribute.3
+++ b/doc/man/man3/ldap_first_attribute.3
@@ -5,7 +5,7 @@
.SH NAME
ldap_first_attribute, ldap_next_attribute \- step through LDAP entry attributes
.SH LIBRARY
-OpenLDAP LDAP (libldap, -lldap)
+OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
diff --git a/doc/man/man3/ldap_first_entry.3 b/doc/man/man3/ldap_first_entry.3
index 65dd6ed97b3b08ed9542d9fd865a7c1256daf89e..e20538e4a05e3ef355d4be70486fa88d9466c831 100644
--- a/doc/man/man3/ldap_first_entry.3
+++ b/doc/man/man3/ldap_first_entry.3
@@ -5,7 +5,7 @@
.SH NAME
ldap_first_entry, ldap_next_entry, ldap_count_entries \- LDAP result entry parsing and counting routines
.SH LIBRARY
-OpenLDAP LDAP (libldap, -lldap)
+OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
diff --git a/doc/man/man3/ldap_first_message.3 b/doc/man/man3/ldap_first_message.3
index 7feb36d980a5eb766a5f51250530b192d44593a2..c718e3000fc8207f09a913dcb14df851c99e6c67 100644
--- a/doc/man/man3/ldap_first_message.3
+++ b/doc/man/man3/ldap_first_message.3
@@ -5,7 +5,7 @@
.SH NAME
ldap_first_message, ldap_next_message, ldap_count_messages \- Stepping through messages in a result chain
.SH LIBRARY
-OpenLDAP LDAP (libldap, -lldap)
+OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
diff --git a/doc/man/man3/ldap_first_reference.3 b/doc/man/man3/ldap_first_reference.3
index 728df31411ba69ac414c62eb276f927d0b60d215..004604e96c4734abc6034784697f36281cbe94cb 100644
--- a/doc/man/man3/ldap_first_reference.3
+++ b/doc/man/man3/ldap_first_reference.3
@@ -5,7 +5,7 @@
.SH NAME
ldap_first_reference, ldap_next_reference, ldap_count_references \- Stepping through continuation references in a result chain
.SH LIBRARY
-OpenLDAP LDAP (libldap, -lldap)
+OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
diff --git a/doc/man/man3/ldap_get_dn.3 b/doc/man/man3/ldap_get_dn.3
index 4dd3ece6e0b09f82edc85f0e94669c6eb3b0edfa..0ce5c2e1680e2b49ce162859c2894ea29061b156 100644
--- a/doc/man/man3/ldap_get_dn.3
+++ b/doc/man/man3/ldap_get_dn.3
@@ -5,7 +5,7 @@
.SH NAME
ldap_get_dn, ldap_explode_dn, ldap_explode_rdn, ldap_dn2ufn \- LDAP DN handling routines
.SH LIBRARY
-OpenLDAP LDAP (libldap, -lldap)
+OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
diff --git a/doc/man/man3/ldap_get_option.3 b/doc/man/man3/ldap_get_option.3
index a7f1939ed46a0042e148b5e15b1fce9844934448..a9631db4c8810dfa1ff69c6476f6860ad82894e5 100644
--- a/doc/man/man3/ldap_get_option.3
+++ b/doc/man/man3/ldap_get_option.3
@@ -5,7 +5,7 @@
.SH NAME
ldap_get_option, ldap_set_option \- LDAP option handling routines
.SH LIBRARY
-OpenLDAP LDAP (libldap, -lldap)
+OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.B #include <ldap.h>
@@ -66,7 +66,7 @@ and
.B invalue
must be a
.BR "struct timeval *" ,
-and they cannot be NULL. Using a struct with seconds set to -1 results
+and they cannot be NULL. Using a struct with seconds set to \-1 results
in an infinite timeout, which is the default.
.TP
.B LDAP_OPT_NETWORK_TIMEOUT
@@ -84,7 +84,7 @@ and
.B invalue
must be a
.BR "struct timeval *" ,
-and they cannot be NULL. Using a struct with seconds set to -1 results
+and they cannot be NULL. Using a struct with seconds set to \-1 results
in an infinite timeout, which is the default.
.TP
.B LDAP_OPT_DEREF
diff --git a/doc/man/man3/ldap_get_values.3 b/doc/man/man3/ldap_get_values.3
index 5b0ac49e2707f8b6f6ebaa55ac0ad37a3573d18e..d157fc60736d2eafd89c331437785833f8761f4f 100644
--- a/doc/man/man3/ldap_get_values.3
+++ b/doc/man/man3/ldap_get_values.3
@@ -5,7 +5,7 @@
.SH NAME
ldap_get_values, ldap_get_values_len, ldap_count_values \- LDAP attribute value handling routines
.SH LIBRARY
-OpenLDAP LDAP (libldap, -lldap)
+OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
diff --git a/doc/man/man3/ldap_memory.3 b/doc/man/man3/ldap_memory.3
index 94e403c85418e7581fbabe7bd2e333e5bf5a84a8..f3e8e8e3096bdfe9f0571ef3d0d3555bd8befa35 100644
--- a/doc/man/man3/ldap_memory.3
+++ b/doc/man/man3/ldap_memory.3
@@ -5,7 +5,7 @@
.SH NAME
ldap_memfree, ldap_memvfree, ldap_memalloc, ldap_memcalloc, ldap_memrealloc, ldap_strdup \- LDAP memory allocation routines
.SH LIBRARY
-OpenLDAP LDAP (libldap, -lldap)
+OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.B #include <ldap.h>
.LP
diff --git a/doc/man/man3/ldap_modify.3 b/doc/man/man3/ldap_modify.3
index 8fa2c884b74c6a252f0616cc647529c02bc00763..8425834e5136b18fdcfa141b95a9c8741916bd43 100644
--- a/doc/man/man3/ldap_modify.3
+++ b/doc/man/man3/ldap_modify.3
@@ -5,7 +5,7 @@
.SH NAME
ldap_modify_ext, ldap_modify_ext_s \- Perform an LDAP modify operation
.SH LIBRARY
-OpenLDAP LDAP (libldap, -lldap)
+OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
diff --git a/doc/man/man3/ldap_modrdn.3 b/doc/man/man3/ldap_modrdn.3
index aa4e6ea17f3ffa6ca32d56d4cb0188ad5aaa640b..7e6f692faa423aaede370ce19bc6e408d524ff27 100644
--- a/doc/man/man3/ldap_modrdn.3
+++ b/doc/man/man3/ldap_modrdn.3
@@ -5,7 +5,7 @@
.SH NAME
ldap_modrdn, ldap_modrdn_s, ldap_modrdn2, ldap_modrdn2_s \- Perform an LDAP modify RDN operation
.SH LIBRARY
-OpenLDAP LDAP (libldap, -lldap)
+OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
@@ -68,7 +68,7 @@ the entry or not.
.SH ERRORS
The synchronous (_s) versions of these routines return an LDAP error
code, either LDAP_SUCCESS or an error if there was trouble.
-The asynchronous versions return -1 in case
+The asynchronous versions return \-1 in case
of trouble, setting the
.B ld_errno
field of \fIld\fP. See
diff --git a/doc/man/man3/ldap_open.3 b/doc/man/man3/ldap_open.3
index 146f50a6e5dc15d27708a7e528c704f5f624d618..0636fc925539bc920c9c6b6c2349cfd08d0aa7ac 100644
--- a/doc/man/man3/ldap_open.3
+++ b/doc/man/man3/ldap_open.3
@@ -5,7 +5,7 @@
.SH NAME
ldap_init, ldap_initialize, ldap_open \- Initialize the LDAP library and open a connection to an LDAP server
.SH LIBRARY
-OpenLDAP LDAP (libldap, -lldap)
+OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
diff --git a/doc/man/man3/ldap_parse_reference.3 b/doc/man/man3/ldap_parse_reference.3
index 4489933d40c4f284e7c59867e63d933f080ad35c..fc409b576a258cc9c6a4ad5debd534793470509e 100644
--- a/doc/man/man3/ldap_parse_reference.3
+++ b/doc/man/man3/ldap_parse_reference.3
@@ -5,7 +5,7 @@
.SH NAME
ldap_parse_reference \- Extract referrals and controls from a reference message
.SH LIBRARY
-OpenLDAP LDAP (libldap, -lldap)
+OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
diff --git a/doc/man/man3/ldap_parse_result.3 b/doc/man/man3/ldap_parse_result.3
index ce341f331b3124e442a3deed20946a7a52d94f4f..dc6fe11b4a1636119ec40726ea7ed333f6bc2f62 100644
--- a/doc/man/man3/ldap_parse_result.3
+++ b/doc/man/man3/ldap_parse_result.3
@@ -5,7 +5,7 @@
.SH NAME
ldap_parse_result \- Parsing results
.SH LIBRARY
-OpenLDAP LDAP (libldap, -lldap)
+OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
diff --git a/doc/man/man3/ldap_parse_sort_control.3 b/doc/man/man3/ldap_parse_sort_control.3
index a46b0e8fdb8acd656f6b8d7d368142260b75115e..9d865e83b29b194ffef6032dc9ac934328f8d687 100644
--- a/doc/man/man3/ldap_parse_sort_control.3
+++ b/doc/man/man3/ldap_parse_sort_control.3
@@ -5,7 +5,7 @@
.SH NAME
ldap_parse_sort_control \- Decode the information returned from a search operation that used a server-side sort control
.SH LIBRARY
-OpenLDAP LDAP (libldap, -lldap)
+OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
diff --git a/doc/man/man3/ldap_parse_vlv_control.3 b/doc/man/man3/ldap_parse_vlv_control.3
index b0fb45e597003f40614c4313a8d43163cec5fc43..d71bda1175866a1d90f1ed2d7eaa053357d3575a 100644
--- a/doc/man/man3/ldap_parse_vlv_control.3
+++ b/doc/man/man3/ldap_parse_vlv_control.3
@@ -5,7 +5,7 @@
.SH NAME
ldap_parse_vlv_control \- Decode the information returned from a search operation that used a VLV (virtual list view) control
.SH LIBRARY
-OpenLDAP LDAP (libldap, -lldap)
+OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
diff --git a/doc/man/man3/ldap_rename.3 b/doc/man/man3/ldap_rename.3
index d0ee439b23a46018c01a84155d13a8d9e8aa3e09..7a0b453f38f723ddec1547c4a6ff1d59a2bcf06a 100644
--- a/doc/man/man3/ldap_rename.3
+++ b/doc/man/man3/ldap_rename.3
@@ -5,7 +5,7 @@
.SH NAME
ldap_rename, ldap_rename_s \- Renames the specified entry.
.SH LIBRARY
-OpenLDAP LDAP (libldap, -lldap)
+OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
@@ -54,7 +54,7 @@ it initiated. The result of this operation can be obtained by calling
.BR ldap_result(3).
.SH ERRORS
.B ldap_rename()
-returns -1 in case of error initiating the request, and
+returns \-1 in case of error initiating the request, and
will set the \fIld_errno\fP field in the \fIld\fP parameter to
indicate the error.
.BR ldap_rename_s()
diff --git a/doc/man/man3/ldap_result.3 b/doc/man/man3/ldap_result.3
index 65aca1e44dc9b1675cc6ebfa77f1a46d1539a69a..b2866cdbd32bc610fcf87c16f8efb2e2a85d984a 100644
--- a/doc/man/man3/ldap_result.3
+++ b/doc/man/man3/ldap_result.3
@@ -5,7 +5,7 @@
.SH NAME
ldap_result \- Wait for the result of an LDAP operation
.SH LIBRARY
-OpenLDAP LDAP (libldap, -lldap)
+OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
@@ -29,7 +29,7 @@ an operation previously initiated by one of the LDAP asynchronous
operation routines (e.g.,
.BR ldap_search_ext (3),
.BR ldap_modify_ext (3),
-etc.). Those routines all return -1 in case of error, and an
+etc.). Those routines all return \-1 in case of error, and an
invocation identifier upon successful initiation of the operation. The
invocation identifier is picked by the library and is guaranteed to be
unique across the LDAP session. It can be used to request the result
@@ -118,12 +118,12 @@ The
routine returns the message id of a message.
.SH ERRORS
.B ldap_result()
-returns -1 if something bad happens, and zero if the
+returns \-1 if something bad happens, and zero if the
timeout specified was exceeded.
.B ldap_msgtype()
and
.B ldap_msgid()
-return -1 on error.
+return \-1 on error.
.SH SEE ALSO
.BR ldap (3),
.BR ldap_first_message (3),
diff --git a/doc/man/man3/ldap_schema.3 b/doc/man/man3/ldap_schema.3
index 832370998599e2204c7270870ba7773226004e01..0fc4fd15373399e1abb3c4dec6025f5dafad2eac 100644
--- a/doc/man/man3/ldap_schema.3
+++ b/doc/man/man3/ldap_schema.3
@@ -5,7 +5,7 @@
.SH NAME
ldap_str2syntax, ldap_syntax2str, ldap_syntax2name, ldap_syntax_free, ldap_str2matchingrule, ldap_matchingrule2str, ldap_matchingrule2name, ldap_matchingrule_free, ldap_str2attributetype, ldap_attributetype2str, ldap_attributetype2name, ldap_attributetype_free, ldap_str2objectclass, ldap_objectclass2str, ldap_objectclass2name, ldap_objectclass_free, ldap_scherr2str \- Schema definition handling routines
.SH LIBRARY
-OpenLDAP LDAP (libldap, -lldap)
+OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
diff --git a/doc/man/man3/ldap_search.3 b/doc/man/man3/ldap_search.3
index 787dd1c7a339cfb632250bd16869dc8b00acf2e8..770ed3b5bd9f99086df7013c7d442479916c69a1 100644
--- a/doc/man/man3/ldap_search.3
+++ b/doc/man/man3/ldap_search.3
@@ -5,7 +5,7 @@
.SH NAME
ldap_search, ldap_search_s, ldap_search_st, ldap_search_ext, ldap_search_ext_s \- Perform an LDAP search operation
.SH LIBRARY
-OpenLDAP LDAP (libldap, -lldap)
+OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
diff --git a/doc/man/man3/ldap_sort.3 b/doc/man/man3/ldap_sort.3
index 0af6cb74a2b204f7ec9bd4ea93f971ad7727d952..ec916840e6ad34e50235f6cec9779df21654a8b6 100644
--- a/doc/man/man3/ldap_sort.3
+++ b/doc/man/man3/ldap_sort.3
@@ -5,7 +5,7 @@
.SH NAME
ldap_sort_entries, ldap_sort_values, ldap_sort_strcasecmp \- LDAP sorting routines (deprecated)
.SH LIBRARY
-OpenLDAP LDAP (libldap, -lldap)
+OpenLDAP LDAP (libldap, \-lldap)
.SH DESCRIPTION
The
.BR ldap_sort_entries (),
diff --git a/doc/man/man3/ldap_sync.3 b/doc/man/man3/ldap_sync.3
index 5638191701fdf9b9996178c72ec1e37bf70e3a15..cdb2cdc0cba977796e2a12255ef041b851d4fa97 100644
--- a/doc/man/man3/ldap_sync.3
+++ b/doc/man/man3/ldap_sync.3
@@ -5,7 +5,7 @@
.SH NAME
ldap_sync_init, ldap_sync_init_refresh_only, ldap_sync_init_refresh_and_persist, ldap_sync_poll \- LDAP sync routines
.SH LIBRARY
-OpenLDAP LDAP (libldap, -lldap)
+OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.B #include <ldap.h>
@@ -98,7 +98,7 @@ to indicate no limit.
The desired timeout during polling with
.BR ldap_sync_poll (3).
A value of
-.BR -1
+.BR \-1
means that polling is blocking, so
.BR ldap_sync_poll (3)
will not return until a message is received; a value of
@@ -218,7 +218,7 @@ the regular client API routines, like
.BR ldap_parse_result (3).
The
.BR refreshDeletes
-argument is not relevant in this case; it should always be -1.
+argument is not relevant in this case; it should always be \-1.
.TP
.BI "void *" ls_private
A pointer to private data. The client may register here
@@ -291,7 +291,7 @@ in this case, it might be appropriate to set
.BR ls_timeout
to 0, or to set it to a finite, small value.
Otherwise, if the client's main purpose consists in waiting for
-responses, a timeout of -1 is most suitable, so that the function
+responses, a timeout of \-1 is most suitable, so that the function
only returns after some data has been received and handled.
.SH ERRORS
diff --git a/doc/man/man3/ldap_tls.3 b/doc/man/man3/ldap_tls.3
index 1439da7d2a4167e211a0f26d650de8424af1d113..b69efabf93fc5756b7fff593e59511c19bba59d6 100644
--- a/doc/man/man3/ldap_tls.3
+++ b/doc/man/man3/ldap_tls.3
@@ -5,7 +5,7 @@
.SH NAME
ldap_start_tls, ldap_start_tls_s, ldap_tls_inplace, ldap_install_tls \- LDAP TLS initialization routines
.SH LIBRARY
-OpenLDAP LDAP (libldap, -lldap)
+OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.B #include <ldap.h>
.LP
diff --git a/doc/man/man3/ldap_url.3 b/doc/man/man3/ldap_url.3
index 0ede2ccaa873a065175d7cdd1580ba38f9f28062..3e7cdd6355c6e8403539a05651a6690ff2820600 100644
--- a/doc/man/man3/ldap_url.3
+++ b/doc/man/man3/ldap_url.3
@@ -5,7 +5,7 @@
.SH NAME
ldap_is_ldap_url, ldap_url_parse, ldap_free_urldesc \- LDAP Uniform Resource Locator routines
.SH LIBRARY
-OpenLDAP LDAP (libldap, -lldap)
+OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
diff --git a/doc/man/man5/ldap.conf.5 b/doc/man/man5/ldap.conf.5
index e4b43af6b0548712bf96db9ac64dfd52b946806f..cea93fab196de20f8f86187bcf966aba00856f5d 100644
--- a/doc/man/man5/ldap.conf.5
+++ b/doc/man/man5/ldap.conf.5
@@ -40,7 +40,7 @@ The name of the variable is the option name with an added prefix of \fBLDAP\fP.
For example, to define \fBBASE\fP via the environment, set the variable
\fBLDAPBASE\fP to the desired value.
.LP
-Some options are user\-only. Such options are ignored if present
+Some options are user-only. Such options are ignored if present
in the
.I ldap.conf
(or file specified by
@@ -127,7 +127,7 @@ The base must be specified as a Distinguished Name in LDAP format.
.B BINDDN <dn>
Specifies the default bind DN to use when performing ldap operations.
The bind DN must be specified as a Distinguished Name in LDAP format.
-.B This is a user\-only option.
+.B This is a user-only option.
.TP
.B DEREF <when>
Specifies how alias dereferencing is done when performing a search. The
@@ -211,19 +211,19 @@ there are more options you can specify.
.TP
.B SASL_MECH <mechanism>
Specifies the SASL mechanism to use.
-.B This is a user\-only option.
+.B This is a user-only option.
.TP
.B SASL_REALM <realm>
Specifies the SASL realm.
-.B This is a user\-only option.
+.B This is a user-only option.
.TP
.B SASL_AUTHCID <authcid>
Specifies the authentication identity.
-.B This is a user\-only option.
+.B This is a user-only option.
.TP
.B SASL_AUTHZID <authcid>
Specifies the proxy authorization identity.
-.B This is a user\-only option.
+.B This is a user-only option.
.TP
.B SASL_SECPROPS <properties>
Specifies Cyrus SASL security properties. The
@@ -312,7 +312,7 @@ This parameter is ignored with GNUtls.
.TP
.B TLS_CERT <filename>
Specifies the file that contains the client certificate.
-.B This is a user\-only option.
+.B This is a user-only option.
.TP
.B TLS_KEY <filename>
Specifies the file that contains the private key that matches the certificate
@@ -320,7 +320,7 @@ stored in the
.B TLS_CERT
file. Currently, the private key must not be protected with a password, so
it is of critical importance that the key file is protected carefully.
-.B This is a user\-only option.
+.B This is a user-only option.
.TP
.B TLS_CIPHER_SUITE <cipher-suite-spec>
Specifies acceptable cipher suite and preference order.
@@ -330,13 +330,13 @@ e.g., HIGH:MEDIUM:+SSLv2.
To check what ciphers a given spec selects, use:
.nf
- openssl ciphers -v <cipher-suite-spec>
+ openssl ciphers \-v <cipher-suite-spec>
.fi
To obtain the list of ciphers in GNUtls use:
.nf
- gnutls-cli -l
+ gnutls-cli \-l
.fi
.TP
.B TLS_RANDFILE <filename>
diff --git a/doc/man/man5/ldif.5 b/doc/man/man5/ldif.5
index 9b8696fadd38c073962369edee4383fdc79e1c43..9312ca2aa6bfb634c2889bd8e1113f57db65a0a1 100644
--- a/doc/man/man5/ldif.5
+++ b/doc/man/man5/ldif.5
@@ -136,7 +136,7 @@ of \fImodify\fP, the format is one or more of the following:
<attrdesc>: <value1>
<attrdesc>: <value2>
...
- -
+ \-
.fi
.LP
Or, for a replace modification:
@@ -146,7 +146,7 @@ Or, for a replace modification:
<attrdesc>: <value1>
<attrdesc>: <value2>
...
- -
+ \-
.fi
.LP
If no \fIattributetype\fP lines are given to replace,
@@ -159,7 +159,7 @@ Or, for a delete modification:
<attrdesc>: <value1>
<attrdesc>: <value2>
...
- -
+ \-
.fi
.LP
If no \fIattributetype\fP lines are given to delete,
@@ -215,13 +215,13 @@ of each type of change.
add: givenName
givenName: Barbara
givenName: babs
- -
+ \-
replace: description
description: the fabulous babs
- -
+ \-
delete: sn
sn: jensen
- -
+ \-
dn: cn=Babs Jensen,dc=example,dc=com
changetype: modrdn
@@ -270,7 +270,7 @@ commands.
.BR ldapmodify (1),
.BR slapadd (8),
.BR slapcat (8),
-.BR slapd-ldif (5),
+.BR slapd\-ldif (5),
.BR slapd.replog (5).
.LP
"LDAP Data Interchange Format," Good, G., RFC 2849.
diff --git a/doc/man/man5/slapd-bdb.5 b/doc/man/man5/slapd-bdb.5
index 94aaece6e812f8a427a7593659e79077457f2335..ec3210e0ae6d5b7890d3a6e1a1bd0f4a9e973632 100644
--- a/doc/man/man5/slapd-bdb.5
+++ b/doc/man/man5/slapd-bdb.5
@@ -3,7 +3,7 @@
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.\" $OpenLDAP$
.SH NAME
-slapd-bdb, slapd-hdb \- Berkeley DB backends to slapd
+slapd\-bdb, slapd\-hdb \- Berkeley DB backends to slapd
.SH SYNOPSIS
.B ETCDIR/slapd.conf
.SH DESCRIPTION
@@ -83,7 +83,7 @@ or
.B cryptfile
may be configured.
.TP
-.BI dbconfig \ <Berkeley\-DB\-setting>
+.BI dbconfig \ <Berkeley-DB-setting>
Specify a configuration directive to be placed in the
.B DB_CONFIG
file of the database directory. The
@@ -123,7 +123,7 @@ file is 16, the default for all other files depends on the size of the
underlying filesystem's block size (typically 4 or 8).
The maximum that BerkeleyDB supports is 64. This
setting usually should not need to be changed, but if BerkeleyDB's
-"db_stat -d" shows a large amount of overflow pages in use in a file,
+"db_stat \-d" shows a large amount of overflow pages in use in a file,
setting a larger size may increase performance at the expense of
data integrity. This setting only takes effect when a database is
being newly created. See the Berkeley DB reference guide for more details.
@@ -133,7 +133,7 @@ Specify the directory where the BDB files containing this database and
associated indexes live.
A separate directory must be specified for each database.
The default is
-.BR LOCALSTATEDIR/openldap-data .
+.BR LOCALSTATEDIR/openldap\-data .
.TP
.B dirtyread
Allow reads of modified but not yet committed data.
diff --git a/doc/man/man5/slapd-config.5 b/doc/man/man5/slapd-config.5
index 06197ed4dd9a4e17582bfe563ad6cadd9a9e64e4..c95c2a87acbac5b5e669fa00eddf846ebba9ef23 100644
--- a/doc/man/man5/slapd-config.5
+++ b/doc/man/man5/slapd-config.5
@@ -3,7 +3,7 @@
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.\" $OpenLDAP$
.SH NAME
-slapd-config \- configuration backend to slapd
+slapd\-config \- configuration backend to slapd
.SH SYNOPSIS
ETCDIR/slapd.d
.SH DESCRIPTION
@@ -109,7 +109,7 @@ reading the attribute via LDAP, the items will be returned as individual
attribute values.
Backend-specific options are discussed in the
-.B slapd-<backend>(5)
+.B slapd\-<backend>(5)
manual pages. Refer to the "OpenLDAP Administrator's Guide" for more
details on configuring slapd.
.SH GLOBAL CONFIGURATION OPTIONS
@@ -148,26 +148,26 @@ server's command line (program name and options).
.TP
.B olcAttributeOptions: <option-name>...
Define tagging attribute options or option tag/range prefixes.
-Options must not end with `-', prefixes must end with `-'.
-The `lang-' prefix is predefined.
+Options must not end with `\-', prefixes must end with `\-'.
+The `lang\-' prefix is predefined.
If you use the
.B olcAttributeOptions
-directive, `lang-' will no longer be defined and you must specify it
+directive, `lang\-' will no longer be defined and you must specify it
explicitly if you want it defined.
An attribute description with a tagging option is a subtype of that
attribute description without the option.
Except for that, options defined this way have no special semantics.
-Prefixes defined this way work like the `lang-' options:
+Prefixes defined this way work like the `lang\-' options:
They define a prefix for tagging options starting with the prefix.
-That is, if you define the prefix `x-foo-', you can use the option
-`x-foo-bar'.
+That is, if you define the prefix `x\-foo\-', you can use the option
+`x\-foo\-bar'.
Furthermore, in a search or compare, a prefix or range name (with
-a trailing `-') matches all options starting with that name, as well
-as the option with the range name sans the trailing `-'.
-That is, `x-foo-bar-' matches `x-foo-bar' and `x-foo-bar-baz'.
+a trailing `\-') matches all options starting with that name, as well
+as the option with the range name sans the trailing `\-'.
+That is, `x\-foo\-bar\-' matches `x\-foo\-bar' and `x\-foo\-bar\-baz'.
-RFC 4520 reserves options beginning with `x-' for private experiments.
+RFC 4520 reserves options beginning with `x\-' for private experiments.
Other options should be registered with IANA, see RFC 4520 section 3.5.
OpenLDAP also has the `binary' option built in, but this is a transfer
option, not a tagging option.
@@ -436,7 +436,7 @@ A SIGHUP signal will only cause a 'gentle' shutdown-attempt:
will stop listening for new connections, but will not close the
connections to the current clients. Future write operations return
unwilling-to-perform, though. Slapd terminates when all clients
-have closed their connections (if they ever do), or \- as before \-
+have closed their connections (if they ever do), or - as before -
if it receives a SIGTERM signal. This can be useful if you wish to
terminate the server and start a new
.B slapd
@@ -601,7 +601,7 @@ or as a list of the names that are shown between brackets, such that
are equivalent.
The keyword
.B any
-can be used as a shortcut to enable logging at all levels (equivalent to -1).
+can be used as a shortcut to enable logging at all levels (equivalent to \-1).
The keyword
.BR none ,
or the equivalent integer representation, causes those messages
@@ -652,7 +652,7 @@ If multiple values are specified, each url is provided.
.B olcReverseLookup: TRUE | FALSE
Enable/disable client name unverified reverse lookup (default is
.BR FALSE
-if compiled with --enable-rlookups).
+if compiled with \-\-enable\-rlookups).
.TP
.B olcRootDSE: <file>
Specify the name of an LDIF(5) file containing user defined attributes
@@ -663,7 +663,7 @@ The root DSE is an entry with information about the server and its
capabilities, in operational attributes.
It has the empty DN, and can be read with e.g.:
.ti +4
-ldapsearch -x -b "" -s base "+"
+ldapsearch \-x \-b "" \-s base "+"
.br
See RFC 4512 section 5.1 for details.
.TP
@@ -776,13 +776,13 @@ olcTLSCipherSuite: HIGH:MEDIUM:+SSLv2
To check what ciphers a given spec selects in OpenSSL, use:
.nf
- openssl ciphers -v <cipher-suite-spec>
+ openssl ciphers \-v <cipher-suite-spec>
.fi
To obtain the list of ciphers in GNUtls use:
.nf
- gnutls-cli -l
+ gnutls-cli \-l
.fi
.TP
.B olcTLSCACertificateFile: <filename>
@@ -893,7 +893,7 @@ is only valid when using GNUtls.
.SH DYNAMIC MODULE OPTIONS
If
.B slapd
-is compiled with --enable-modules then the module-related entries will
+is compiled with \-\-enable\-modules then the module-related entries will
be available. These entries are named
.B cn=module{x},cn=config
and
@@ -1023,7 +1023,7 @@ and must have the olcDatabaseConfig objectClass. Normally the config
engine generates the "{x}" index in the RDN automatically, so it
can be omitted when initially loading these entries.
-The special frontend database is always numbered "{-1}" and the config
+The special frontend database is always numbered "{\-1}" and the config
database is always numbered "{0}".
.SH GLOBAL DATABASE OPTIONS
@@ -1615,7 +1615,7 @@ attribute.
.B [sizelimit=<limit>]
.B [timelimit=<limit>]
.B [schemachecking=on|off]
-.B [network-timeout=<seconds>]
+.B [network\-timeout=<seconds>]
.B [timeout=<seconds>]
.B [bindmethod=simple|sasl]
.B [binddn=<dn>]
@@ -1720,7 +1720,7 @@ consumer site by turning on the
parameter. The default is off.
The
-.B network-timeout
+.B network\-timeout
parameter sets how long the consumer will wait to establish a
network connection to the provider. Once a connection is
established, the
@@ -1755,7 +1755,7 @@ The
.B authzid
parameter may be used to specify an authorization identity.
Specific security properties (as with the
-.B sasl-secprops
+.B sasl\-secprops
keyword above) for a SASL bind can be set with the
.B secprops
option. A non default SASL realm can be set with the
@@ -1786,7 +1786,7 @@ and
parameters must be set appropriately for the log that will be used. The
.B syncdata
parameter must be set to either "accesslog" if the log conforms to the
-.BR slapo-accesslog (5)
+.BR slapo\-accesslog (5)
log format, or "changelog" if the log conforms
to the obsolete \fIchangelog\fP format. If the
.B syncdata
@@ -1846,7 +1846,7 @@ dn: cn=config
objectClass: olcGlobal
cn: config
olcPidFile: LOCALSTATEDIR/run/slapd.pid
-olcAttributeOptions: x-hidden lang-
+olcAttributeOptions: x\-hidden lang\-
dn: cn=schema,cn=config
objectClass: olcSchemaConfig
@@ -1859,9 +1859,9 @@ objectClass: olcDatabaseConfig
objectClass: olcFrontendConfig
olcDatabase: frontend
# Subtypes of "name" (e.g. "cn" and "ou") with the
-# option ";x-hidden" can be searched for/compared,
+# option ";x\-hidden" can be searched for/compared,
# but are not shown. See \fBslapd.access\fP(5).
-olcAccess: to attrs=name;x-hidden by * =cs
+olcAccess: to attrs=name;x\-hidden by * =cs
# Protect passwords. See \fBslapd.access\fP(5).
olcAccess: to attrs=userPassword by * auth
# Read access to other attributes and entries.
@@ -1879,11 +1879,11 @@ dn: olcDatabase=bdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcBdbConfig
olcDatabase: bdb
-olcSuffix: "dc=our-domain,dc=com"
+olcSuffix: "dc=our\-domain,dc=com"
# The database directory MUST exist prior to
# running slapd AND should only be accessible
# by the slapd/tools. Mode 0700 recommended.
-olcDbDirectory: LOCALSTATEDIR/openldap-data
+olcDbDirectory: LOCALSTATEDIR/openldap\-data
# Indices to maintain
olcDbIndex: objectClass eq
olcDbIndex: cn,sn,mail pres,eq,approx,sub
@@ -1895,7 +1895,7 @@ objectClass: olcDatabaseConfig
objectClass: olcLdapConfig
olcDatabase: ldap
olcSuffix: ""
-olcDbUri: ldap://ldap.some-server.com/
+olcDbUri: ldap://ldap.some\-server.com/
.fi
.RE
.LP
@@ -1904,7 +1904,7 @@ ETCDIR/slapd.d directory has been created, this command will initialize
the configuration:
.RS
.nf
-slapadd -F ETCDIR/slapd.d -n 0 -l config.ldif
+slapadd \-F ETCDIR/slapd.d \-n 0 \-l config.ldif
.fi
.RE
@@ -1916,7 +1916,7 @@ Alternatively, an existing slapd.conf file can be converted to the new
format using slapd or any of the slap tools:
.RS
.nf
-slaptest -f ETCDIR/slapd.conf -F ETCDIR/slapd.d
+slaptest \-f ETCDIR/slapd.conf \-F ETCDIR/slapd.d
.fi
.RE
diff --git a/doc/man/man5/slapd-dnssrv.5 b/doc/man/man5/slapd-dnssrv.5
index ea0118538ff2fb9c66c7bfd100b078833c57351b..03920180dd3cb658edb0fad395946c9377eb83a5 100644
--- a/doc/man/man5/slapd-dnssrv.5
+++ b/doc/man/man5/slapd-dnssrv.5
@@ -3,7 +3,7 @@
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.\" $OpenLDAP$
.SH NAME
-slapd-dnssrv \- DNS SRV referral backend to slapd
+slapd\-dnssrv \- DNS SRV referral backend to slapd
.SH SYNOPSIS
ETCDIR/slapd.conf
.SH DESCRIPTION
diff --git a/doc/man/man5/slapd-ldap.5 b/doc/man/man5/slapd-ldap.5
index 4938206730b648315873b6a7fe5dc1771997f941..f81e4c1ff09477815b0e45a3c2d6ba1eaaf1231f 100644
--- a/doc/man/man5/slapd-ldap.5
+++ b/doc/man/man5/slapd-ldap.5
@@ -3,7 +3,7 @@
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.\" $OpenLDAP$
.SH NAME
-slapd-ldap \- LDAP backend to slapd
+slapd\-ldap \- LDAP backend to slapd
.SH SYNOPSIS
ETCDIR/slapd.conf
.SH DESCRIPTION
@@ -28,7 +28,7 @@ in some modified form.
For this purpose, the proxy binds to the remote server with some
administrative identity, and, if required, authorizes the asserted identity.
See the
-.IR idassert- *
+.IR idassert\- *
rules below.
The administrative identity of the proxy, on the remote server, must be
allowed to authorize by means of appropriate
@@ -53,7 +53,7 @@ each connection requires a new thread; as a consequence,
.BR slapd (8)
must be compiled with thread support, and the \fBthreads\fP parameter
may need some tuning; in those cases, one may consider using
-.BR slapd-relay (5)
+.BR slapd\-relay (5)
instead, which performs the relayed operation
internally and thus reuses the same connection.
@@ -94,7 +94,7 @@ LDAP server to use. Multiple URIs can be set in a single
argument, resulting in the underlying library automatically
call the first server of the list that responds, e.g.
-\fBuri "ldap://host/ ldap://backup-host/"\fP
+\fBuri "ldap://host/ ldap://backup\-host/"\fP
The URI list is space- or comma-separated.
Whenever the server that responds is not the first one in the list,
@@ -103,7 +103,7 @@ so that it will be first contacted the next time a connection
needs be created.
.HP
.hy 0
-.B acl-bind
+.B acl\-bind
.B bindmethod=simple|sasl [binddn=<simple DN>] [credentials=<simple password>]
.B [saslmech=<SASL mech>] [secprops=<properties>] [realm=<realm>]
.B [authcId=<authentication ID>] [authzId=<authorization ID>]
@@ -131,8 +131,8 @@ The default is to use
.BR simple
bind, with empty \fIbinddn\fP and \fIcredentials\fP,
which means that the related operations will be performed anonymously.
-If not set, and if \fBidassert-bind\fP is defined, this latter identity
-is used instead. See \fBidassert-bind\fP for details.
+If not set, and if \fBidassert\-bind\fP is defined, this latter identity
+is used instead. See \fBidassert\-bind\fP for details.
The connection between the proxy database and the remote server
associated to this identity is cached regardless of the lifespan
@@ -141,13 +141,13 @@ of the client-proxy connection that first established it.
.B This identity is by no means implicitly used by the proxy
.B when the client connects anonymously.
The
-.B idassert-bind
+.B idassert\-bind
feature, instead, in some cases can be crafted to implement that behavior,
which is \fIintrinsically unsafe and should be used with extreme care\fP.
This directive obsoletes
-.BR acl-authcDN ,
+.BR acl\-authcDN ,
and
-.BR acl-passwd .
+.BR acl\-passwd .
The TLS settings default to the same as the main slapd TLS settings,
except for
@@ -156,7 +156,7 @@ which defaults to "demand".
.RE
.TP
-.B cancel {ABANDON|ignore|exop[-discover]}
+.B cancel {ABANDON|ignore|exop[\-discover]}
Defines how to handle operation cancellation.
By default,
.B abandon
@@ -166,9 +166,9 @@ If set to
no action is taken and any further response is ignored; this may result
in further response messages to be queued for that connection, so it is
recommended that long lasting connections are timed out either by
-.I idle-timeout
+.I idle\-timeout
or
-.IR conn-ttl ,
+.IR conn\-ttl ,
so that resources eventually get released.
If set to
.BR exop ,
@@ -180,24 +180,24 @@ of the current operation; the
operation waits for remote server response, so its use
may not be recommended.
If set to
-.BR exop-discover ,
+.BR exop\-discover ,
support of the
.I cancel
extended operation is detected by reading the remote server's root DSE.
.TP
-.B chase-referrals {YES|no}
+.B chase\-referrals {YES|no}
enable/disable automatic referral chasing, which is delegated to the
underlying libldap, with rebinding eventually performed if the
-\fBrebind-as-user\fP directive is used. The default is to chase referrals.
+\fBrebind\-as\-user\fP directive is used. The default is to chase referrals.
.TP
-.B conn-ttl <time>
+.B conn\-ttl <time>
This directive causes a cached connection to be dropped an recreated
after a given ttl, regardless of being idle or not.
.TP
-.B idassert-authzFrom <authz-regexp>
+.B idassert\-authzFrom <authz-regexp>
if defined, selects what
.I local
identities are authorized to exploit the identity assertion feature.
@@ -209,12 +209,12 @@ attribute.
See
.BR slapd.conf (5),
section related to
-.BR authz-policy ,
+.BR authz\-policy ,
for details on the syntax of this field.
.HP
.hy 0
-.B idassert-bind
+.B idassert\-bind
.B bindmethod=none|simple|sasl [binddn=<simple DN>] [credentials=<simple password>]
.B [saslmech=<SASL mech>] [secprops=<properties>] [realm=<realm>]
.B [authcId=<authentication ID>] [authzId=<authorization ID>]
@@ -241,7 +241,7 @@ This requires to have
privileges on a wide set of DNs, e.g.
.BR authzTo=dn.subtree:"" ,
and the remote server to have
-.B authz-policy
+.B authz\-policy
set to
.B to
or
@@ -310,7 +310,7 @@ as the
or a SASL bind as the
.IR authcID ,
unless restricted by
-.BR idassert-authzFrom
+.BR idassert\-authzFrom
rules (see below), in which case the operation will fail;
eventually, it will assert some other identity according to
.BR <mode> .
@@ -341,7 +341,7 @@ useful when the asserted identities do not exist on the remote server.
Flags can be
-\fBoverride,[non-]prescriptive\fP
+\fBoverride,[non\-]prescriptive\fP
When the
.B override
@@ -356,13 +356,13 @@ When the
flag is used (the default), operations fail with
\fIinappropriateAuthentication\fP
for those identities whose assertion is not allowed by the
-.B idassert-authzFrom
+.B idassert\-authzFrom
patterns.
If the
-.B non-prescriptive
+.B non\-prescriptive
flag is used, operations are performed anonymously for those identities
whose assertion is not allowed by the
-.B idassert-authzFrom
+.B idassert\-authzFrom
patterns.
The TLS settings default to the same as the main slapd TLS settings,
@@ -371,31 +371,31 @@ except for
which defaults to "demand".
The identity associated to this directive is also used for privileged
-operations whenever \fBidassert-bind\fP is defined and \fBacl-bind\fP
-is not. See \fBacl-bind\fP for details.
+operations whenever \fBidassert\-bind\fP is defined and \fBacl\-bind\fP
+is not. See \fBacl\-bind\fP for details.
This directive obsoletes
-.BR idassert-authcDN ,
-.BR idassert-passwd ,
-.BR idassert-mode ,
+.BR idassert\-authcDN ,
+.BR idassert\-passwd ,
+.BR idassert\-mode ,
and
-.BR idassert-method .
+.BR idassert\-method .
.RE
.TP
-.B idle-timeout <time>
+.B idle\-timeout <time>
This directive causes a cached connection to be dropped an recreated
after it has been idle for the specified time.
.TP
-.B network-timeout <time>
+.B network\-timeout <time>
Sets the network timeout value after which
.BR poll (2)/ select (2)
following a
.BR connect (2)
returns in case of no activity.
The value is in seconds, and it can be specified as for
-.BR idle-timeout .
+.BR idle\-timeout .
.TP
.B norefs <NO|yes>
@@ -452,11 +452,11 @@ The process can be restarted by resetting the \fIolcDbQuarantine\fP
attribute of the database entry in the configuration backend.
.TP
-.B rebind-as-user {NO|yes}
+.B rebind\-as\-user {NO|yes}
If this option is given, the client's bind credentials are remembered
for rebinds, when trying to re-establish a broken connection,
or when chasing a referral, if
-.B chase-referrals
+.B chase\-referrals
is set to
.IR yes .
@@ -472,7 +472,7 @@ This directive is incompatible with setting \fIprotocol\-version\fP to 2.
Discards current cached connection when the client rebinds.
.TP
-.B t-f-support {NO|yes|discover}
+.B t\-f\-support {NO|yes|discover}
enable if the remote server supports absolute filters
(see \fIdraft-zeilenga-ldap-t-f\fP for details).
If set to
@@ -510,13 +510,13 @@ is destroyed, according to RFC4511.
Note: in some cases, this backend may issue binds prior
to other operations (e.g. to bind anonymously or with some prescribed
-identity according to the \fBidassert-bind\fP directive).
+identity according to the \fBidassert\-bind\fP directive).
In this case, the timeout of the operation that resulted in the bind
is used.
.HP
.hy 0
-.B tls {[try-]start|[try-]propagate|ldaps}
+.B tls {[try\-]start|[try\-]propagate|ldaps}
.B [tls_cert=<file>]
.B [tls_key=<file>]
.B [tls_cacert=<file>]
@@ -531,7 +531,7 @@ scheme is \fBldaps://\fP. In that case this keyword may only be
set to "ldaps" and the StartTLS operation will not be used.
\fBpropagate\fP issues the StartTLS operation only if the original
connection did.
-The \fBtry-\fP prefix instructs the proxy to continue operations
+The \fBtry\-\fP prefix instructs the proxy to continue operations
if the StartTLS operation failed; its use is \fBnot\fP recommended.
The TLS settings default to the same as the main slapd TLS settings,
@@ -541,7 +541,7 @@ which defaults to "demand".
.RE
.TP
-.B use-temporary-conn {NO|yes}
+.B use\-temporary\-conn {NO|yes}
when set to
.BR yes ,
create a temporary connection whenever competing with other threads
@@ -555,7 +555,7 @@ deprecated and should be no longer used, as they might disappear
in future releases.
.TP
-.B acl-authcDN "<administrative DN for access control purposes>"
+.B acl\-authcDN "<administrative DN for access control purposes>"
Formerly known as the
.BR binddn ,
it is the DN that is used to query the target server for acl checking;
@@ -564,70 +564,70 @@ on the proxy for acl checking.
There is no risk of giving away such values; they are only used to
check permissions.
-.B The acl-authcDN identity is by no means implicitly used by the proxy
+.B The acl\-authcDN identity is by no means implicitly used by the proxy
.B when the client connects anonymously.
The
-.B idassert-*
+.B idassert\-*
feature can be used (at own risk) for that purpose instead.
This directive is obsoleted by the
.B binddn
arg of
-.B acl-bind
+.B acl\-bind
when \fIbindmethod\fP=\fBsimple\fP, and will be dismissed in the future.
.TP
-.B acl-passwd <password>
+.B acl\-passwd <password>
Formerly known as the
.BR bindpw ,
it is the password used with the above
-.B acl-authcDN
+.B acl\-authcDN
directive.
This directive is obsoleted by the
.B credentials
arg of
-.B acl-bind
+.B acl\-bind
when \fIbindmethod\fP=\fBsimple\fP, and will be dismissed in the future.
.TP
-.B idassert-authcDN "<administrative DN for proxyAuthz purposes>"
+.B idassert\-authcDN "<administrative DN for proxyAuthz purposes>"
DN which is used to propagate the client's identity to the target
by means of the proxyAuthz control when the client does not
belong to the DIT fragment that is being proxied by back-ldap.
This directive is obsoleted by the
.B binddn
arg of
-.BR idassert-bind
+.BR idassert\-bind
when \fIbindmethod\fP=\fBsimple\fP, and will be dismissed in the future.
.TP
-.B idassert-passwd <password>
+.B idassert\-passwd <password>
Password used with the
-.B idassert-authcDN
+.B idassert\-authcDN
above.
This directive is obsoleted by the
.B crendentials
arg of
-.B idassert-bind
+.B idassert\-bind
when \fIbindmethod\fP=\fBsimple\fP, and will be dismissed in the future.
.TP
-.B idassert-mode <mode> [<flags>]
+.B idassert\-mode <mode> [<flags>]
defines what type of
.I identity assertion
is used.
This directive is obsoleted by the
.B mode
arg of
-.BR idassert-bind ,
+.BR idassert\-bind ,
and will be dismissed in the future.
.TP
-.B idassert-method <method> [<saslargs>]
+.B idassert\-method <method> [<saslargs>]
This directive is obsoleted by the
.B bindmethod
arg of
-.BR idassert-bind ,
+.BR idassert\-bind ,
and will be dismissed in the future.
.TP
@@ -652,10 +652,10 @@ overlay. Essentially, add a statement
.B overlay rwm
first, and prefix all rewrite/map statements with
-.B rwm-
+.B rwm\-
to obtain the original behavior.
See
-.BR slapo-rwm (5)
+.BR slapo\-rwm (5)
for details.
.\" However, to ease update from existing configurations, back-ldap still
.\" recognizes them and automatically instantiates the
diff --git a/doc/man/man5/slapd-ldbm.5 b/doc/man/man5/slapd-ldbm.5
index 62d14bfa738c30d41df6907e4bc17c8624c61d17..519a43f69903de7c58483e17c948aaf6ae4a60a2 100644
--- a/doc/man/man5/slapd-ldbm.5
+++ b/doc/man/man5/slapd-ldbm.5
@@ -3,7 +3,7 @@
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.\" $OpenLDAP$
.SH NAME
-slapd-ldbm \- Discontinued LDBM backend to slapd
+slapd\-ldbm \- Discontinued LDBM backend to slapd
.SH SYNOPSIS
ETCDIR/slapd.conf
.SH DESCRIPTION
@@ -14,7 +14,7 @@ It has been superseded by the more robust BDB and HDB backends.
.SH SEE ALSO
.BR slapd (8),
-.BR slapd-bdb (5),
+.BR slapd\-bdb (5),
.BR slapd.backends (5).
.SH ACKNOWLEDGEMENTS
.so ../Project
diff --git a/doc/man/man5/slapd-ldif.5 b/doc/man/man5/slapd-ldif.5
index 2a5be8ad32b4e5894873bf0c91c46d37a2f2b8f5..9f6cf7148dc1eb4fef9916067c7d37ef068e0052 100644
--- a/doc/man/man5/slapd-ldif.5
+++ b/doc/man/man5/slapd-ldif.5
@@ -3,7 +3,7 @@
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.\" $OpenLDAP$
.SH NAME
-slapd-ldif \- LDIF backend to slapd
+slapd\-ldif \- LDIF backend to slapd
.SH SYNOPSIS
ETCDIR/slapd.conf
.SH DESCRIPTION
diff --git a/doc/man/man5/slapd-meta.5 b/doc/man/man5/slapd-meta.5
index e7d137dc9ac6429b7f511261e5556600bd61873c..2c0bc2c964fe901bb6c481e9f851f01fb95b23d7 100644
--- a/doc/man/man5/slapd-meta.5
+++ b/doc/man/man5/slapd-meta.5
@@ -8,7 +8,7 @@
.\" and maybe manual pages for librewrite.
.\"
.SH NAME
-slapd-meta \- metadirectory backend to slapd
+slapd\-meta \- metadirectory backend to slapd
.SH SYNOPSIS
ETCDIR/slapd.conf
.SH DESCRIPTION
@@ -52,13 +52,13 @@ Note: When looping back to the same instance of \fBslapd\fP(8),
each connection requires a new thread; as a consequence, \fBslapd\fP(8)
must be compiled with thread support, and the \fBthreads\fP parameter
may need some tuning; in those cases, unless the multiple target feature
-is required, one may consider using \fBslapd-relay\fP(5) instead,
+is required, one may consider using \fBslapd\-relay\fP(5) instead,
which performs the relayed operation internally and thus reuses
the same connection.
.SH EXAMPLES
There are examples in various places in this document, as well as in the
-slapd/back-meta/data/ directory in the OpenLDAP source tree.
+slapd/back\-meta/data/ directory in the OpenLDAP source tree.
.SH CONFIGURATION
These
.B slapd.conf
@@ -96,12 +96,12 @@ to all backends.
They are:
.TP
-.B conn-ttl <time>
+.B conn\-ttl <time>
This directive causes a cached connection to be dropped an recreated
after a given ttl, regardless of being idle or not.
.TP
-.B default-target none
+.B default\-target none
This directive forces the backend to reject all those operations
that must resolve to a single target in case none or multiple
targets are selected.
@@ -113,14 +113,14 @@ This directive can also be used when processing targets to mark a
specific target as default.
.TP
-.B dncache-ttl {DISABLED|forever|<ttl>}
+.B dncache\-ttl {DISABLED|forever|<ttl>}
This directive sets the time-to-live of the DN cache.
This caches the target that holds a given DN to speed up target
selection in case multiple targets would result from an uncached
search; forever means cache never expires; disabled means no DN
caching; otherwise a valid ( > 0 ) ttl is required, in the format
illustrated for the
-.B idle-timeout
+.B idle\-timeout
directive.
.TP
@@ -170,7 +170,7 @@ If set before any target specification, it affects all targets, unless
overridden by any per-target directive.
.TP
-.B pseudoroot-bind-defer {YES|no}
+.B pseudoroot\-bind\-defer {YES|no}
This directive, when set to
.BR yes ,
causes the authentication to the remote servers with the pseudo-root
@@ -196,11 +196,11 @@ This directive must appear before any target specification;
it affects all targets with the same pattern.
.TP
-.B rebind-as-user {NO|yes}
+.B rebind\-as\-user {NO|yes}
If this option is given, the client's bind credentials are remembered
for rebinds, when trying to re-establish a broken connection,
or when chasing a referral, if
-.B chase-referrals
+.B chase\-referrals
is set to
.IR yes .
@@ -218,7 +218,7 @@ overridden by any per-target directive.
Discards current cached connection when the client rebinds.
.TP
-.B use-temporary-conn {NO|yes}
+.B use\-temporary\-conn {NO|yes}
when set to
.BR yes ,
create a temporary connection whenever competing with other threads
@@ -271,54 +271,54 @@ the last URI that succeeded.
.RE
.TP
-.B acl-authcDN "<administrative DN for access control purposes>"
+.B acl\-authcDN "<administrative DN for access control purposes>"
DN which is used to query the target server for acl checking,
as in the LDAP backend; it is supposed to have read access
on the target server to attributes used on the proxy for acl checking.
There is no risk of giving away such values; they are only used to
check permissions.
-.B The acl-authcDN identity is by no means implicitly used by the proxy
+.B The acl\-authcDN identity is by no means implicitly used by the proxy
.B when the client connects anonymously.
.TP
-.B acl-passwd <password>
+.B acl\-passwd <password>
Password used with the
.B
-acl-authcDN
+acl\-authcDN
above.
.TP
-.B bind-timeout <microseconds>
+.B bind\-timeout <microseconds>
This directive defines the timeout, in microseconds, used when polling
for response after an asynchronous bind connection. The initial call
to ldap_result(3) is performed with a trade-off timeout of 100000 us;
if that results in a timeout exceeded, subsequent calls use the value
provided with
-.BR bind-timeout .
+.BR bind\-timeout .
The default value is used also for subsequent calls if
-.B bind-timeout
+.B bind\-timeout
is not specified.
If set before any target specification, it affects all targets, unless
overridden by any per-target directive.
.TP
-.B chase-referrals {YES|no}
+.B chase\-referrals {YES|no}
enable/disable automatic referral chasing, which is delegated to the
underlying libldap, with rebinding eventually performed if the
-\fBrebind-as-user\fP directive is used. The default is to chase referrals.
+\fBrebind\-as\-user\fP directive is used. The default is to chase referrals.
If set before any target specification, it affects all targets, unless
overridden by any per-target directive.
.TP
-.B default-target [<target>]
-The "default-target" directive can also be used during target specification.
+.B default\-target [<target>]
+The "default\-target" directive can also be used during target specification.
With no arguments it marks the current target as the default.
The optional number marks target <target> as the default one, starting
from 1.
Target <target> must be defined.
.TP
-.B idassert-authzFrom <authz-regexp>
+.B idassert\-authzFrom <authz-regexp>
if defined, selects what
.I local
identities are authorized to exploit the identity assertion feature.
@@ -330,12 +330,12 @@ attribute.
See
.BR slapd.conf (5),
section related to
-.BR authz-policy ,
+.BR authz\-policy ,
for details on the syntax of this field.
.HP
.hy 0
-.B idassert-bind
+.B idassert\-bind
.B bindmethod=none|simple|sasl [binddn=<simple DN>] [credentials=<simple password>]
.B [saslmech=<SASL mech>] [secprops=<properties>] [realm=<realm>]
.B [authcId=<authentication ID>] [authzId=<authorization ID>]
@@ -362,7 +362,7 @@ This requires to have
privileges on a wide set of DNs, e.g.
.BR authzTo=dn.subtree:"" ,
and the remote server to have
-.B authz-policy
+.B authz\-policy
set to
.B to
or
@@ -431,7 +431,7 @@ as the
or a SASL bind as the
.IR authcID ,
unless restricted by
-.BR idassert-authzFrom
+.BR idassert\-authzFrom
rules (see below), in which case the operation will fail;
eventually, it will assert some other identity according to
.BR <mode> .
@@ -462,7 +462,7 @@ useful when the asserted identities do not exist on the remote server.
Flags can be
-\fBoverride,[non-]prescriptive\fP
+\fBoverride,[non\-]prescriptive\fP
When the
.B override
@@ -477,13 +477,13 @@ When the
flag is used (the default), operations fail with
\fIinappropriateAuthentication\fP
for those identities whose assertion is not allowed by the
-.B idassert-authzFrom
+.B idassert\-authzFrom
patterns.
If the
-.B non-prescriptive
+.B non\-prescriptive
flag is used, operations are performed anonymously for those identities
whose assertion is not allowed by the
-.B idassert-authzFrom
+.B idassert\-authzFrom
patterns.
The TLS settings default to the same as the main slapd TLS settings,
@@ -492,12 +492,12 @@ except for
which defaults to "demand".
The identity associated to this directive is also used for privileged
-operations whenever \fBidassert-bind\fP is defined and \fBacl-bind\fP
-is not. See \fBacl-bind\fP for details.
+operations whenever \fBidassert\-bind\fP is defined and \fBacl\-bind\fP
+is not. See \fBacl\-bind\fP for details.
.RE
.TP
-.B idle-timeout <time>
+.B idle\-timeout <time>
This directive causes a cached connection to be dropped an recreated
after it has been idle for the specified time.
The value can be specified as
@@ -513,17 +513,17 @@ overridden by any per-target directive.
.B map "{attribute|objectclass} [<local name>|*] {<foreign name>|*}"
This maps object classes and attributes as in the LDAP backend.
See
-.BR slapd-ldap (5).
+.BR slapd\-ldap (5).
.TP
-.B network-timeout <time>
+.B network\-timeout <time>
Sets the network timeout value after which
.BR poll (2)/ select (2)
following a
.BR connect (2)
returns in case of no activity.
The value is in seconds, and it can be specified as for
-.BR idle-timeout .
+.BR idle\-timeout .
If set before any target specification, it affects all targets, unless
overridden by any per-target directive.
@@ -558,12 +558,12 @@ using the pseudorootdn/pseudorootpw directives is inherently unsafe.
The rewrite options are described in the "REWRITING" section.
.TP
-.B subtree-exclude "<DN>"
+.B subtree\-exclude "<DN>"
This directive instructs back-meta to ignore the current target
for operations whose requestDN is subordinate to
.BR DN .
There may be multiple occurrences of the
-.B subtree-exclude
+.B subtree\-exclude
directive for each of the targets.
.TP
@@ -580,7 +580,7 @@ massaging. See the "REWRITING" section for a detailed list
of the rewrite rules it implies.
.TP
-.B t-f-support {NO|yes|discover}
+.B t\-f\-support {NO|yes|discover}
enable if the remote server supports absolute filters
(see \fIdraft-zeilenga-ldap-t-f\fP for details).
If set to
@@ -621,12 +621,12 @@ In case the timeout is exceeded during a bind operation, the connection
is destroyed, according to RFC4511.
.TP
-.B tls {[try-]start|[try-]propagate}
+.B tls {[try\-]start|[try\-]propagate}
execute the StartTLS extended operation when the connection is initialized;
only works if the URI directive protocol scheme is not \fBldaps://\fP.
\fBpropagate\fP issues the StartTLS operation only if the original
connection did.
-The \fBtry-\fP prefix instructs the proxy to continue operations
+The \fBtry\-\fP prefix instructs the proxy to continue operations
if the StartTLS operation failed; its use is highly deprecated.
If set before any target specification, it affects all targets, unless
overridden by any per-target directive.
@@ -957,7 +957,7 @@ Each basic server operation is associated to a rewrite context;
they are divided in two main groups: client \-> server and
server \-> client rewriting.
.LP
-client -> server:
+client \-> server:
.LP
.RS
.nf
@@ -980,7 +980,7 @@ exopPasswdDN password modify extended operation DN if proxy
.fi
.RE
.LP
-server -> client:
+server \-> client:
.LP
.RS
.nf
@@ -1199,7 +1199,7 @@ operation is honored, which is performed by the frontend.
The proxy cache overlay
allows caching of LDAP search requests (queries) in a local database.
See
-.BR slapo-pcache (5)
+.BR slapo\-pcache (5)
for details.
.SH FILES
.TP
diff --git a/doc/man/man5/slapd-monitor.5 b/doc/man/man5/slapd-monitor.5
index 05b20312483686ad863282920b532a76dbd4f042..8b85610935fab4d9329b09ca1e638f1f793770f7 100644
--- a/doc/man/man5/slapd-monitor.5
+++ b/doc/man/man5/slapd-monitor.5
@@ -3,7 +3,7 @@
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.\" $OpenLDAP$
.SH NAME
-slapd-monitor \- Monitor backend to slapd
+slapd\-monitor \- Monitor backend to slapd
.SH SYNOPSIS
ETCDIR/slapd.conf
.SH DESCRIPTION
@@ -72,7 +72,7 @@ The usage is:
.LP
.RS
.nf
-configure --enable-monitor
+configure \-\-enable\-monitor
.fi
.RE
.TP
diff --git a/doc/man/man5/slapd-ndb.5 b/doc/man/man5/slapd-ndb.5
index e3d60823af2613c602833d8249c3d5c79bf9f170..8684aaea179c9af4b82597476e854ad92e5db3a8 100644
--- a/doc/man/man5/slapd-ndb.5
+++ b/doc/man/man5/slapd-ndb.5
@@ -3,7 +3,7 @@
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.\" $OpenLDAP$
.SH NAME
-slapd-ndb \- MySQL NDB backend to slapd
+slapd\-ndb \- MySQL NDB backend to slapd
.SH SYNOPSIS
.B ETCDIR/slapd.conf
.SH DESCRIPTION
diff --git a/doc/man/man5/slapd-null.5 b/doc/man/man5/slapd-null.5
index 3e92b4055332c441c268083846a6801168fa0a76..0489190681f53bde72ef0dbdafeefdb3d066bf7b 100644
--- a/doc/man/man5/slapd-null.5
+++ b/doc/man/man5/slapd-null.5
@@ -3,7 +3,7 @@
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.\" $OpenLDAP$
.SH NAME
-slapd-null \- Null backend to slapd
+slapd\-null \- Null backend to slapd
.SH SYNOPSIS
ETCDIR/slapd.conf
.SH DESCRIPTION
diff --git a/doc/man/man5/slapd-passwd.5 b/doc/man/man5/slapd-passwd.5
index c5ac0e9a07f159f8e0f5056bcf22642eaf973b7f..198903b3543638cceaa04118afcde958563afe14 100644
--- a/doc/man/man5/slapd-passwd.5
+++ b/doc/man/man5/slapd-passwd.5
@@ -3,7 +3,7 @@
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.\" $OpenLDAP$
.SH NAME
-slapd-passwd \- /etc/passwd backend to slapd
+slapd\-passwd \- /etc/passwd backend to slapd
.SH SYNOPSIS
ETCDIR/slapd.conf
.SH DESCRIPTION
diff --git a/doc/man/man5/slapd-perl.5 b/doc/man/man5/slapd-perl.5
index 0e3afc1f1a6ea495356003658476151df8e68e4e..7663e965006ab66275396101da34aa3be533e885 100644
--- a/doc/man/man5/slapd-perl.5
+++ b/doc/man/man5/slapd-perl.5
@@ -1,7 +1,7 @@
.TH SLAPD-PERL 5 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
.SH NAME
-slapd-perl \- Perl backend to slapd
+slapd\-perl \- Perl backend to slapd
.SH SYNOPSIS
ETCDIR/slapd.conf
.SH DESCRIPTION
@@ -160,7 +160,7 @@ Search results are candidates that need to be filtered (with the
filter in the search request), rather than search results to be
returned directly to the client.
.SH EXAMPLE
-There is an example Perl module `SampleLDAP' in the slapd/back-perl/
+There is an example Perl module `SampleLDAP' in the slapd/back\-perl/
directory in the OpenLDAP source tree.
.SH ACCESS CONTROL
The
diff --git a/doc/man/man5/slapd-relay.5 b/doc/man/man5/slapd-relay.5
index e74a1fcf29d3a905218f5f6de1ba5c00987a9065..666d10500ecf709f0aa71f3a761bdcd590b55dc0 100644
--- a/doc/man/man5/slapd-relay.5
+++ b/doc/man/man5/slapd-relay.5
@@ -1,9 +1,9 @@
.TH SLAPD-RELAY 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 2004-2009 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.\" $OpenLDAP$
.SH NAME
-slapd-relay \- relay backend to slapd
+slapd\-relay \- relay backend to slapd
.SH SYNOPSIS
ETCDIR/slapd.conf
.SH DESCRIPTION
@@ -15,7 +15,7 @@ running in the same
instance into a virtual naming context, with attributeType
and objectClass manipulation, if required.
It requires the
-.BR slapo-rwm (5)
+.BR slapo\-rwm (5)
overlay.
.LP
This backend and the above mentioned overlay are experimental.
@@ -47,11 +47,11 @@ The
database does not automatically rewrite the naming context
of requests and responses.
For this purpose, the
-.BR slapo-rwm (5)
+.BR slapo\-rwm (5)
overlay must be explicitly instantiated, and configured
as appropriate.
Usually, the
-.B rwm-suffixmassage
+.B rwm\-suffixmassage
directive suffices if only naming context rewriting is required.
.SH ACCESS RULES
@@ -61,7 +61,7 @@ After massaging from the virtual to the real naming context, the
frontend sees the operation as performed by the identity in the
real naming context.
Moreover, since
-.B back-relay
+.B back\-relay
bypasses the real database frontend operations by short-circuiting
operations through the internal backend API, the original database
access rules do not apply but in selected cases, i.e. when the
@@ -103,7 +103,7 @@ that refers to a single database, use
suffix "dc=virtual,dc=naming,dc=context"
relay "dc=real,dc=naming,dc=context"
overlay rwm
- rwm-suffixmassage "dc=real,dc=naming,dc=context"
+ rwm\-suffixmassage "dc=real,dc=naming,dc=context"
.fi
.LP
To implement a plain virtual naming context mapping
@@ -113,7 +113,7 @@ that looks up the real naming context for each operation, use
database relay
suffix "dc=virtual,dc=naming,dc=context"
overlay rwm
- rwm-suffixmassage "dc=real,dc=naming,dc=context"
+ rwm\-suffixmassage "dc=real,dc=naming,dc=context"
.fi
.LP
This is useful, for instance, to relay different databases that
@@ -129,21 +129,21 @@ back from the real to the virtual naming context, use
suffix "dc=virtual,dc=naming,dc=context"
relay "dc=real,dc=naming,dc=context"
overlay rwm
- rwm-rewriteEngine on
- rwm-rewriteContext default
- rwm-rewriteRule "dc=virtual,dc=naming,dc=context"
+ rwm\-rewriteEngine on
+ rwm\-rewriteContext default
+ rwm\-rewriteRule "dc=virtual,dc=naming,dc=context"
"dc=real,dc=naming,dc=context" ":@"
- rwm-rewriteContext searchFilter
- rwm-rewriteContext searchEntryDN
- rwm-rewriteContext searchAttrDN
- rwm-rewriteContext matchedDN
+ rwm\-rewriteContext searchFilter
+ rwm\-rewriteContext searchEntryDN
+ rwm\-rewriteContext searchAttrDN
+ rwm\-rewriteContext matchedDN
.fi
.LP
Note that the
-.BR slapo-rwm (5)
+.BR slapo\-rwm (5)
overlay is instantiated, but the rewrite rules are written explicitly,
rather than automatically as with the
-.B rwm-suffixmassage
+.B rwm\-suffixmassage
statement, to map all the virtual to real naming context data flow,
but none of the real to virtual.
.LP
@@ -161,7 +161,7 @@ Access rules:
suffix "o=Example,c=US"
relay "dc=example,dc=com"
overlay rwm
- rwm-suffixmassage "dc=example,dc=com"
+ rwm\-suffixmassage "dc=example,dc=com"
# skip ...
access to dn.subtree="o=Example,c=US"
by dn.exact="cn=Supervisor,dc=example,dc=com" write
@@ -203,5 +203,5 @@ default slapd configuration file
.SH SEE ALSO
.BR slapd.conf (5),
.BR slapd\-config (5),
-.BR slapo-rwm (5),
+.BR slapo\-rwm (5),
.BR slapd (8).
diff --git a/doc/man/man5/slapd-shell.5 b/doc/man/man5/slapd-shell.5
index b350f6a5fdd1647b321e1a2837d86548a8c77f90..9f512c76d081b3557ef780377000d93df80b7df9 100644
--- a/doc/man/man5/slapd-shell.5
+++ b/doc/man/man5/slapd-shell.5
@@ -3,7 +3,7 @@
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.\" $OpenLDAP$
.SH NAME
-slapd-shell \- Shell backend to slapd
+slapd\-shell \- Shell backend to slapd
.SH SYNOPSIS
ETCDIR/slapd.conf
.SH DESCRIPTION
@@ -78,7 +78,7 @@ dn: <DN>
<repeat {
<"add"/"delete"/"replace">: <attribute>
<repeat { <attribute>: <value> }>
- -
+ \-
}>
.fi
.TP
@@ -219,14 +219,14 @@ pseudo_attribute of the searchBase;
access to the attributes and values used in the filter is not checked.
.SH EXAMPLE
-There is an example search script in the slapd/back-shell/ directory
+There is an example search script in the slapd/back\-shell/ directory
in the OpenLDAP source tree.
.SH LIMITATIONS
The shell backend does not support threaded environments.
When using the shell backend,
.BR slapd (8)
should be built
-.IR --without-threads .
+.IR \-\-without\-threads .
.SH FILES
.TP
ETCDIR/slapd.conf
diff --git a/doc/man/man5/slapd-sock.5 b/doc/man/man5/slapd-sock.5
index 91eb77f29ede0f4fedf43e803d6e903971f33afe..16895c63da27809fb4273be8367037a9463393c1 100644
--- a/doc/man/man5/slapd-sock.5
+++ b/doc/man/man5/slapd-sock.5
@@ -3,14 +3,14 @@
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.\" $OpenLDAP$
.SH NAME
-slapd-sock \- Socket backend to slapd
+slapd\-sock \- Socket backend to slapd
.SH SYNOPSIS
ETCDIR/slapd.conf
.SH DESCRIPTION
The Socket backend to
.BR slapd (8)
uses an external program to handle queries, similarly to
-.BR slapd-shell (5).
+.BR slapd\-shell (5).
However, in this case the external program listens on a Unix domain socket.
This makes it possible to have a pool of processes, which persist between
requests. This allows multithreaded operation and a higher level of
@@ -40,7 +40,7 @@ Gives the path to a Unix domain socket to which the commands will
be sent and from which replies are received.
.SH PROTOCOL
The protocol is essentially the same as
-.BR slapd-shell (5)
+.BR slapd\-shell (5)
with the addition of a newline to terminate the command parameters. The
following commands are sent:
.RS
@@ -96,7 +96,7 @@ dn: <DN>
<repeat {
<"add"/"delete"/"replace">: <attribute>
<repeat { <attribute>: <value> }>
- -
+ \-
}>
<blank line>
.fi
@@ -235,7 +235,7 @@ pseudo_attribute of the searchBase;
access to the attributes and values used in the filter is not checked.
.SH EXAMPLE
-There is an example script in the slapd/back-sock/ directory
+There is an example script in the slapd/back\-sock/ directory
in the OpenLDAP source tree.
.SH FILES
.TP
diff --git a/doc/man/man5/slapd-sql.5 b/doc/man/man5/slapd-sql.5
index 59e91ca809c81fe0057b0c852168a2b11c2d6daa..2444737a2bab2bbb0abbca58da4471fea366dbb3 100644
--- a/doc/man/man5/slapd-sql.5
+++ b/doc/man/man5/slapd-sql.5
@@ -1,7 +1,7 @@
.TH SLAPD-SQL 5 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
.SH NAME
-slapd-sql \- SQL backend to slapd
+slapd\-sql \- SQL backend to slapd
.SH SYNOPSIS
ETCDIR/slapd.conf
.SH DESCRIPTION
@@ -23,7 +23,7 @@ of BerkeleyDB (as the standard BDB backend does), though it can be
used as such with several limitations.
You can take a look at
.B http://www.openldap.org/faq/index.cgi?file=378
-(OpenLDAP FAQ-O-Matic/General LDAP FAQ/Directories vs. conventional
+(OpenLDAP FAQ\-O\-Matic/General LDAP FAQ/Directories vs. conventional
databases) to find out more on this point.
.LP
The idea (detailed below) is to use some meta-information to translate
@@ -110,7 +110,7 @@ These options specify SQL query templates for loading schema mapping
meta-information, adding and deleting entries to ldap_entries, etc.
All these and subtree_cond should have the given default values.
For the current value it is recommended to look at the sources,
-or in the log output when slapd starts with "-d 5" or greater.
+or in the log output when slapd starts with "\-d 5" or greater.
Note that the parameter number and order must not be changed.
.TP
@@ -340,7 +340,7 @@ The API of the layers is not frozen yet, so it is unpublished.
.LP
Almost everything mentioned later is illustrated in examples located
in the
-.B servers/slapd/back-sql/rdbms_depend/
+.B servers/slapd/back\-sql/rdbms_depend/
directory in the OpenLDAP source tree, and contains scripts for
generating sample database for Oracle, MS SQL Server, mySQL and more
(including PostgreSQL and IBM db2).
@@ -672,10 +672,10 @@ no matter if valid or not.
The proxy cache overlay
allows caching of LDAP search requests (queries) in a local database.
See
-.BR slapo-pcache (5)
+.BR slapo\-pcache (5)
for details.
.SH EXAMPLES
-There are example SQL modules in the slapd/back-sql/rdbms_depend/
+There are example SQL modules in the slapd/back\-sql/rdbms_depend/
directory in the OpenLDAP source tree.
.SH ACCESS CONTROL
The
diff --git a/doc/man/man5/slapd.access.5 b/doc/man/man5/slapd.access.5
index 34b2eede2629c668563c3e9cfe45f9ca4451f9c8..0844defd7aed0a1c412e6d183f142e03b1353e02 100644
--- a/doc/man/man5/slapd.access.5
+++ b/doc/man/man5/slapd.access.5
@@ -196,7 +196,7 @@ as detailed in
and/or
.BR re_format (7),
matching a normalized string representation of the entry's DN.
-The regex form of the pattern does not (yet) support UTF\-8.
+The regex form of the pattern does not (yet) support UTF-8.
.LP
The statement
.B filter=<ldapfilter>
@@ -722,7 +722,7 @@ Its component are defined as
.LP
.nf
<level> ::= none|disclose|auth|compare|search|read|{write|add|delete}|manage
- <priv> ::= {=|+|-}{0|d|x|c|s|r|{w|a|z}|m}+
+ <priv> ::= {=|+|\-}{0|d|x|c|s|r|{w|a|z}|m}+
.fi
.LP
The modifier
@@ -798,7 +798,7 @@ access privileges will be only those defined by the clause.
The
.B +
and
-.B -
+.B \-
signs add/remove access privileges to the existing ones.
The privileges are
.B m
@@ -927,7 +927,7 @@ Add content ACL checking has been configured on
the database (see the
.BR slapd.conf (5)
or
-.BR slapd-config (5)
+.BR slapd\-config (5)
manual page),
.B add (=a)
will be required on all of the attributes being added.
@@ -1067,12 +1067,12 @@ Access control to search entries is checked by the frontend,
so it is fully honored by all backends; for all other operations
and for the discovery phase of the search operation,
full ACL semantics is only supported by the primary backends, i.e.
-.BR back-bdb (5),
+.BR back\-bdb (5),
and
-.BR back-hdb (5).
+.BR back\-hdb (5).
Some other backend, like
-.BR back-sql (5),
+.BR back\-sql (5),
may fully support them; others may only support a portion of the
described semantics, or even differ in some aspects.
The relevant details are described in the backend-specific man pages.
@@ -1155,7 +1155,7 @@ ETCDIR/slapd.conf
default slapd configuration file
.SH SEE ALSO
.BR slapd (8),
-.BR slapd-* (5),
+.BR slapd\-* (5),
.BR slapacl (8),
.BR regex (7),
.BR re_format (7)
diff --git a/doc/man/man5/slapd.backends.5 b/doc/man/man5/slapd.backends.5
index d8eea02fc0c43d239bcef229c5acf901626e7d65..4462f100bcbf0acc9152520330221c43b209840f 100644
--- a/doc/man/man5/slapd.backends.5
+++ b/doc/man/man5/slapd.backends.5
@@ -16,7 +16,7 @@ slapd server.
Configuration options for each backend are documented separately in the
corresponding
-.BR slapd-<backend> (5)
+.BR slapd\-<backend> (5)
manual pages.
.TP
.B bdb
@@ -98,7 +98,7 @@ in the same server, based on the naming context of the request.
Its use requires the
.B rwm
overlay (see
-.BR slapo-rwm (5)
+.BR slapo\-rwm (5)
for details) to rewrite the naming context of the request.
It is primarily intended to implement virtual views on databases
that actually store data.
diff --git a/doc/man/man5/slapd.conf.5 b/doc/man/man5/slapd.conf.5
index ec888c9f4af4d01eeca8123cd5fc973fead950e8..3b23fd688d32c6b67ed0dc0021c43e222268d003 100644
--- a/doc/man/man5/slapd.conf.5
+++ b/doc/man/man5/slapd.conf.5
@@ -68,7 +68,7 @@ backslash character.
The specific configuration options available are discussed below in the
Global Configuration Options, General Backend Options, and General Database
Options. Backend-specific options are discussed in the
-.B slapd-<backend>(5)
+.B slapd\-<backend>(5)
manual pages. Refer to the "OpenLDAP Administrator's Guide" for more
details on the slapd configuration file.
.SH GLOBAL CONFIGURATION OPTIONS
@@ -114,26 +114,26 @@ server's command line (program name and options).
.TP
.B attributeoptions [option-name]...
Define tagging attribute options or option tag/range prefixes.
-Options must not end with `-', prefixes must end with `-'.
-The `lang-' prefix is predefined.
+Options must not end with `\-', prefixes must end with `\-'.
+The `lang\-' prefix is predefined.
If you use the
.B attributeoptions
-directive, `lang-' will no longer be defined and you must specify it
+directive, `lang\-' will no longer be defined and you must specify it
explicitly if you want it defined.
An attribute description with a tagging option is a subtype of that
attribute description without the option.
Except for that, options defined this way have no special semantics.
-Prefixes defined this way work like the `lang-' options:
+Prefixes defined this way work like the `lang\-' options:
They define a prefix for tagging options starting with the prefix.
-That is, if you define the prefix `x-foo-', you can use the option
-`x-foo-bar'.
+That is, if you define the prefix `x\-foo\-', you can use the option
+`x\-foo\-bar'.
Furthermore, in a search or compare, a prefix or range name (with
-a trailing `-') matches all options starting with that name, as well
-as the option with the range name sans the trailing `-'.
-That is, `x-foo-bar-' matches `x-foo-bar' and `x-foo-bar-baz'.
+a trailing `\-') matches all options starting with that name, as well
+as the option with the range name sans the trailing `\-'.
+That is, `x\-foo\-bar\-' matches `x\-foo\-bar' and `x\-foo\-bar\-baz'.
-RFC 4520 reserves options beginning with `x-' for private experiments.
+RFC 4520 reserves options beginning with `x\-' for private experiments.
Other options should be registered with IANA, see RFC 4520 section 3.5.
OpenLDAP also has the `binary' option built in, but this is a transfer
option, not a tagging option.
@@ -162,7 +162,7 @@ attribute syntax OID.
description.)
.RE
.TP
-.B authz-policy <policy>
+.B authz\-policy <policy>
Used to specify which rules to use for Proxy Authorization. Proxy
authorization allows a client to authenticate to the server using one
user's credentials, but specify a different identity to use for authorization
@@ -311,7 +311,7 @@ and
can impact security, users are strongly encouraged
to explicitly set the type of identity specification that is being used.
A subset of these rules can be used as third arg in the
-.B authz-regexp
+.B authz\-regexp
statement (see below); significantly, the
.IR URI ,
provided it results in exactly one entry,
@@ -320,7 +320,7 @@ and the
forms.
.RE
.TP
-.B authz-regexp <match> <replace>
+.B authz\-regexp <match> <replace>
Used by the authentication framework to convert simple user names,
such as provided by SASL subsystem, or extracted from certificates
in case of cert-based SASL EXTERNAL, or provided within the RFC 4370
@@ -381,7 +381,7 @@ Note that this search is subject to access controls. Specifically,
the authentication identity must have "auth" access in the subject.
Multiple
-.B authz-regexp
+.B authz\-regexp
options can be given in the configuration file to allow for multiple matching
and replacement patterns. The matching patterns are checked in the order they
appear in the file, stopping at the first successful match.
@@ -458,7 +458,7 @@ A SIGHUP signal will only cause a 'gentle' shutdown-attempt:
will stop listening for new connections, but will not close the
connections to the current clients. Future write operations return
unwilling-to-perform, though. Slapd terminates when all clients
-have closed their connections (if they ever do), or \- as before \-
+have closed their connections (if they ever do), or - as before -
if it receives a SIGTERM signal. This can be useful if you wish to
terminate the server and start a new
.B slapd
@@ -522,7 +522,7 @@ depend on these parameters and recreating them with
.hy 0
.B ldapsyntax "(\ <oid>\
[DESC\ <description>]\
- [X-SUBST <substitute\-syntax>]\ )"
+ [X\-SUBST <substitute-syntax>]\ )"
.RS
Specify an LDAP syntax using the LDAPv3 syntax defined in RFC 4512.
The slapd parser extends the RFC 4512 definition by allowing string
@@ -531,20 +531,20 @@ forms as well as numeric OIDs to be used for the syntax OID.
.B objectidentifier
description.)
The slapd parser also honors the
-.B X-SUBST
+.B X\-SUBST
extension (an OpenLDAP-specific extension), which allows to use the
.B ldapsyntax
statement to define a non-implemented syntax along with another syntax,
the extension value
-.IR substitute\-syntax ,
+.IR substitute-syntax ,
as its temporary replacement.
The
-.I substitute\-syntax
+.I substitute-syntax
must be defined.
This allows to define attribute types that make use of non-implemented syntaxes
using the correct syntax OID.
Unless
-.B X-SUBST
+.B X\-SUBST
is used, this configuration statement would result in an error,
since no handlers would be associated to the resulting syntax structure.
.RE
@@ -658,7 +658,7 @@ or as a list of the names that are shown between brackets, such that
are equivalent.
The keyword
.B any
-can be used as a shortcut to enable logging at all levels (equivalent to -1).
+can be used as a shortcut to enable logging at all levels (equivalent to \-1).
The keyword
.BR none ,
or the equivalent integer representation, causes those messages
@@ -680,7 +680,7 @@ are searched for in the directories specified by the
.B modulepath
option. This option and the
.B modulepath
-option are only usable if slapd was compiled with --enable-modules.
+option are only usable if slapd was compiled with \-\-enable\-modules.
.TP
.B modulepath <pathspec>
Specify a list of directories to search for loadable modules. Typically
@@ -710,7 +710,7 @@ in place of the numeric OID in objectclass and attribute definitions. The
name can also be used with a suffix of the form ":xx" in which case the
value "oid.xx" will be used.
.TP
-.B password-hash <hash> [<hash>...]
+.B password\-hash <hash> [<hash>...]
This option configures one or more hashes to be used in generation of user
passwords stored in the userPassword attribute during processing of
LDAP Password Modify Extended Operations (RFC 3062).
@@ -798,10 +798,10 @@ may be used to require no conditions (useful to clear out globally
set conditions within a particular database); it must occur first
in the list of conditions.
.TP
-.B reverse-lookup on | off
+.B reverse\-lookup on | off
Enable/disable client name unverified reverse lookup (default is
.BR off
-if compiled with --enable-rlookups).
+if compiled with \-\-enable\-rlookups).
.TP
.B rootDSE <file>
Specify the name of an LDIF(5) file containing user defined attributes
@@ -812,22 +812,22 @@ The root DSE is an entry with information about the server and its
capabilities, in operational attributes.
It has the empty DN, and can be read with e.g.:
.ti +4
-ldapsearch -x -b "" -s base "+"
+ldapsearch \-x \-b "" \-s base "+"
.br
See RFC 4512 section 5.1 for details.
.TP
-.B sasl-auxprops <plugin> [...]
+.B sasl\-auxprops <plugin> [...]
Specify which auxprop plugins to use for authentication lookups. The
default is empty, which just uses slapd's internal support. Usually
no other auxprop plugins are needed.
.TP
-.B sasl-host <fqdn>
+.B sasl\-host <fqdn>
Used to specify the fully qualified domain name used for SASL processing.
.TP
-.B sasl-realm <realm>
+.B sasl\-realm <realm>
Specify SASL realm. Default is empty.
.TP
-.B sasl-secprops <properties>
+.B sasl\-secprops <properties>
Used to specify Cyrus SASL security properties.
The
.B none
@@ -878,7 +878,7 @@ controls the entries on this server. The default is "cn=Subschema".
.B security <factors>
Specify a set of security strength factors (separated by white space)
to require (see
-.BR sasl-secprops 's
+.BR sasl\-secprops 's
.B minssf
option for a description of security strength factors).
The directive may be specified globally and/or per-database.
@@ -978,7 +978,7 @@ See
.BR limits
for an explanation of the different flags.
.TP
-.B tool-threads <integer>
+.B tool\-threads <integer>
Specify the maximum number of threads to use in tool mode.
This should not be greater than the number of CPUs in the system.
The default is 1.
@@ -1008,13 +1008,13 @@ TLSCipherSuite HIGH:MEDIUM:+SSLv2
To check what ciphers a given spec selects, use:
.nf
- openssl ciphers -v <cipher-suite-spec>
+ openssl ciphers \-v <cipher-suite-spec>
.fi
To obtain the list of ciphers in GNUtls use:
.nf
- gnutls-cli -l
+ gnutls-cli \-l
.fi
.TP
@@ -1523,7 +1523,7 @@ password can only be set if the rootdn is within the namingContext
(suffix) of the database.
This option accepts all RFC 2307 userPassword formats known to
the server (see
-.B password-hash
+.B password\-hash
description) as well as cleartext.
.BR slappasswd (8)
may be used to generate a hash of a password. Cleartext
@@ -1604,7 +1604,7 @@ in order to work over all of the glued databases. E.g.
.B [sizelimit=<limit>]
.B [timelimit=<limit>]
.B [schemachecking=on|off]
-.B [network-timeout=<seconds>]
+.B [network\-timeout=<seconds>]
.B [timeout=<seconds>]
.B [bindmethod=simple|sasl]
.B [binddn=<dn>]
@@ -1721,7 +1721,7 @@ As a consequence, schema checking should be \fBoff\fP when partial
replication is used.
The
-.B network-timeout
+.B network\-timeout
parameter sets how long the consumer will wait to establish a
network connection to the provider. Once a connection is
established, the
@@ -1757,7 +1757,7 @@ The
.B authzid
parameter may be used to specify an authorization identity.
Specific security properties (as with the
-.B sasl-secprops
+.B sasl\-secprops
keyword above) for a SASL bind can be set with the
.B secprops
option. A non default SASL realm can be set with the
@@ -1793,7 +1793,7 @@ and
parameters must be set appropriately for the log that will be used. The
.B syncdata
parameter must be set to either "accesslog" if the log conforms to the
-.BR slapo-accesslog (5)
+.BR slapo\-accesslog (5)
log format, or "changelog" if the log conforms
to the obsolete \fIchangelog\fP format. If the
.B syncdata
@@ -1833,10 +1833,10 @@ include SYSCONFDIR/schema/core.schema
pidfile LOCALSTATEDIR/run/slapd.pid
# Subtypes of "name" (e.g. "cn" and "ou") with the
-# option ";x-hidden" can be searched for/compared,
+# option ";x\-hidden" can be searched for/compared,
# but are not shown. See \fBslapd.access\fP(5).
-attributeoptions x-hidden lang-
-access to attrs=name;x-hidden by * =cs
+attributeoptions x\-hidden lang\-
+access to attrs=name;x\-hidden by * =cs
# Protect passwords. See \fBslapd.access\fP(5).
access to attrs=userPassword by * auth
@@ -1844,11 +1844,11 @@ access to attrs=userPassword by * auth
access to * by * read
database bdb
-suffix "dc=our-domain,dc=com"
+suffix "dc=our\-domain,dc=com"
# The database directory MUST exist prior to
# running slapd AND should only be accessible
# by the slapd/tools. Mode 0700 recommended.
-directory LOCALSTATEDIR/openldap-data
+directory LOCALSTATEDIR/openldap\-data
# Indices to maintain
index objectClass eq
index cn,sn,mail pres,eq,approx,sub
@@ -1857,7 +1857,7 @@ index cn,sn,mail pres,eq,approx,sub
# so handle remote lookups on their behalf.
database ldap
suffix ""
-uri ldap://ldap.some-server.com/
+uri ldap://ldap.some\-server.com/
lastmod off
.fi
.RE
diff --git a/doc/man/man5/slapd.overlays.5 b/doc/man/man5/slapd.overlays.5
index 014a9b6d034580eef48b06ffd9cb63a0280ab7ea..3e7d14a6f69a6387a901417e90bfed56f18a037f 100644
--- a/doc/man/man5/slapd.overlays.5
+++ b/doc/man/man5/slapd.overlays.5
@@ -16,7 +16,7 @@ may also be configured globally.
Configuration options for each overlay are documented separately in the
corresponding
-.BR slapo-<overlay> (5)
+.BR slapo\-<overlay> (5)
manual pages.
.TP
.B accesslog
@@ -61,9 +61,9 @@ This overlay allows expansion of dynamic groups and more.
Proxycache.
This overlay allows caching of LDAP search requests in a local database.
It is most often used with the
-.BR slapd-ldap (5)
+.BR slapd\-ldap (5)
or
-.BR slapd-meta (5)
+.BR slapd\-meta (5)
backends.
.TP
.B ppolicy
@@ -75,7 +75,7 @@ password resets, etc.
.B refint
Referential Integrity.
This overlay can be used with a backend database such as
-.BR slapd-bdb (5)
+.BR slapd\-bdb (5)
to maintain the cohesiveness of a schema which utilizes reference
attributes.
.TP
@@ -99,7 +99,7 @@ replication, including persistent search functionality.
.B translucent
Translucent Proxy.
This overlay can be used with a backend database such as
-.BR slapd-bdb (5)
+.BR slapd\-bdb (5)
to create a "translucent proxy".
Content of entries retrieved from a remote LDAP server can be partially
overridden by the database.
@@ -107,7 +107,7 @@ overridden by the database.
.B unique
Attribute Uniqueness.
This overlay can be used with a backend database such as
-.BR slapd-bdb (5)
+.BR slapd\-bdb (5)
to enforce the uniqueness of some or all attributes within a subtree.
.TP
.B valsort
diff --git a/doc/man/man5/slapd.plugin.5 b/doc/man/man5/slapd.plugin.5
index 8696fe634e1abe21ea44edeb7bc1e41e6e72b57f..e6fb822fab4cc5b224e420ee56764258a6caef91 100644
--- a/doc/man/man5/slapd.plugin.5
+++ b/doc/man/man5/slapd.plugin.5
@@ -38,7 +38,7 @@ is as follows:
...
.fi
.LP
-If slapd is compiled with \fI--enable-slapi\fP, support for plugins
+If slapd is compiled with \fI\-\-enable\-slapi\fP, support for plugins
according to \fINetscape's Directory Server Plug-Ins\fP.
Version 4 of the API is currently implemented, with some extensions
from version 5.
diff --git a/doc/man/man5/slapo-accesslog.5 b/doc/man/man5/slapo-accesslog.5
index 954ac997a03c15dc49e18e956f1f64d4a49574cb..98a90620df29cdfe89f4f2302218eedcbcb973bc 100644
--- a/doc/man/man5/slapo-accesslog.5
+++ b/doc/man/man5/slapo-accesslog.5
@@ -3,7 +3,7 @@
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.\" $OpenLDAP$
.SH NAME
-slapo-accesslog \- Access Logging overlay to slapd
+slapo\-accesslog \- Access Logging overlay to slapd
.SH SYNOPSIS
ETCDIR/slapd.conf
.SH DESCRIPTION
@@ -256,11 +256,11 @@ performed.) The values are formatted as
.RS
.PD 0
.TP
-attribute:<+|-|=|#> [ value]
+attribute:<+|\-|=|#> [ value]
.RE
.RE
.PD
-Where '+' indicates an Add of a value, '-' for Delete, '=' for Replace,
+Where '+' indicates an Add of a value, '\-' for Delete, '=' for Replace,
and '#' for Increment. In an Add operation, all of the reqMod values will
have the '+' designator.
.P
diff --git a/doc/man/man5/slapo-auditlog.5 b/doc/man/man5/slapo-auditlog.5
index d8b165ed203b06ce9c68469bffcecb7e047bb393..9669b4adc49b4b078bb8c31c19e7a0b5b11a8f95 100644
--- a/doc/man/man5/slapo-auditlog.5
+++ b/doc/man/man5/slapo-auditlog.5
@@ -3,7 +3,7 @@
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.\" $OpenLDAP$
.SH NAME
-slapo-auditlog \- Audit Logging overlay to slapd
+slapo\-auditlog \- Audit Logging overlay to slapd
.SH SYNOPSIS
ETCDIR/slapd.conf
.TP
@@ -57,4 +57,4 @@ ETCDIR/slapd.d
default slapd configuration directory
.SH SEE ALSO
.BR slapd.conf (5),
-.BR slapd-config(5).
+.BR slapd\-config(5).
diff --git a/doc/man/man5/slapo-chain.5 b/doc/man/man5/slapo-chain.5
index c53779dbfac3751da1ec1971717b8f103bd3e5c7..0fda588d495f714c8ca898efdb0a1ef950b23e82 100644
--- a/doc/man/man5/slapo-chain.5
+++ b/doc/man/man5/slapo-chain.5
@@ -3,7 +3,7 @@
.\" Copying restrictions apply. See the COPYRIGHT file.
.\" $OpenLDAP$
.SH NAME
-slapo-chain \- chain overlay to slapd
+slapo\-chain \- chain overlay to slapd
.SH SYNOPSIS
ETCDIR/slapd.conf
.SH DESCRIPTION
@@ -18,7 +18,7 @@ If operations are performed with an identity (i.e. after a bind),
that identity can be asserted while chasing the referrals
by means of the \fIidentity assertion\fP feature of back-ldap
(see
-.BR slapd-ldap (5)
+.BR slapd\-ldap (5)
for details), which is essentially based on the
.B proxied authorization
control [RFC 4370].
@@ -39,7 +39,7 @@ There are very few chain overlay specific directives; however, directives
related to the instances of the \fIldap\fP backend that may be implicitly
instantiated by the overlay may assume a special meaning when used
in conjunction with this overlay. They are described in
-.BR slapd-ldap (5),
+.BR slapd\-ldap (5),
and they also need to be prefixed by
.BR chain\- .
.TP
@@ -47,21 +47,21 @@ and they also need to be prefixed by
This directive adds the chain overlay to the current backend.
The chain overlay may be used with any backend, but it is mainly
intended for use with local storage backends that may return referrals.
-It is useless in conjunction with the \fIslapd-ldap\fP and \fIslapd-meta\fP
+It is useless in conjunction with the \fIslapd\-ldap\fP and \fIslapd\-meta\fP
backends because they already exploit the libldap specific referral chase
feature.
[Note: this may change in the future, as the \fBldap\fP(5) and
\fBmeta\fP(5) backends might no longer chase referrals on their own.]
.TP
-.B chain-cache-uri {FALSE|true}
+.B chain\-cache\-uri {FALSE|true}
This directive instructs the \fIchain\fP overlay to cache
connections to URIs parsed out of referrals that are not predefined,
to be reused for later chaining.
These URIs inherit the properties configured for the underlying
-\fBslapd-ldap\fP(5) before any occurrence of the \fBchain-uri\fP
+\fBslapd\-ldap\fP(5) before any occurrence of the \fBchain\-uri\fP
directive; basically, they are chained anonymously.
.TP
-.B chain-chaining [resolve=<r>] [continuation=<c>] [critical]
+.B chain\-chaining [resolve=<r>] [continuation=<c>] [critical]
This directive enables the \fIchaining\fP control
(see \fIdraft-sermersheim-ldap-chaining\fP for details)
with the desired resolve and continuation behaviors and criticality.
@@ -79,12 +79,12 @@ The values \fBr\fP and \fBc\fP can be any of
If the \fBcritical\fP flag affects the control criticality if provided.
[This control is experimental and its support may change in the future.]
.TP
-.B chain-max-depth <n>
+.B chain\-max\-depth <n>
In case a referral is returned during referral chasing, further chasing
occurs at most \fB<n>\fP levels deep. Set to \fB1\fP (the default)
to disable further referral chasing.
.TP
-.B chain-return-error {FALSE|true}
+.B chain\-return\-error {FALSE|true}
In case referral chasing fails, the real error is returned instead
of the original referral. In case multiple referral URIs are present,
only the first error is returned. This behavior may not be always
@@ -92,12 +92,12 @@ appropriate nor desirable, since failures in referral chasing might be
better resolved by the client (e.g. when caused by distributed
authentication issues).
.TP
-.B chain-uri <ldapuri>
+.B chain\-uri <ldapuri>
This directive instantiates a new underlying \fIldap\fP database
and instructs it about which URI to contact to chase referrals.
-As opposed to what stated in \fBslapd-ldap\fP(5), only one URI
-can appear after this directive; all subsequent \fBslapd-ldap\fP(5)
-directives prefixed by \fBchain-\fP refer to this specific instance
+As opposed to what stated in \fBslapd\-ldap\fP(5), only one URI
+can appear after this directive; all subsequent \fBslapd\-ldap\fP(5)
+directives prefixed by \fBchain\-\fP refer to this specific instance
of a remote server.
.LP
@@ -107,17 +107,17 @@ be required, as shown in this example:
.RS
.nf
overlay chain
-chain-rebind-as-user FALSE
+chain\-rebind\-as\-user FALSE
-chain-uri "ldap://ldap1.example.com"
-chain-rebind-as-user TRUE
-chain-idassert-bind bindmethod="simple"
+chain\-uri "ldap://ldap1.example.com"
+chain\-rebind\-as\-user TRUE
+chain\-idassert\-bind bindmethod="simple"
binddn="cn=Auth,dc=example,dc=com"
credentials="secret"
mode="self"
-chain-uri "ldap://ldap2.example.com"
-chain-idassert-bind bindmethod="simple"
+chain\-uri "ldap://ldap2.example.com"
+chain\-idassert\-bind bindmethod="simple"
binddn="cn=Auth,dc=example,dc=com"
credentials="secret"
mode="none"
@@ -126,14 +126,14 @@ chain-idassert-bind bindmethod="simple"
.RE
.LP
Any valid directives for the ldap database may be used; see
-.BR slapd-ldap (5)
+.BR slapd\-ldap (5)
for details.
-Multiple occurrences of the \fBchain-uri\fP directive may appear,
+Multiple occurrences of the \fBchain\-uri\fP directive may appear,
to define multiple "trusted" URIs where operations with
\fIidentity assertion\fP are chained.
All URIs not listed in the configuration are chained anonymously.
-All \fBslapd-ldap\fP(5) directives appearing before the first
-occurrence of \fBchain-uri\fP are inherited by all URIs,
+All \fBslapd\-ldap\fP(5) directives appearing before the first
+occurrence of \fBchain\-uri\fP are inherited by all URIs,
unless specifically overridden inside each URI configuration.
.SH FILES
.TP
diff --git a/doc/man/man5/slapo-collect.5 b/doc/man/man5/slapo-collect.5
index d38d1f1d5837f905ac5c05b48b0a948cec78021f..8813ca3eafa41585e67921643dd9de5a3dee5ec0 100644
--- a/doc/man/man5/slapo-collect.5
+++ b/doc/man/man5/slapo-collect.5
@@ -3,7 +3,7 @@
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.\" $OpenLDAP$
.SH NAME
-slapo-collect \- Collective attributes overlay to slapd
+slapo\-collect \- Collective attributes overlay to slapd
.SH SYNOPSIS
ETCDIR/slapd.conf
.SH DESCRIPTION
@@ -43,7 +43,7 @@ default slapd configuration file
.BR slapd.conf (5),
.BR slapd\-config (5),
The
-.BR slapo-collect (5)
+.BR slapo\-collect (5)
overlay supports dynamic configuration via
.BR back-config .
.SH ACKNOWLEDGEMENTS
diff --git a/doc/man/man5/slapo-constraint.5 b/doc/man/man5/slapo-constraint.5
index f993db3ec3c3ab8c95ce159e12c79a90d8c0b83d..e3cce3a61c0b1e560e500ffa0263e1eda833b047 100644
--- a/doc/man/man5/slapo-constraint.5
+++ b/doc/man/man5/slapo-constraint.5
@@ -4,7 +4,7 @@
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.\" $OpenLDAP$
.SH NAME
-slapo-constraint \- Attribute Constraint Overlay to slapd
+slapo\-constraint \- Attribute Constraint Overlay to slapd
.SH SYNOPSIS
ETCDIR/slapd.conf
.SH DESCRIPTION
diff --git a/doc/man/man5/slapo-dds.5 b/doc/man/man5/slapo-dds.5
index b7b7ea33180adaf3f8d98e215212c435dfb105b8..5ad762456d4782e577a884af230feea5a7569c8d 100644
--- a/doc/man/man5/slapo-dds.5
+++ b/doc/man/man5/slapo-dds.5
@@ -3,7 +3,7 @@
.\" Copying restrictions apply. See the COPYRIGHT file.
.\" $OpenLDAP$
.SH NAME
-slapo-dds \- Dynamic Directory Services overlay to slapd
+slapo\-dds \- Dynamic Directory Services overlay to slapd
.SH SYNOPSIS
ETCDIR/slapd.conf
.SH DESCRIPTION
@@ -131,7 +131,7 @@ run-queue size) that are used by dynamic objects.
By default, no limit is set.
.TP
-.B dds-state {TRUE|false}
+.B dds\-state {TRUE|false}
Specifies if the Dynamic Directory Services feature is enabled or not.
By default it is; however, a proxy does not need to keep track of dynamic
objects itself, it only needs to inform the frontend that support for
diff --git a/doc/man/man5/slapo-dyngroup.5 b/doc/man/man5/slapo-dyngroup.5
index e37f95b8bf347850d2f53bcdbe4acaf186363994..63d451cafe2c457d8f9e3a1536509788559b260c 100644
--- a/doc/man/man5/slapo-dyngroup.5
+++ b/doc/man/man5/slapo-dyngroup.5
@@ -3,7 +3,7 @@
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.\" $OpenLDAP$
.SH NAME
-slapo-dyngroup \- Dynamic Group overlay to slapd
+slapo\-dyngroup \- Dynamic Group overlay to slapd
.SH SYNOPSIS
ETCDIR/slapd.conf
.SH DESCRIPTION
diff --git a/doc/man/man5/slapo-dynlist.5 b/doc/man/man5/slapo-dynlist.5
index 2aa9eaf31c31fb9392c99428fe8a5486454d44d4..c0152e64b32f5205c11f82ec81544b0284bb0c4e 100644
--- a/doc/man/man5/slapo-dynlist.5
+++ b/doc/man/man5/slapo-dynlist.5
@@ -3,7 +3,7 @@
.\" Copying restrictions apply. See the COPYRIGHT file.
.\" $OpenLDAP$
.SH NAME
-slapo-dynlist \- Dynamic List overlay to slapd
+slapo\-dynlist \- Dynamic List overlay to slapd
.SH SYNOPSIS
ETCDIR/slapd.conf
.SH DESCRIPTION
@@ -20,7 +20,7 @@ entry.
No recursion is allowed, to avoid potential infinite loops.
The resulting entry must comply with the LDAP data model, so constraints
are enforced.
-For example, if a \fISINGLE-VALUE\fP attribute is listed,
+For example, if a \fISINGLE\-VALUE\fP attribute is listed,
only the first value results in the final entry.
The above described behavior is disabled when the \fImanageDSAit\fP
control (RFC 3296) is used.
@@ -50,9 +50,9 @@ occurrences, and it must appear after the
.B overlay
directive.
.TP
-.B dynlist-attrset <group-oc> [<URI>] <URL-ad> [[<mapped-ad>:]<member-ad> ...]
+.B dynlist\-attrset <group-oc> [<URI>] <URL-ad> [[<mapped-ad>:]<member-ad> ...]
The value
-.B group-oc
+.B group\-oc
is the name of the objectClass that triggers the dynamic expansion of the
data.
@@ -141,7 +141,7 @@ entry; first of all, make sure that slapd.conf contains the directives:
# ...
overlay dynlist
- dynlist-attrset groupOfURLs memberURL
+ dynlist\-attrset groupOfURLs memberURL
.fi
.LP
and that slapd loads dynlist.la, if compiled as a run-time module;
@@ -170,7 +170,7 @@ attribute:
# ...
overlay dynlist
- dynlist-attrset groupOfURLs memberURL member
+ dynlist\-attrset groupOfURLs memberURL member
.fi
.LP
@@ -195,7 +195,7 @@ default slapd configuration file
.BR slapd\-config (5),
.BR slapd (8).
The
-.BR slapo-dynlist (5)
+.BR slapo\-dynlist (5)
overlay supports dynamic configuration via
.BR back-config .
.SH ACKNOWLEDGEMENTS
diff --git a/doc/man/man5/slapo-memberof.5 b/doc/man/man5/slapo-memberof.5
index 32e69c761d771c48d9ab7c629013639dabc8306f..5f3f5469b235ba0e5f67b2caad2e72a6de417eb5 100644
--- a/doc/man/man5/slapo-memberof.5
+++ b/doc/man/man5/slapo-memberof.5
@@ -3,7 +3,7 @@
.\" Copying restrictions apply. See the COPYRIGHT file.
.\" $OpenLDAP$
.SH NAME
-slapo-memberof \- Reverse Group Membership overlay to slapd
+slapo\-memberof \- Reverse Group Membership overlay to slapd
.SH SYNOPSIS
ETCDIR/slapd.conf
.SH DESCRIPTION
@@ -36,7 +36,7 @@ The following
configuration options are defined for the memberofoverlay.
.TP
-.BI memberof-group-oc \ <group-oc>
+.BI memberof\-group\-oc \ <group-oc>
The value
.I <group-oc>
is the name of the objectClass that triggers the reverse group membership
@@ -44,7 +44,7 @@ update.
It defaults to \fIgroupOfNames\fP.
.TP
-.BI memberof-member-ad \ <member-ad>
+.BI memberof\-member\-ad \ <member-ad>
The value
.I <member-ad>
is the name of the attribute that contains the names of the members
@@ -52,7 +52,7 @@ in the group objects; it must be DN-valued.
It defaults to \fImember\fP.
.TP
-.BI memberof-memberof-ad \ <memberof-ad>
+.BI memberof\-memberof\-ad \ <memberof-ad>
The value
.I <memberof-ad>
is the name of the attribute that contains the names of the groups
@@ -61,7 +61,7 @@ automatically updated by the overlay.
It defaults to \fImemberOf\fP.
.TP
-.BI memberof-dn \ <dn>
+.BI memberof\-dn \ <dn>
The value
.I <dn>
contains the DN that is used as \fImodifiersName\fP for internal
@@ -69,7 +69,7 @@ modifications performed to update the reverse group membership.
It defaults to the \fIrootdn\fP of the underlying database.
.TP
-.BI "memberof-dangling {" ignore ", " drop ", " error "}"
+.BI "memberof\-dangling {" ignore ", " drop ", " error "}"
This option determines the behavior of the overlay when, during
a modification, it encounters dangling references.
The default is
@@ -84,9 +84,9 @@ which causes modifications that would result in dangling references
to fail.
.TP
-.BI memberof-dangling-error \ <error-code>
+.BI memberof\-dangling\-error \ <error-code>
If
-.BR memberof-dangling
+.BR memberof\-dangling
is set to
.IR error ,
this configuration parameter can be used to modify the response code
@@ -94,7 +94,7 @@ returned in case of violation. It defaults to "constraint violation",
but other implementations are known to return "no such object" instead.
.TP
-.BI "memberof-refint {" true "|" FALSE "}"
+.BI "memberof\-refint {" true "|" FALSE "}"
This option determines whether the overlay will try to preserve
referential integrity or not.
If set to
@@ -116,7 +116,7 @@ default slapd configuration file
.BR slapd\-config (5),
.BR slapd (8).
The
-.BR slapo-memberof (5)
+.BR slapo\-memberof (5)
overlay supports dynamic configuration via
.BR back-config .
.SH ACKNOWLEDGEMENTS
diff --git a/doc/man/man5/slapo-pcache.5 b/doc/man/man5/slapo-pcache.5
index 403f22cdda6e125044675377e1d33cd3cda1a840..e7f8e706ef7bc7a86990c391c74f70dcdec646e7 100644
--- a/doc/man/man5/slapo-pcache.5
+++ b/doc/man/man5/slapo-pcache.5
@@ -4,7 +4,7 @@
.\" Copyright 2001, Pierangelo Masarati, All rights reserved. <ando@sys-net.it>
.\" $OpenLDAP$
.SH NAME
-slapo-pcache \- proxycache overlay to slapd
+slapo\-pcache \- proxycache overlay to slapd
.SH SYNOPSIS
ETCDIR/slapd.conf
.SH DESCRIPTION
@@ -71,7 +71,7 @@ proxycache \fBbdb 10000 1 50 100\fP
.TP
.B proxyattrset <index> <attrs...>
Used to associate a set of attributes <attrs..> with an <index>. Each attribute
-set is associated with an integer from 0 to <numattrsets>-1. These indices are
+set is associated with an integer from 0 to <numattrsets>\-1. These indices are
used by the \fBproxytemplate\fP directive to define cacheable templates.
A set of attributes cannot be empty. A set of attributes can contain the
special attributes "*" (all user attributes), "+" (all operational attributes)
@@ -121,7 +121,7 @@ hitting a sizelimit should also be cached for the specified amount of time.
Results hitting a sizelimit are not cached by default (<limitttl> set to 0).
.TP
-.B response-callback { head | tail }
+.B response\-callback { head | tail }
Specifies whether the response callback should be placed at the
.B tail
(the default) or at the
@@ -219,11 +219,11 @@ For this reason, it is suggested that, when using
proxy caching be used in conjunction with the
.I identity assertion
feature of
-.BR slapd-ldap (5)
+.BR slapd\-ldap (5)
(see the
-.B idassert-bind
+.B idassert\-bind
and the
-.B idassert-authz
+.B idassert\-authz
statements), so that remote server interrogation occurs with a vanilla identity
that has some relatively high
.B search
diff --git a/doc/man/man5/slapo-ppolicy.5 b/doc/man/man5/slapo-ppolicy.5
index 761428ec88d3ebadc5e23767fa2cf809d2abdf16..28f6e40296a3db723e1acbe6b25c134c4b3ad712 100644
--- a/doc/man/man5/slapo-ppolicy.5
+++ b/doc/man/man5/slapo-ppolicy.5
@@ -3,7 +3,7 @@
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.\" $OpenLDAP$
.SH NAME
-slapo-ppolicy \- Password Policy overlay to slapd
+slapo\-ppolicy \- Password Policy overlay to slapd
.SH SYNOPSIS
ETCDIR/slapd.conf
.SH DESCRIPTION
@@ -17,7 +17,7 @@ decodes and applies specific password policy controls to overall
use of a backend database, changes to user password fields, etc.
.P
The overlay provides a variety of password control mechanisms. They
-include password aging--both minimum and maximum ages, password
+include password aging -- both minimum and maximum ages, password
reuse and duplication control, account time-outs, mandatory password
resets, acceptable password content, and even grace logins.
Different groups of users may be associated with different password
@@ -159,7 +159,7 @@ modified whenever and however often is desired).
NAME 'pwdMinAge'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
- SINGLE-VALUE )
+ SINGLE\-VALUE )
.RE
.B pwdMaxAge
@@ -173,7 +173,7 @@ value is zero (0), then passwords will not expire.
NAME 'pwdMaxAge'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
- SINGLE-VALUE )
+ SINGLE\-VALUE )
.RE
.B pwdInHistory
@@ -196,7 +196,7 @@ although the password is saved in the history.
NAME 'pwdInHistory'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
- SINGLE-VALUE )
+ SINGLE\-VALUE )
.RE
.B pwdCheckQuality
@@ -217,7 +217,7 @@ error refusing the password.
NAME 'pwdCheckQuality'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
- SINGLE-VALUE )
+ SINGLE\-VALUE )
.RE
.B pwdMinLength
@@ -245,7 +245,7 @@ is two (2)).
NAME 'pwdMinLength'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
- SINGLE-VALUE )
+ SINGLE\-VALUE )
.RE
.B pwdExpireWarning
@@ -261,7 +261,7 @@ present, or if the value is zero (0), no warnings will be sent.
NAME 'pwdExpireWarning'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
- SINGLE-VALUE )
+ SINGLE\-VALUE )
.RE
.B pwdGraceAuthnLimit
@@ -277,7 +277,7 @@ directory.
NAME 'pwdGraceAuthnLimit'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
- SINGLE-VALUE )
+ SINGLE\-VALUE )
.RE
.B pwdLockout
@@ -303,7 +303,7 @@ attempts have been made.
NAME 'pwdLockout'
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
- SINGLE-VALUE )
+ SINGLE\-VALUE )
.RE
.B pwdLockoutDuration
@@ -327,7 +327,7 @@ again until it is reset by an administrator.
NAME 'pwdLockoutDuration'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
- SINGLE-VALUE )
+ SINGLE\-VALUE )
.RE
.B pwdMaxFailure
@@ -351,7 +351,7 @@ and
NAME 'pwdMaxFailure'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
- SINGLE-VALUE )
+ SINGLE\-VALUE )
.RE
.B pwdFailureCountInterval
@@ -369,7 +369,7 @@ counter will only be reset by a successful authentication.
NAME 'pwdFailureCountInterval'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
- SINGLE-VALUE )
+ SINGLE\-VALUE )
.RE
.B pwdMustChange
@@ -391,7 +391,7 @@ the administrator sets or resets the password.
NAME 'pwdMustChange'
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
- SINGLE-VALUE )
+ SINGLE\-VALUE )
.RE
.B pwdAllowUserChange
@@ -408,7 +408,7 @@ users will not be allowed to change their own passwords.
NAME 'pwdAllowUserChange'
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
- SINGLE-VALUE )
+ SINGLE\-VALUE )
.RE
.B pwdSafeModify
@@ -426,7 +426,7 @@ along with the new password.
NAME 'pwdSafeModify'
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
- SINGLE-VALUE )
+ SINGLE\-VALUE )
.RE
.B pwdCheckModule
@@ -473,7 +473,7 @@ be free()'d by slapd.
NAME 'pwdCheckModule'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
- SINGLE-VALUE )
+ SINGLE\-VALUE )
.RE
.P
Note:
@@ -546,8 +546,8 @@ policy rules will be enforced.
this object'
EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
- SINGLE-VALUE
- NO-USER-MODIFICATION
+ SINGLE\-VALUE
+ NO\-USER\-MODIFICATION
USAGE directoryOperation)
.RE
@@ -567,8 +567,8 @@ does not exist, the user's password will not expire.
SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
EQUALITY generalizedTimeMatch
ORDERING generalizedTimeOrderingMatch
- SINGLE-VALUE
- NO-USER-MODIFICATION
+ SINGLE\-VALUE
+ NO\-USER\-MODIFICATION
USAGE directoryOperation)
.RE
@@ -588,8 +588,8 @@ and may only be unlocked by an administrator.
SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
EQUALITY generalizedTimeMatch
ORDERING generalizedTimeOrderingMatch
- SINGLE-VALUE
- NO-USER-MODIFICATION
+ SINGLE\-VALUE
+ NO\-USER\-MODIFICATION
USAGE directoryOperation)
.RE
@@ -623,7 +623,7 @@ will be cleansed of entries.
SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
EQUALITY generalizedTimeMatch
ORDERING generalizedTimeOrderingMatch
- NO-USER-MODIFICATION
+ NO\-USER\-MODIFICATION
USAGE directoryOperation )
.RE
@@ -677,7 +677,7 @@ field is in GMT format.
DESC 'The history of user passwords'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
EQUALITY octetStringMatch
- NO-USER-MODIFICATION
+ NO\-USER\-MODIFICATION
USAGE directoryOperation)
.RE
@@ -701,7 +701,7 @@ attribute.
DESC 'The timestamps of the grace login once the password has expired'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
EQUALITY generalizedTimeMatch
- NO-USER-MODIFICATION
+ NO\-USER\-MODIFICATION
USAGE directoryOperation)
.RE
@@ -723,7 +723,7 @@ administrative reset.
been reset'
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
- SINGLE-VALUE
+ SINGLE\-VALUE
USAGE directoryOperation)
.RE
@@ -733,7 +733,7 @@ administrative reset.
.nf
database bdb
suffix dc=example,dc=com
-\...
+\|...
overlay ppolicy
ppolicy_default "cn=Standard,ou=Policies,dc=example,dc=com"
.fi
diff --git a/doc/man/man5/slapo-refint.5 b/doc/man/man5/slapo-refint.5
index 067735df78c171bc199c402388081163772a315a..f2d4bf0d96a36693a09b069cb8bf4d7edf7b9fdc 100644
--- a/doc/man/man5/slapo-refint.5
+++ b/doc/man/man5/slapo-refint.5
@@ -3,12 +3,12 @@
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.\" $OpenLDAP$
.SH NAME
-slapo-refint \- Referential Integrity overlay to slapd
+slapo\-refint \- Referential Integrity overlay to slapd
.SH SYNOPSIS
ETCDIR/slapd.conf
.SH DESCRIPTION
The Referential Integrity overlay can be used with a backend database such as
-.BR slapd-bdb (5)
+.BR slapd\-bdb (5)
to maintain the cohesiveness of a schema which utilizes reference attributes.
.LP
Integrity is maintained by updating database records which contain the named
diff --git a/doc/man/man5/slapo-retcode.5 b/doc/man/man5/slapo-retcode.5
index 9e6730bf293325276856bbb265e53005b68f39cf..e306b3cf02992ad65ed97d13bc3a815c414a54f5 100644
--- a/doc/man/man5/slapo-retcode.5
+++ b/doc/man/man5/slapo-retcode.5
@@ -4,7 +4,7 @@
.\" Copyright 2001, Pierangelo Masarati, All rights reserved. <ando@sys-net.it>
.\" $OpenLDAP$
.SH NAME
-slapo-retcode \- return code overlay to slapd
+slapo\-retcode \- return code overlay to slapd
.SH SYNOPSIS
ETCDIR/slapd.conf
.SH DESCRIPTION
@@ -58,7 +58,7 @@ If not defined, the suffix of the database is used.
.hy 0
.B retcode\-item <RDN> <errCode> [op=<oplist>] [text=<message>]
.B [ref=<referral>] [sleeptime=<sec>] [matched=<DN>]
-.B [unsolicited=<OID>[:<data>]] [flags=[{pre|post}-]disconnect[,...]]
+.B [unsolicited=<OID>[:<data>]] [flags=[{pre|post}\-]disconnect[,...]]
.RS
A dynamically generated entry, located below \fBretcode\-parent\fP.
The \fBerrCode\fP is the number of the response code;
@@ -79,9 +79,9 @@ The \fBunsolicited\fP field can be used to cause the return
of an RFC 4511 unsolicited response message; if \fBOID\fP
is not "0", an extended response is generated, with the optional
\fBdata\fP appended.
-If \fBflags\fP contains \fBdisconnect\fP, or \fBpre-disconnect\fP,
+If \fBflags\fP contains \fBdisconnect\fP, or \fBpre\-disconnect\fP,
.BR slapd (8)
-disconnects abruptly, without notice; \fBpost-disconnect\fP
+disconnects abruptly, without notice; \fBpost\-disconnect\fP
causes disconnection right after sending response as appropriate.
.RE
.TP
@@ -89,7 +89,7 @@ causes disconnection right after sending response as appropriate.
Enables exploitation of in-directory stored errAbsObject.
May result in a lot of unnecessary overhead.
.TP
-.B retcode\-sleep [-]<n>
+.B retcode\-sleep [\-]<n>
Defines a sleep time in seconds that is spent before actually handling
any operation.
If negative, a random time between 0 and the absolute value of the argument
@@ -119,7 +119,7 @@ The error code:
EQUALITY integerMatch
ORDERING integerOrderingMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
- SINGLE-VALUE )
+ SINGLE\-VALUE )
.RE
.LP
The operations that trigger the response code:
@@ -140,7 +140,7 @@ The text message:
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
- SINGLE-VALUE )
+ SINGLE\-VALUE )
.RE
.LP
The sleep time before the response is actually returned to the client:
@@ -150,7 +150,7 @@ The sleep time before the response is actually returned to the client:
DESC 'Time to wait before returning the error'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
- SINGLE-VALUE )
+ SINGLE\-VALUE )
.RE
.LP
The matched DN returned to the client:
@@ -160,7 +160,7 @@ The matched DN returned to the client:
DESC 'Value to be returned as matched DN'
EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
- SINGLE-VALUE )
+ SINGLE\-VALUE )
.RE
.LP
The OID to be returned as extended response OID
@@ -172,7 +172,7 @@ in RFC 4511 unsolicited responses
DESC 'OID to be returned within unsolicited response'
EQUALITY objectIdentifierMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.38
- SINGLE-VALUE )
+ SINGLE\-VALUE )
.RE
.LP
The octet string to be returned as extended response data
@@ -182,7 +182,7 @@ in RFC 4511 unsolicited response:
NAME ( 'errUnsolicitedData' )
DESC 'Data to be returned within unsolicited response'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
- SINGLE-VALUE )
+ SINGLE\-VALUE )
.RE
.LP
If TRUE,
@@ -194,7 +194,7 @@ after sending response as appropriate:
NAME ( 'errDisconnect' )
DESC 'Disconnect without notice'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
- SINGLE-VALUE )
+ SINGLE\-VALUE )
.RE
.LP
The abstract class that triggers the overlay:
@@ -226,15 +226,15 @@ The auxiliary objectclass to alter the behavior of existing objects:
.RS
.nf
overlay retcode
-retcode-parent "ou=RetCodes,dc=example,dc=com"
+retcode\-parent "ou=RetCodes,dc=example,dc=com"
# retcode.conf is found in tests/data/ of the source tree
include ./retcode.conf
# Wait 10 seconds, then return success (0x00)
-retcode-item "cn=Success after 10 seconds" 0x00 sleeptime=10
+retcode\-item "cn=Success after 10 seconds" 0x00 sleeptime=10
# Wait 10 seconds, then return timelimitExceeded (0x03)
-retcode-item "cn=Timelimit after 10 seconds" 0x03 sleeptime=10
+retcode\-item "cn=Timelimit after 10 seconds" 0x03 sleeptime=10
.fi
.RE
.LP
@@ -249,7 +249,7 @@ default slapd configuration file
.BR slapd\-config (5),
.BR slapd (8).
The
-.BR slapo-retcode (5)
+.BR slapo\-retcode (5)
overlay supports dynamic configuration via
.BR back-config .
.SH ACKNOWLEDGEMENTS
diff --git a/doc/man/man5/slapo-rwm.5 b/doc/man/man5/slapo-rwm.5
index e03e8b1f00d9ab3091a7fdf561ce4b7cb653a6dc..918bb4f0c34d395d99f09cd47fa0ebd7aaf00d5b 100644
--- a/doc/man/man5/slapo-rwm.5
+++ b/doc/man/man5/slapo-rwm.5
@@ -8,7 +8,7 @@
.\" and maybe manual pages for librewrite.
.\"
.SH NAME
-slapo-rwm \- rewrite/remap overlay to slapd
+slapo\-rwm \- rewrite/remap overlay to slapd
.SH SYNOPSIS
ETCDIR/slapd.conf
.SH DESCRIPTION
@@ -19,9 +19,9 @@ overlay to
performs basic DN/data rewrite and objectClass/attributeType mapping.
Its usage is mostly intended to provide virtual views of existing data
either remotely, in conjunction with the proxy backend described in
-.BR slapd-ldap (5),
+.BR slapd\-ldap (5),
or locally, in conjunction with the relay backend described in
-.BR slapd-relay (5).
+.BR slapd\-relay (5).
.LP
This overlay is experimental.
.SH MAPPING
@@ -30,10 +30,10 @@ An important feature of the
overlay is the capability to map objectClasses and attributeTypes
from the local set (or a subset of it) to a foreign set, and vice versa.
This is accomplished by means of the
-.B rwm-map
+.B rwm\-map
directive.
.TP
-.B rwm-map "{attribute | objectclass} [<local name> | *] {<foreign name> | *}"
+.B rwm\-map "{attribute | objectclass} [<local name> | *] {<foreign name> | *}"
Map attributeTypes and objectClasses from the foreign server to
different values on the local slapd.
The reason is that some attributes might not be part of the local
@@ -51,8 +51,8 @@ and
must be defined in the local schema; the foreign ones do not have to,
but users are encouraged to explicitly define the remote attributeTypes
and the objectClasses they intend to map. All in all, when remapping
-a remote server via back-ldap (\fBslapd-ldap\fP(5))
-or back-meta (\fBslapd-meta\fP(5))
+a remote server via back-ldap (\fBslapd\-ldap\fP(5))
+or back-meta (\fBslapd\-meta\fP(5))
their definition can be easily obtained by querying the \fIsubschemaSubentry\fP
of the remote server; the problem should not exist when remapping a local
database.
@@ -80,10 +80,10 @@ when the
overlay is used together with e.g. the
.B pcache
overlay. This normalization can be enabled by means of the
-.B rwm-normalize-mapped-attrs
+.B rwm\-normalize\-mapped\-attrs
directive.
.TP
-.B rwm-normalize-mapped-attrs {yes|no}
+.B rwm\-normalize\-mapped\-attrs {yes|no}
Set this to "yes", if the
.B rwm
overlay should try to normalize the values of attributes that are mapped from
@@ -107,14 +107,14 @@ A basic feature of the
.B rwm
overlay is the capability to perform suffix massaging between a virtual
and a real naming context by means of the
-.B rwm-suffixmassage
+.B rwm\-suffixmassage
directive.
This, in conjunction with proxy backends,
-.BR slapd-ldap (5)
+.BR slapd\-ldap (5)
and
-.BR slapd-meta (5),
+.BR slapd\-meta (5),
or with the relay backend,
-.BR slapd-relay (5),
+.BR slapd\-relay (5),
allows to create virtual views of databases.
A distinguishing feature of this overlay is that, when instantiated
before any database, it can modify the DN of requests
@@ -124,7 +124,7 @@ For this reason, rules that rewrite the empty DN ("")
or the subschemaSubentry DN (usually "cn=subschema"),
would prevent clients from reading the root DSE or the DSA's schema.
.TP
-.B rwm-suffixmassage "[<virtual naming context>]" "<real naming context>"
+.B rwm\-suffixmassage "[<virtual naming context>]" "<real naming context>"
Shortcut to implement naming context rewriting; the trailing part
of the DN is rewritten from the virtual to the real naming context
in the bindDN, searchDN, searchFilterAttrDN, compareDN, compareAttrDN,
@@ -135,14 +135,14 @@ By default no rewriting occurs for the searchFilter
and for the referralAttrDN and referralDN rewrite contexts.
If no \fI<virtual naming context>\fP is given, the first suffix of the
database is used; this requires the
-.B rwm-suffixmassage
+.B rwm\-suffixmassage
directive be defined \fIafter\fP the database
.B suffix
directive.
The
-.B rwm-suffixmassage
+.B rwm\-suffixmassage
directive automatically sets the
-.B rwm-rewriteEngine
+.B rwm\-rewriteEngine
to
.BR ON .
.LP
@@ -183,7 +183,7 @@ Each rule is executed recursively, unless altered by specific action
flags; see "Action Flags" for details.
A default limit on the recursion level is set, and can be altered
by the
-.B rwm-rewriteMaxPasses
+.B rwm\-rewriteMaxPasses
directive, as detailed in the "Additional Configuration Syntax" section.
The substitution pattern allows map resolution of substrings.
A map is a generic object that maps a substitution pattern to a value.
@@ -350,7 +350,7 @@ Each basic server operation is associated to a rewrite context;
they are divided in two main groups: client \-> server and
server \-> client rewriting.
.LP
-client -> server:
+client \-> server:
.LP
.RS
.nf
@@ -376,7 +376,7 @@ exopPasswdDN password modify extended operation DN
.fi
.RE
.LP
-server -> client:
+server \-> client:
.LP
.RS
.nf
@@ -394,20 +394,20 @@ referralDN all ops (only if applicable; defaults
.LP
.SH "Basic Configuration Syntax"
All rewrite/remap directives start with the prefix
-.BR rwm- ;
+.BR rwm\- ;
for backwards compatibility with the historical
-.BR slapd-ldap (5)
+.BR slapd\-ldap (5)
and
-.BR slapd-meta (5)
+.BR slapd\-meta (5)
builtin rewrite/remap capabilities, the prefix may be omitted,
but this practice is strongly discouraged.
.TP
-.B rwm-rewriteEngine { on | off }
+.B rwm\-rewriteEngine { on | off }
If `on', the requested rewriting is performed; if `off', no
rewriting takes place (an easy way to stop rewriting without
altering too much the configuration file).
.TP
-.B rwm-rewriteContext <context name> "[ alias <aliased context name> ]"
+.B rwm\-rewriteContext <context name> "[ alias <aliased context name> ]"
<Context name> is the name that identifies the context, i.e. the name
used by the application to refer to the set of rules it contains.
It is used also to reference sub contexts in string rewriting.
@@ -415,21 +415,21 @@ A context may alias another one.
In this case the alias context contains no rule, and any reference to
it will result in accessing the aliased one.
.TP
-.B rwm-rewriteRule "<regex match pattern>" "<substitution pattern>" "[ <flags> ]"
+.B rwm\-rewriteRule "<regex match pattern>" "<substitution pattern>" "[ <flags> ]"
Determines how a string can be rewritten if a pattern is matched.
Examples are reported below.
.SH "Additional Configuration Syntax"
.TP
-.B rwm-rewriteMap "<map type>" "<map name>" "[ <map attrs> ]"
+.B rwm\-rewriteMap "<map type>" "<map name>" "[ <map attrs> ]"
Allows to define a map that transforms substring rewriting into
something else.
The map is referenced inside the substitution pattern of a rule.
.TP
-.B rwm-rewriteParam <param name> <param value>
+.B rwm\-rewriteParam <param name> <param value>
Sets a value with global scope, that can be dereferenced by the
command `${$paramName}'.
.TP
-.B rwm-rewriteMaxPasses <number of passes> [<number of passes per rule>]
+.B rwm\-rewriteMaxPasses <number of passes> [<number of passes per rule>]
Sets the maximum number of total rewriting passes that can be
performed in a single rewrite operation (to avoid loops).
A safe default is set to 100; note that reaching this limit is still
@@ -501,51 +501,51 @@ a multi-valued attribute is used, only the first value is considered.
.SH "REWRITE CONFIGURATION EXAMPLES"
.nf
# set to `off' to disable rewriting
-rwm-rewriteEngine on
+rwm\-rewriteEngine on
# the rules the "suffixmassage" directive implies
-rwm-rewriteEngine on
+rwm\-rewriteEngine on
# all dataflow from client to server referring to DNs
-rwm-rewriteContext default
-rwm-rewriteRule "(.+,)?<virtualnamingcontext>$" "$1<realnamingcontext>" ":"
+rwm\-rewriteContext default
+rwm\-rewriteRule "(.+,)?<virtualnamingcontext>$" "$1<realnamingcontext>" ":"
# empty filter rule
-rwm-rewriteContext searchFilter
+rwm\-rewriteContext searchFilter
# all dataflow from server to client
-rwm-rewriteContext searchEntryDN
-rwm-rewriteRule "(.+,)?<realnamingcontext>$" "$1<virtualnamingcontext>" ":"
-rwm-rewriteContext searchAttrDN alias searchEntryDN
-rwm-rewriteContext matchedDN alias searchEntryDN
+rwm\-rewriteContext searchEntryDN
+rwm\-rewriteRule "(.+,)?<realnamingcontext>$" "$1<virtualnamingcontext>" ":"
+rwm\-rewriteContext searchAttrDN alias searchEntryDN
+rwm\-rewriteContext matchedDN alias searchEntryDN
# misc empty rules
-rwm-rewriteContext referralAttrDN
-rwm-rewriteContext referralDN
+rwm\-rewriteContext referralAttrDN
+rwm\-rewriteContext referralDN
# Everything defined here goes into the `default' context.
# This rule changes the naming context of anything sent
# to `dc=home,dc=net' to `dc=OpenLDAP, dc=org'
-rwm-rewriteRule "(.+,)?dc=home,[ ]?dc=net$"
+rwm\-rewriteRule "(.+,)?dc=home,[ ]?dc=net$"
"$1dc=OpenLDAP, dc=org" ":"
# since a pretty/normalized DN does not include spaces
# after rdn separators, e.g. `,', this rule suffices:
-rwm-rewriteRule "(.+,)?dc=home,dc=net$"
+rwm\-rewriteRule "(.+,)?dc=home,dc=net$"
"$1dc=OpenLDAP,dc=org" ":"
# Start a new context (ends input of the previous one).
# This rule adds blanks between DN parts if not present.
-rwm-rewriteContext addBlanks
-rwm-rewriteRule "(.*),([^ ].*)" "$1, $2"
+rwm\-rewriteContext addBlanks
+rwm\-rewriteRule "(.*),([^ ].*)" "$1, $2"
# This one eats blanks
-rwm-rewriteContext eatBlanks
-rwm-rewriteRule "(.*), (.*)" "$1,$2"
+rwm\-rewriteContext eatBlanks
+rwm\-rewriteRule "(.*), (.*)" "$1,$2"
# Here control goes back to the default rewrite
# context; rules are appended to the existing ones.
# anything that gets here is piped into rule `addBlanks'
-rwm-rewriteContext default
-rwm-rewriteRule ".*" "${>addBlanks($0)}" ":"
+rwm\-rewriteContext default
+rwm\-rewriteRule ".*" "${>addBlanks($0)}" ":"
.\" # Anything with `uid=username' is looked up in
.\" # /etc/passwd for gecos (I know it's nearly useless,
@@ -554,29 +554,29 @@ rwm-rewriteRule ".*" "${>addBlanks($0)}" ":"
.\" # Note the `I' flag that leaves `uid=username' in place
.\" # if `username' does not have a valid account, and the
.\" # `:' that forces the rule to be processed exactly once.
-.\" rwm-rewriteContext uid2Gecos
-.\" rwm-rewriteRule "(.*)uid=([a-z0-9]+),(.+)"
+.\" rwm\-rewriteContext uid2Gecos
+.\" rwm\-rewriteRule "(.*)uid=([a\-z0\-9]+),(.+)"
.\" "$1cn=$2{xpasswd},$3" "I:"
.\"
.\" # Finally, in a bind, if one uses a `uid=username' DN,
.\" # it is rewritten in `cn=name surname' if possible.
-.\" rwm-rewriteContext bindDN
-.\" rwm-rewriteRule ".*" "${>addBlanks(${>uid2Gecos($0)})}" ":"
+.\" rwm\-rewriteContext bindDN
+.\" rwm\-rewriteRule ".*" "${>addBlanks(${>uid2Gecos($0)})}" ":"
.\"
# Rewrite the search base according to `default' rules.
-rwm-rewriteContext searchDN alias default
+rwm\-rewriteContext searchDN alias default
# Search results with OpenLDAP DN are rewritten back with
# `dc=home,dc=net' naming context, with spaces eaten.
-rwm-rewriteContext searchEntryDN
-rwm-rewriteRule "(.*[^ ],)?[ ]?dc=OpenLDAP,[ ]?dc=org$"
+rwm\-rewriteContext searchEntryDN
+rwm\-rewriteRule "(.*[^ ],)?[ ]?dc=OpenLDAP,[ ]?dc=org$"
"${>eatBlanks($1)}dc=home,dc=net" ":"
# Bind with email instead of full DN: we first need
# an ldap map that turns attributes into a DN (the
# argument used when invoking the map is appended to
# the URI and acts as the filter portion)
-rwm-rewriteMap ldap attr2dn "ldap://host/dc=my,dc=org?dn?sub"
+rwm\-rewriteMap ldap attr2dn "ldap://host/dc=my,dc=org?dn?sub"
# Then we need to detect DN made up of a single email,
# e.g. `mail=someone@example.com'; note that the rule
@@ -585,8 +585,8 @@ rwm-rewriteMap ldap attr2dn "ldap://host/dc=my,dc=org?dn?sub"
# to real naming contexts, we also need to rewrite
# regular DNs, because the definition of a bindDN
# rewrite context overrides the default definition.
-rwm-rewriteContext bindDN
-rwm-rewriteRule "^mail=[^,]+@[^,]+$" "${attr2dn($0)}" ":@I"
+rwm\-rewriteContext bindDN
+rwm\-rewriteRule "^mail=[^,]+@[^,]+$" "${attr2dn($0)}" ":@I"
# This is a rather sophisticated example. It massages a
# search filter in case who performs the search has
@@ -594,8 +594,8 @@ rwm-rewriteRule "^mail=[^,]+@[^,]+$" "${attr2dn($0)}" ":@I"
# track of the bind DN of the incoming request, which is
# stored in a variable called `binddn' with session scope,
# and left in place to allow regular binding:
-rwm-rewriteContext bindDN
-rwm-rewriteRule ".+" "${&&binddn($0)}$0" ":"
+rwm\-rewriteContext bindDN
+rwm\-rewriteRule ".+" "${&&binddn($0)}$0" ":"
# A search filter containing `uid=' is rewritten only
# if an appropriate DN is bound.
@@ -610,13 +610,13 @@ rwm-rewriteRule ".+" "${&&binddn($0)}$0" ":"
# module to authenticate users with both `uid' and
# `cn', but only if the request comes from a possible
# `cn=Web auth,ou=admin,dc=home,dc=net' user.
-rwm-rewriteContext searchFilter
-rwm-rewriteRule "(.*\e\e()uid=([a-z0-9_]+)(\e\e).*)"
+rwm\-rewriteContext searchFilter
+rwm\-rewriteRule "(.*\e\e()uid=([a\-z0\-9_]+)(\e\e).*)"
"${**binddn}<>${&prefix($1)}${&arg($2)}${&suffix($3)}"
":I"
-rwm-rewriteRule "^[^,]+,ou=admin,dc=home,dc=net$"
+rwm\-rewriteRule "^[^,]+,ou=admin,dc=home,dc=net$"
"${*prefix}|(uid=${*arg})(cn=${*arg})${*suffix}" ":@I"
-rwm-rewriteRule ".*<>$" "${*prefix}uid=${*arg}${*suffix}" ":"
+rwm\-rewriteRule ".*<>$" "${*prefix}uid=${*arg}${*suffix}" ":"
# This example shows how to strip unwanted DN-valued
# attribute values from a search result; the first rule
@@ -624,9 +624,9 @@ rwm-rewriteRule ".*<>$" "${*prefix}uid=${*arg}${*suffix}" ":"
# in case of match the rewriting exits successfully.
# The second rule matches everything else and causes
# the value to be rejected.
-rwm-rewriteContext searchEntryDN
-rwm-rewriteRule ".+,ou=People,dc=example,dc=com$" "$0" ":@"
-rwm-rewriteRule ".*" "" "#"
+rwm\-rewriteContext searchEntryDN
+rwm\-rewriteRule ".+,ou=People,dc=example,dc=com$" "$0" ":@"
+rwm\-rewriteRule ".*" "" "#"
.fi
.SH "MAPPING EXAMPLES"
The following directives map the object class `groupOfNames' to
diff --git a/doc/man/man5/slapo-syncprov.5 b/doc/man/man5/slapo-syncprov.5
index 28becd4a0f13cd0d8885a26ec4d8a27e52750125..f6a097c0017aaf2a0e83e1eda1636867c9fcd2a3 100644
--- a/doc/man/man5/slapo-syncprov.5
+++ b/doc/man/man5/slapo-syncprov.5
@@ -3,7 +3,7 @@
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.\" $OpenLDAP$
.SH NAME
-slapo-syncprov \- Sync Provider overlay to slapd
+slapo\-syncprov \- Sync Provider overlay to slapd
.SH SYNOPSIS
ETCDIR/slapd.conf
.SH DESCRIPTION
@@ -31,7 +31,7 @@ They should appear after the
.B overlay
directive.
.TP
-.B syncprov-checkpoint <ops> <minutes>
+.B syncprov\-checkpoint <ops> <minutes>
After a write operation has succeeded, write the contextCSN to the underlying
database if
.B <ops>
@@ -40,7 +40,7 @@ write operations or more than
time have passed
since the last checkpoint. Checkpointing is disabled by default.
.TP
-.B syncprov-sessionlog <ops>
+.B syncprov\-sessionlog <ops>
Configures an in-memory session log for recording information about write
operations made on the database. The
.B <ops>
@@ -49,13 +49,13 @@ operations (except Adds) are recorded in the log.
When using the session log, it is helpful to set an eq index on the
entryUUID attribute in the underlying database.
.TP
-.B syncprov-nopresent TRUE | FALSE
+.B syncprov\-nopresent TRUE | FALSE
Specify that the Present phase of refreshing should be skipped. This value
should only be set TRUE for a syncprov instance on top of a log database
(such as one managed by the accesslog overlay).
The default is FALSE.
.TP
-.B syncprov-reloadhint TRUE | FALSE
+.B syncprov\-reloadhint TRUE | FALSE
Specify that the overlay should honor the reloadHint flag in the Sync
Control. In OpenLDAP releases 2.3.11 and earlier the syncrepl consumer did
not properly set this flag, so the overlay must ignore it. This option
@@ -69,7 +69,7 @@ default slapd configuration file
.SH SEE ALSO
.BR slapd.conf (5),
.BR slapd\-config (5),
-.BR slapo-accesslog (5).
+.BR slapo\-accesslog (5).
OpenLDAP Administrator's Guide.
.SH ACKNOWLEDGEMENTS
.so ../Project
diff --git a/doc/man/man5/slapo-translucent.5 b/doc/man/man5/slapo-translucent.5
index 25e8090ce950d6baa6bfe335e2a262d066ff405b..9d96da0968f9df4290437bc62cb1f77478fa1adf 100644
--- a/doc/man/man5/slapo-translucent.5
+++ b/doc/man/man5/slapo-translucent.5
@@ -3,12 +3,12 @@
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.\" $OpenLDAP$
.SH NAME
-slapo-translucent \- Translucent Proxy overlay to slapd
+slapo\-translucent \- Translucent Proxy overlay to slapd
.SH SYNOPSIS
ETCDIR/slapd.conf
.SH DESCRIPTION
The Translucent Proxy overlay can be used with a backend database such as
-.BR slapd-bdb (5)
+.BR slapd\-bdb (5)
to create a "translucent proxy". Entries retrieved from a remote LDAP
server may have some or all attributes overridden, or new attributes
added, by entries in the local database before being presented to the
@@ -33,8 +33,8 @@ remote database.
.SH CONFIGURATION
The Translucent Proxy overlay uses a proxied database,
typically a (set of) remote LDAP server(s), which is configured with the options shown in
-.BR slapd-ldap (5),
-.BR slapd-meta (5)
+.BR slapd\-ldap (5),
+.BR slapd\-meta (5)
or similar.
These
.B slapd.conf
@@ -130,4 +130,4 @@ default slapd configuration file
.SH SEE ALSO
.BR slapd.conf (5),
.BR slapd\-config (5),
-.BR slapd-ldap (5).
+.BR slapd\-ldap (5).
diff --git a/doc/man/man5/slapo-unique.5 b/doc/man/man5/slapo-unique.5
index 2193029859017950eb400643ca22f0230a824c47..822c7a5ee92b8ff82321838b8611c47bcfda4875 100644
--- a/doc/man/man5/slapo-unique.5
+++ b/doc/man/man5/slapo-unique.5
@@ -3,12 +3,12 @@
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.\" $OpenLDAP$
.SH NAME
-slapo-unique \- Attribute Uniqueness overlay to slapd
+slapo\-unique \- Attribute Uniqueness overlay to slapd
.SH SYNOPSIS
ETCDIR/slapd.conf
.SH DESCRIPTION
The Attribute Uniqueness overlay can be used with a backend database such as
-.BR slapd-bdb (5)
+.BR slapd\-bdb (5)
to enforce the uniqueness of some or all attributes within a
scope. This subtree defaults to all objects within the subtree of the
database for which the Uniqueness overlay is configured.
@@ -41,11 +41,13 @@ directive.
.TP
.B unique_uri <[strict ][ignore ]URI[URI...]...>
Configure the base, attributes, scope, and filter for uniqueness
-checking. Multiple URIs may be specified within a domain, allowing complex selections of objects. Multiple
+checking. Multiple URIs may be specified within a domain,
+allowing complex selections of objects. Multiple
.B unique_uri
statements or
.B olcUniqueURI
-attributes will create independent domains, each with their own independent lists of URIs and ignore/strict settings.
+attributes will create independent domains, each with their own
+independent lists of URIs and ignore/strict settings.
The LDAP URI syntax is a subset of
.B RFC-4516,
@@ -55,7 +57,8 @@ ldap:///[base dn]?[attributes...]?scope[?filter]
The
.B base dn
-defaults to that of the back-end database. Specified base dns must be within the subtree of the back-end database.
+defaults to that of the back-end database.
+Specified base dns must be within the subtree of the back-end database.
If no
.B attributes
@@ -111,7 +114,9 @@ that only one attribute within a subtree will be allowed to have a
null value. Strictness applies to all URIs within a uniqueness
domain, but some domains may be strict while others are not.
.LP
-It is not possible to set both URIs and legacy slapo-unique configuration parameters simultaneously. In general, the legacy configuration options control pieces of a single unfiltered subtree domain.
+It is not possible to set both URIs and legacy slapo\-unique configuration
+parameters simultaneously. In general, the legacy configuration options
+control pieces of a single unfiltered subtree domain.
.TP
.B unique_base <basedn>
This legacy configuration parameter should be converted to the
diff --git a/doc/man/man5/slapo-valsort.5 b/doc/man/man5/slapo-valsort.5
index 43e5669398c35a069f679917c58817acc0739ada..1bda98138e9e73be89da5e49f5bc675eb4072c8d 100644
--- a/doc/man/man5/slapo-valsort.5
+++ b/doc/man/man5/slapo-valsort.5
@@ -3,7 +3,7 @@
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.\" $OpenLDAP$
.SH NAME
-slapo-valsort \- Value Sorting overlay to slapd
+slapo\-valsort \- Value Sorting overlay to slapd
.SH SYNOPSIS
ETCDIR/slapd.conf
.SH DESCRIPTION
@@ -29,7 +29,7 @@ They should appear after the
.B overlay
directive.
.TP
-valsort-attr <\fIattribute\fP> <\fIbaseDN\fP> (<\fIsort-method\fP> | weighted [<\fIsort-method\fP>])
+valsort\-attr <\fIattribute\fP> <\fIbaseDN\fP> (<\fIsort-method\fP> | weighted [<\fIsort-method\fP>])
Configure a sorting method for the specified
.I attribute
in the subtree rooted at
@@ -37,11 +37,11 @@ in the subtree rooted at
The
.I sort-method
may be one of
-.BR alpha-ascend ,
-.BR alpha-descend ,
-.BR numeric-ascend ,
+.BR alpha\-ascend ,
+.BR alpha\-descend ,
+.BR numeric\-ascend ,
or
-.BR numeric-descend .
+.BR numeric\-descend .
If the special
.B weighted
method is specified, a secondary
@@ -60,7 +60,7 @@ for an attribute with a syntax other than Integer or NumericString.
suffix dc=example,dc=com
...
overlay valsort
- valsort-attr member ou=groups,dc=example,dc=com alpha-ascend
+ valsort\-attr member ou=groups,dc=example,dc=com alpha\-ascend
.fi
.SH FILES
diff --git a/doc/man/man8/slapacl.8 b/doc/man/man8/slapacl.8
index d78a27f489437a77eb11f628147294e68eb35d67..a359d3fcb16f3dbca7a634c54a99e8021d6c0878 100644
--- a/doc/man/man8/slapacl.8
+++ b/doc/man/man8/slapacl.8
@@ -6,16 +6,27 @@
slapacl \- Check access to a list of attributes.
.SH SYNOPSIS
.B SBINDIR/slapacl
-.B \-b DN
-.B [\-d level]
-.B [\-D authcDN | \-U authcID]
-.B [\-f slapd.conf]
-.B [\-F confdir]
-.B [\-o name[=value]]
-.B [\-u]
-.B [\-v]
-.B [\-X authzID | \-o authzDN=DN]
-.B [attr[/access][:value]] [...]
+.BI \-b \ DN
+[\c
+.BI \-d \ debug-level\fR]
+[\c
+.BI \-D \ authcDN\ \fR|
+.BI \-U \ authcID\fR]
+[\c
+.BI \-f \ slapd.conf\fR]
+[\c
+.BI \-F \ confdir\fR]
+[\c
+.BI \-o \ option\fR[ = value\fR]]
+[\c
+.BR \-u ]
+[\c
+.BR \-v ]
+[\c
+.BI \-X \ authzID\ \fR|
+.BI "\-o \ authzDN=" DN\fR]
+[\c
+.IR attr [\fB/\fI access ][\fB:\fI value ]]\fR\ [...]
.LP
.SH DESCRIPTION
.LP
@@ -28,9 +39,9 @@ directives defined in its configuration.
It opens the
.BR slapd.conf (5)
configuration file or the
-.BR slapd-config (5)
+.BR slapd\-config (5)
backend, reads in the
-.B access/olcAccess
+.BR access / olcAccess
directives, and then parses the
.B attr
list given on the command-line; if none is given, access to the
@@ -39,39 +50,41 @@ pseudo-attribute is tested.
.LP
.SH OPTIONS
.TP
-.BI \-b " DN"
+.BI \-b \ DN
specify the
-.B DN
+.I DN
which access is requested to; the corresponding entry is fetched
from the database, and thus it must exist.
-The DN is also used to determine what rules apply; thus, it must be
+The
+.I DN
+is also used to determine what rules apply; thus, it must be
in the naming context of a configured database. See also
.BR \-u .
.TP
-.BI \-d " level"
+.BI \-d \ debug-level
enable debugging messages as defined by the specified
-.IR level ;
+.IR debug-level ;
see
.BR slapd (8)
for details.
.TP
-.BI \-D " authcDN"
+.BI \-D \ authcDN
specify a DN to be used as identity through the test session
when selecting appropriate
.B <by>
clauses in access lists.
.TP
-.BI \-f " slapd.conf"
+.BI \-f \ slapd.conf
specify an alternative
.BR slapd.conf (5)
file.
.TP
-.BI \-F " confdir"
+.BI \-F \ confdir
specify a config directory.
If both
-.B -f
+.B \-f
and
-.B -F
+.B \-F
are specified, the config file will be read and converted to
config directory format and written to the specified directory.
If neither option is specified, an attempt to read the
@@ -79,17 +92,17 @@ default config directory will be made before trying to use the default
config file. If a valid config directory exists then the
default config file is ignored.
.TP
-.BI \-o " option[=value]"
+.BI \-o \ option\fR[ = value\fR]
Specify an
-.BR option
+.I option
with a(n optional)
-.BR value .
+.IR value .
Possible generic options/values are:
.LP
.nf
syslog=<subsystems> (see `\-s' in slapd(8))
- syslog-level=<level> (see `\-S' in slapd(8))
- syslog-user=<user> (see `\-l' in slapd(8))
+ syslog\-level=<level> (see `\-S' in slapd(8))
+ syslog\-user=<user> (see `\-l' in slapd(8))
.fi
.RS
@@ -118,26 +131,29 @@ for details.
.TP
.BI \-u
do not fetch the entry from the database.
-In this case, if the entry does not exist, a fake entry with the DN
+In this case, if the entry does not exist, a fake entry with the
+.I DN
given with the
.B \-b
option is used, with no attributes.
As a consequence, those rules that depend on the contents
of the target object will not behave as with the real object.
-The DN given with the
+The
+.I DN
+given with the
.B \-b
option is still used to select what rules apply; thus, it must be
in the naming context of a configured database.
See also
.BR \-b .
.TP
-.BI \-U " authcID"
+.BI \-U \ authcID
specify an ID to be mapped to a
.B DN
as by means of
-.B authz-regexp
+.B authz\-regexp
or
-.B authz-rewrite
+.B authz\-rewrite
rules (see
.BR slapd.conf (5)
for details); mutually exclusive with
@@ -146,23 +162,23 @@ for details); mutually exclusive with
.B \-v
enable verbose mode.
.TP
-.BI \-X " authzID"
+.BI \-X \ authzID
specify an authorization ID to be mapped to a
.B DN
as by means of
-.B authz-regexp
+.B authz\-regexp
or
-.B authz-rewrite
+.B authz\-rewrite
rules (see
.BR slapd.conf (5)
-for details); mutually exclusive with \fB\-o\fP \fIauthzDN=DN\fP.
+for details); mutually exclusive with \fB\-o\fP \fBauthzDN=\fIDN\fR.
.SH EXAMPLES
The command
.LP
.nf
.ft tt
- SBINDIR/slapacl -f ETCDIR/slapd.conf -v \\
- -U bjorn -b "o=University of Michigan,c=US" \\
+ SBINDIR/slapacl \-f ETCDIR/slapd.conf \-v \\
+ \-U bjorn \-b "o=University of Michigan,c=US" \\
"o/read:University of Michigan"
.ft
@@ -178,8 +194,8 @@ at
level.
.SH "SEE ALSO"
.BR ldap (3),
-.BR slapd (8)
-.BR slaptest (8)
+.BR slapd (8),
+.BR slaptest (8),
.BR slapauth (8)
.LP
"OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)
diff --git a/doc/man/man8/slapadd.8 b/doc/man/man8/slapadd.8
index 8f1c47fdbb51a81529c2a6006f417cc95ef5e76b..f92cdf9d97ccd3a9732e73341ec664d2f80b6c30 100644
--- a/doc/man/man8/slapadd.8
+++ b/doc/man/man8/slapadd.8
@@ -6,22 +6,38 @@
slapadd \- Add entries to a SLAPD database
.SH SYNOPSIS
.B SBINDIR/slapadd
-.B [\-b suffix]
-.B [\-c]
-.B [\-d level]
-.B [\-f slapd.conf]
-.B [\-F confdir]
-.B [\-g]
-.B [\-j lineno]
-.B [\-l ldif-file]
-.B [\-n dbnum]
-.B [\-o name[=value]]
-.B [\-q]
-.B [\-s]
-.B [\-S SID]
-.B [\-u]
-.B [\-v]
-.B [\-w]
+[\c
+.BI \-b \ suffix\fR]
+[\c
+.BR \-c ]
+[\c
+.BI \-d \ debug-level\fR]
+[\c
+.BI \-f \ slapd.conf\fR]
+[\c
+.BI \-F \ confdir\fR]
+[\c
+.BR \-g ]
+[\c
+.BI \-j \ lineno\fR]
+[\c
+.BI \-l \ ldif-file\fR]
+[\c
+.BI \-n \ dbnum\fR]
+[\c
+.BI \-o \ option\fR[ = value\fR]]
+[\c
+.BR \-q ]
+[\c
+.BR \-s ]
+[\c
+.BI \-S \ SID\fR]
+[\c
+.BR \-u ]
+[\c
+.BR \-v ]
+[\c
+.BR \-w ]
.SH DESCRIPTION
.LP
.B Slapadd
@@ -34,7 +50,7 @@ suffix and adds entries corresponding to the provided LDIF to
the database.
Databases configured as
.B subordinate
-of this one are also updated, unless \fB-g\fP is specified.
+of this one are also updated, unless \fB\-g\fP is specified.
The LDIF input is read from standard input or the specified file.
All files eventually created by
@@ -53,9 +69,9 @@ or change file ownership before running
.BR slapd (8).
.SH OPTIONS
.TP
-.BI \-b " suffix"
+.BI \-b \ suffix
Use the specified \fIsuffix\fR to determine which database to
-add entries to. The \-b cannot be used in conjunction
+add entries to. The \fB\-b\fP cannot be used in conjunction
with the
.B \-n
option.
@@ -63,69 +79,69 @@ option.
.B \-c
enable continue (ignore errors) mode.
.TP
-.BI \-d " level"
+.BI \-d \ debug-level
enable debugging messages as defined by the specified
-.IR level ;
+.IR debug-level ;
see
.BR slapd (8)
for details.
.TP
-.BI \-f " slapd.conf"
+.BI \-f \ slapd.conf
specify an alternative
.BR slapd.conf (5)
file.
.TP
-.BI \-F " confdir"
+.BI \-F \ confdir
specify a config directory.
If both
-.B -f
+.B \-f
and
-.B -F
+.B \-F
are specified, the config file will be read and converted to
config directory format and written to the specified directory.
If neither option is specified, an attempt to read the
default config directory will be made before trying to use the default
config file. If a valid config directory exists then the
-default config file is ignored. If dryrun mode is also specified,
+default config file is ignored. If dry-run mode is also specified,
no conversion will occur.
.TP
.B \-g
disable subordinate gluing. Only the specified database will be
processed, and not its glued subordinates (if any).
.TP
-.BI \-j " lineno"
+.BI \-j \ lineno
Jump to the specified line number in the LDIF file before processing
any entries. This allows a load that was aborted due to errors in the
input LDIF to be resumed after the errors are corrected.
.TP
-.BI \-l " ldif-file"
+.BI \-l \ ldif-file
Read LDIF from the specified file instead of standard input.
.TP
-.BI \-n " dbnum"
-Add entries to the \fIdbnum\fR\-th database listed in the
+.BI \-n \ dbnum
+Add entries to the \fIdbnum\fR-th database listed in the
configuration file. The
.B \-n
cannot be used in conjunction with the
.B \-b
option.
To populate the config database
-.BR slapd-config (5),
+.BR slapd\-config (5),
use
.B \-n 0
as it is always the first database. It must physically exist
on the filesystem prior to this, however.
.TP
-.BI \-o " option[=value]"
+.BI \-o \ option\fR[ = value\fR]
Specify an
-.BR option
+.I option
with a(n optional)
-.BR value .
+.IR value .
Possible generic options/values are:
.LP
.nf
syslog=<subsystems> (see `\-s' in slapd(8))
- syslog-level=<level> (see `\-S' in slapd(8))
- syslog-user=<user> (see `\-l' in slapd(8))
+ syslog\-level=<level> (see `\-S' in slapd(8))
+ syslog\-user=<user> (see `\-l' in slapd(8))
.fi
.TP
@@ -135,15 +151,15 @@ on the input data, and no consistency checks when writing the database.
Improves the load time but if any errors or interruptions occur the resulting
database will be unusable.
.TP
-.B -s
+.B \-s
disable schema checking. This option is intended to be used when loading
databases containing special objects, such as fractional objects on a
partial replica. Loading normal objects which do not conform to
schema may result in unexpected and ill behavior.
.TP
-.B \-S " SID"
+.BI \-S \ SID
Server ID to use in generated entryCSN. Also used for contextCSN
-if `\-w' is set as well. Defaults to 0.
+if \fB\-w\fP is set as well. Defaults to \fB0\fP.
.TP
.B \-u
enable dry-run (don't write to backend) mode.
@@ -175,7 +191,7 @@ database give the command:
.LP
.nf
.ft tt
- SBINDIR/slapadd -l ldif
+ SBINDIR/slapadd \-l ldif
.ft
.fi
.SH "SEE ALSO"
diff --git a/doc/man/man8/slapauth.8 b/doc/man/man8/slapauth.8
index 6b164b161e686f98d9147effca66d1c3c64402b1..d4f10c2f4f4e8bd7e12c51924aa9b3f5dd4743d1 100644
--- a/doc/man/man8/slapauth.8
+++ b/doc/man/man8/slapauth.8
@@ -6,16 +6,25 @@
slapauth \- Check a list of string-represented IDs for LDAP authc/authz
.SH SYNOPSIS
.B SBINDIR/slapauth
-.B [\-d level]
-.B [\-f slapd.conf]
-.B [\-F confdir]
-.B [\-M mech]
-.B [\-o name[=value]]
-.B [\-R realm]
-.B [\-U authcID]
-.B [\-v]
-.B [\-X authzID]
-.B ID [...]
+[\c
+.BI \-d \ debug-level\fR]
+[\c
+.BI \-f \ slapd.conf\fR]
+[\c
+.BI \-F \ confdir\fR]
+[\c
+.BI \-M \ mech\fR]
+[\c
+.BI \-o \ option\fR[ = value\fR]]
+[\c
+.BI \-R \ realm\fR]
+[\c
+.BI \-U \ authcID\fR]
+[\c
+.BR \-v ]
+[\c
+.BI \-X \ authzID\fR]
+.IR ID \ [ ... ]
.LP
.SH DESCRIPTION
.LP
@@ -26,35 +35,35 @@ for authentication and authorization purposes, as specified in
It opens the
.BR slapd.conf (5)
configuration file or the
-.BR slapd-config (5)
+.BR slapd\-config (5)
backend, reads in the
-.B authz-policy/olcAuthzPolicy
+.BR authz\-policy / olcAuthzPolicy
and
-.B authz-regexp/olcAuthzRegexp
+.BR authz\-regexp / olcAuthzRegexp
directives, and then parses the
-.B ID
+.I ID
list given on the command-line.
.LP
.SH OPTIONS
.TP
-.BI \-d " level"
+.BI \-d \ debug-level
enable debugging messages as defined by the specified
-.IR level ;
+.IR debug-level ;
see
.BR slapd (8)
for details.
.TP
-.BI \-f " slapd.conf"
+.BI \-f \ slapd.conf
specify an alternative
.BR slapd.conf (5)
file.
.TP
-.BI \-F " confdir"
+.BI \-F \ confdir
specify a config directory.
If both
-.B -f
+.B \-f
and
-.B -F
+.B \-F
are specified, the config file will be read and converted to
config directory format and written to the specified directory.
If neither option is specified, an attempt to read the
@@ -62,43 +71,43 @@ default config directory will be made before trying to use the default
config file. If a valid config directory exists then the
default config file is ignored.
.TP
-.BI \-M " mech"
+.BI \-M \ mech
specify a mechanism.
.TP
-.BI \-o " option[=value]"
+.BI \-o \ option\fR[ = value\fR]
Specify an
-.BR option
+.I option
with a(n optional)
-.BR value .
+.IR value .
Possible generic options/values are:
.LP
.nf
syslog=<subsystems> (see `\-s' in slapd(8))
- syslog-level=<level> (see `\-S' in slapd(8))
- syslog-user=<user> (see `\-l' in slapd(8))
+ syslog\-level=<level> (see `\-S' in slapd(8))
+ syslog\-user=<user> (see `\-l' in slapd(8))
.fi
.TP
-.BI \-R " realm"
+.BI \-R \ realm
specify a realm.
.TP
-.BI \-U " authcID"
+.BI \-U \ authcID
specify an ID to be used as
.I authcID
throughout the test session.
If present, and if no
-.B authzID
+.I authzID
is given, the IDs in the ID list are treated as
-.BR authzID .
+.IR authzID .
.TP
-.BI \-X " authzID"
+.BI \-X \ authzID
specify an ID to be used as
.I authzID
throughout the test session.
If present, and if no
-.B authcID
+.I authcID
is given, the IDs in the ID list are treated as
-.BR authcID .
+.IR authcID .
If both
.I authcID
and
@@ -112,8 +121,8 @@ The command
.LP
.nf
.ft tt
- SBINDIR/slapauth -f /ETCDIR/slapd.conf -v \\
- -U bjorn -X u:bjensen
+ SBINDIR/slapauth \-f /ETCDIR/slapd.conf \-v \\
+ \-U bjorn \-X u:bjensen
.ft
.fi
@@ -125,8 +134,8 @@ provided the directives
.LP
.nf
.ft tt
- authz-policy from
- authz-regexp "^uid=([^,]+).*,cn=auth$"
+ authz\-policy from
+ authz\-regexp "^uid=([^,]+).*,cn=auth$"
"ldap:///dc=example,dc=net??sub?uid=$1"
.ft
@@ -135,7 +144,7 @@ are defined in
.BR slapd.conf (5).
.SH "SEE ALSO"
.BR ldap (3),
-.BR slapd (8)
+.BR slapd (8),
.BR slaptest (8)
.LP
"OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)
diff --git a/doc/man/man8/slapcat.8 b/doc/man/man8/slapcat.8
index 11bd8bdef78919d5220a52818114fbe90653f378..14cf3b48d4ad2c5f17a294ad52862ce4dc40d07b 100644
--- a/doc/man/man8/slapcat.8
+++ b/doc/man/man8/slapcat.8
@@ -6,19 +6,30 @@
slapcat \- SLAPD database to LDIF utility
.SH SYNOPSIS
.B SBINDIR/slapcat
-.B [\-a filter]
-.B [\-b suffix]
-.B [\-c]
-.B [\-d level]
-.B [\-f slapd.conf]
-.B [\-F confdir]
-.B [\-g]
-.B [\-l ldif-file]
-.B [\-n dbnum]
-.B [\-o name[=value]]
-.B [\-s subtree-dn]
-.B [\-v]
-.B
+[\c
+.BI \-a filter\fR]
+[\c
+.BI \-b suffix\fR]
+[\c
+.BR \-c ]
+[\c
+.BI \-d debug-level\fR]
+[\c
+.BI \-f slapd.conf\fR]
+[\c
+.BI \-F confdir\fR]
+[\c
+.BR \-g ]
+[\c
+.BI \-l ldif-file\fR]
+[\c
+.BI \-n dbnum\fR]
+[\c
+.BI \-o option\fR[ = value\fR]]
+[\c
+.BI \-s subtree-dn\fR]
+[\c
+.BR \-v ]
.LP
.SH DESCRIPTION
.LP
@@ -32,7 +43,7 @@ suffix and writes the corresponding LDIF to standard output or
the specified file.
Databases configured as
.B subordinate
-of this one are also output, unless \fB-g\fP is specified.
+of this one are also output, unless \fB\-g\fP is specified.
.LP
The entry records are presented in database order, not superior first
order. The entry records will include all (user and operational)
@@ -49,19 +60,19 @@ into superior first order and removing no-user-modification
operational attributes.
.SH OPTIONS
.TP
-.BI \-a " filter"
+.BI \-a \ filter
Only dump entries matching the asserted filter.
For example
-slapcat -a \\
+slapcat \-a \\
"(!(entryDN:dnSubtreeMatch:=ou=People,dc=example,dc=com))"
will dump all but the "ou=People,dc=example,dc=com" subtree
of the "dc=example,dc=com" database.
.TP
-.BI \-b " suffix"
+.BI \-b \ suffix
Use the specified \fIsuffix\fR to determine which database to
-generate output for. The \-b cannot be used in conjunction
+generate output for. The \fB\-b\fP cannot be used in conjunction
with the
.B \-n
option.
@@ -69,24 +80,24 @@ option.
.B \-c
Enable continue (ignore errors) mode.
.TP
-.BI \-d " level"
+.BI \-d \ debug-level
Enable debugging messages as defined by the specified
-.IR level ;
+.IR debug-level ;
see
.BR slapd (8)
for details.
.TP
-.BI \-f " slapd.conf"
+.BI \-f \ slapd.conf
Specify an alternative
.BR slapd.conf (5)
file.
.TP
-.BI \-F " confdir"
+.BI \-F \ confdir
specify a config directory.
If both
-.B -f
+.B \-f
and
-.B -F
+.B \-F
are specified, the config file will be read and converted to
config directory format and written to the specified directory.
If neither option is specified, an attempt to read the
@@ -98,13 +109,13 @@ default config file is ignored.
disable subordinate gluing. Only the specified database will be
processed, and not its glued subordinates (if any).
.TP
-.BI \-l " ldif-file"
+.BI \-l \ ldif-file
Write LDIF to specified file instead of standard output.
.TP
-.BI \-n " dbnum"
-Generate output for the \fIdbnum\fR\-th database listed in the
+.BI \-n \ dbnum
+Generate output for the \fIdbnum\fR-th database listed in the
configuration file. The config database
-.BR slapd-config (5),
+.BR slapd\-config (5),
is always the first database, so use
.B \-n 0
@@ -114,23 +125,23 @@ cannot be used in conjunction with the
.B \-b
option.
.TP
-.BI \-o " option[=value]"
+.BI \-o \ option\fR[ = value\fR]
Specify an
-.BR option
+.I option
with a(n optional)
-.BR value .
+.IR value .
Possible generic options/values are:
.LP
.nf
syslog=<subsystems> (see `\-s' in slapd(8))
- syslog-level=<level> (see `\-S' in slapd(8))
- syslog-user=<user> (see `\-l' in slapd(8))
+ syslog\-level=<level> (see `\-S' in slapd(8))
+ syslog\-user=<user> (see `\-l' in slapd(8))
.fi
.TP
-.BI \-s " subtree-dn"
+.BI \-s \ subtree-dn
Only dump entries in the subtree specified by this DN.
-Implies `-b subtree-dn' if no
+Implies \fB\-b\fP \fIsubtree-dn\fP if no
.B \-b
or
.B \-n
@@ -146,10 +157,10 @@ mode) when you do this to ensure consistency of the database. It is
always safe to run
.B slapcat
with the
-.BR slapd-bdb (5),
-.BR slapd-hdb (5),
+.BR slapd\-bdb (5),
+.BR slapd\-hdb (5),
and
-.BR slapd-null (5)
+.BR slapd\-null (5)
backends.
.SH EXAMPLES
To make a text backup of your SLAPD database and put it in a file called
@@ -158,7 +169,7 @@ give the command:
.LP
.nf
.ft tt
- SBINDIR/slapcat -l ldif
+ SBINDIR/slapcat \-l ldif
.ft
.fi
.SH "SEE ALSO"
diff --git a/doc/man/man8/slapd.8 b/doc/man/man8/slapd.8
index 1e2c555a0ca458a1631ce14ad548e15a21df0c7f..e51b45a6a6c5b67bcdfa549d465234a85eb6f0dd 100644
--- a/doc/man/man8/slapd.8
+++ b/doc/man/man8/slapd.8
@@ -6,22 +6,40 @@
slapd \- Stand-alone LDAP Daemon
.SH SYNOPSIS
.B LIBEXECDIR/slapd
-.B [\-[4|6]]
-.B [\-T {acl|add|auth|cat|dn|index|passwd|test}]
-.B [\-d debug\-level]
-.B [\-f slapd\-config\-file]
-.B [\-F slapd\-config\-directory]
-.B [\-h URLs]
-.B [\-n service\-name] [\-s syslog\-level] [\-l syslog\-local\-user]
-.B [\-o option[=value]]
-.B [\-r directory]
-.B [\-u user] [\-g group]
-.B [\-c cookie]
+[\c
+.BR \-4 | \-6 ]
+[\c
+.BR \-T \ { acl \||\| a [ dd ]\||\| auth \||\| c [ at ]\||\|
+.BR d [ n ]\||\| i [ ndex ]\||\| p [ asswd ]\||\| s [ chema ]\||\| t [ est ]}]
+[\c
+.BI \-d \ debug-level\fR]
+[\c
+.BI \-f \ slapd-config-file\fR]
+[\c
+.BI \-F \ slapd-config-directory\fR]
+[\c
+.BI \-h \ URLs\fR]
+[\c
+.BI \-n \ service-name\fR]
+[\c
+.BI \-s \ syslog-level\fR]
+[\c
+.BI \-l \ syslog-local-user\fR]
+[\c
+.BI \-o \ option\fR[ = value\fR]]
+[\c
+.BI \-r \ directory\fR]
+[\c
+.BI \-u \ user\fR]
+[\c
+.BI \-g \ group\fR]
+[\c
+.BI \-c \ cookie\fR]
.SH DESCRIPTION
.LP
.B Slapd
is the stand-alone LDAP daemon. It listens for LDAP connections on
-any number of ports (default 389), responding
+any number of ports (default \fB389\fP), responding
to the LDAP operations it receives over these connections.
.B slapd
is typically invoked at boot time, usually out of
@@ -56,56 +74,66 @@ Listen on IPv4 addresses only.
.B \-6
Listen on IPv6 addresses only.
.TP
-.B \-T {a|c|d|i|p|t|acl|auth}
-Run in Tool mode. The additional argument selects whether to run as
-slapadd, slapcat, slapdn, slapindex, slappasswd, or slaptest
-(slapacl and slapauth need the entire "\fIacl\fP" and "\fIauth\fP"
-option value to be spelled out, as "\fIa\fP" is reserved to
-.BR slapadd ).
+.BI \-T \ tool
+Run in Tool mode. The \fItool\fP argument selects whether to run as
+.IR slapadd ,
+.IR slapcat ,
+.IR slapdn ,
+.IR slapindex ,
+.IR slappasswd ,
+.IR slapschema ,
+or
+.I slaptest
+(\fIslapacl\fP and \fIslapauth\fP need the entire \fBacl\fP and \fBauth\fP
+option value to be spelled out, as \fBa\fP is reserved to
+.IR slapadd ).
This option should be the first option specified when it is used;
any remaining options will be interpreted by the corresponding
slap tool program, according to the respective man pages.
-Note that these tool programs will usually be symbolic links to slapd.
+Note that these tool programs will usually be symbolic links to
+.BR slapd .
This option is provided for situations where symbolic links
are not provided or not usable.
.TP
-.BI \-d " debug\-level"
+.BI \-d \ debug-level
Turn on debugging as defined by
-.IR debug\-level .
+.IR debug-level .
If this option is specified, even with a zero argument,
.B slapd
will not fork or disassociate from the invoking terminal. Some general
-operation and status messages are printed for any value of \fIdebug\-level\fP.
-\fIdebug\-level\fP is taken as a bit string, with each bit corresponding to a
+operation and status messages are printed for any value of \fIdebug-level\fP.
+\fIdebug-level\fP is taken as a bit string, with each bit corresponding to a
different kind of debugging information. See <ldap_log.h> for details.
Comma-separated arrays of friendly names can be specified to select
debugging output of the corresponding debugging information.
All the names recognized by the \fIloglevel\fP directive
described in \fBslapd.conf\fP(5) are supported.
-If \fIdebug\-level\fP is \fB?\fP, a list of installed levels is printed,
+If \fIdebug-level\fP is \fB?\fP, a list of installed debug-levels is printed,
and slapd exits.
Remember that if you turn on packet logging, packets containing bind passwords
will be output, so if you redirect the log to a logfile, that file should
be read-protected.
.TP
-.BI \-s " syslog\-level"
+.BI \-s \ syslog-level
This option tells
.B slapd
-at what level debugging statements should be logged to the
+at what debug-level debugging statements should be logged to the
.BR syslog (8)
facility.
-The value "syslog\-level" can be set to any value or combination
-allowed by the "-d" switch.
-Slapd logs all messages selected by "syslog\-level"
-at the syslog(3) severity level "DEBUG",
-on the unit specified with "-l".
+The value \fIsyslog-level\fP can be set to any value or combination
+allowed by the \fB\-d\fP switch.
+Slapd logs all messages selected by \fIsyslog-leveli\fP
+at the
+.BR syslog (3)
+severity debug-level \fBDEBUG\fP,
+on the unit specified with \fB\-l\fP.
.TP
-.BI \-n " service\-name"
+.BI \-n \ service-name
Specifies the service name for logging and other purposes. Defaults
to basename of argv[0], i.e.: "slapd".
.TP
-.BI \-l " syslog\-local\-user"
+.BI \-l \ syslog-local-user
Selects the local user of the
.BR syslog (8)
facility. Value can be
@@ -122,19 +150,19 @@ However, this option is only permitted on systems that support
local users with the
.BR syslog (8)
facility.
-Logging to syslog(8) occurs at the "DEBUG" severity level.
+Logging to syslog(8) occurs at the "DEBUG" severity debug-level.
.TP
-.BI \-f " slapd\-config\-file"
+.BI \-f \ slapd-config-file
Specifies the slapd configuration file. The default is
.BR ETCDIR/slapd.conf .
.TP
-.BI \-F " slapd\-config\-directory"
+.BI \-F \ slapd-config-directory
Specifies the slapd configuration directory. The default is
.BR ETCDIR/slapd.d .
If both
-.B -f
+.B \-f
and
-.B -F
+.B \-F
are specified, the config file will be read and converted to
config directory format and written to the specified directory.
If neither option is specified, slapd will attempt to read the
@@ -143,12 +171,12 @@ config file. If a valid config directory exists then the
default config file is ignored. All of the slap tools that
use the config options observe this same behavior.
.TP
-.BI \-h " URLlist"
+.BI \-h \ URLlist
.B slapd
will by default serve
.B ldap:///
(LDAP over TCP on all interfaces on default LDAP port). That is,
-it will bind using INADDR_ANY and port 389.
+it will bind using INADDR_ANY and port \fB389\fP.
The
.B \-h
option may be used to specify LDAP (and other scheme) URLs to serve.
@@ -162,26 +190,26 @@ the LDAP, LDAPS, or LDAPI schemes, and generally
without a DN or other optional parameters (excepting as discussed below).
Support for the latter two schemes depends on selected configuration
options. Hosts may be specified by name or IPv4 and IPv6 address formats.
-Ports, if specified, must be numeric. The default ldap:// port is 389
-and the default ldaps:// port is 636.
+Ports, if specified, must be numeric. The default ldap:// port is \fB389\fP
+and the default ldaps:// port is \fB636\fP.
The listener permissions are indicated by
-"x-mod=-rwxrwxrwx", "x-mod=0777" or "x-mod=777", where any
-of the "rwx" can be "-" to suppress the related permission, while any
+"x\-mod=\-rwxrwxrwx", "x\-mod=0777" or "x\-mod=777", where any
+of the "rwx" can be "\-" to suppress the related permission, while any
of the "7" can be any legal octal digit, according to chmod(1).
-The listeners can take advantage of the "x-mod"
+The listeners can take advantage of the "x\-mod"
extension to apply rough limitations to operations, e.g. allow read operations
("r", which applies to search and compare), write operations ("w",
which applies to add, delete, modify and modrdn), and execute operations
("x", which means bind is required).
"User" permissions apply to authenticated users, while "other" apply
to anonymous users; "group" permissions are ignored.
-For example, "ldap:///????x-mod=-rw-------" means that read and write is only allowed
+For example, "ldap:///????x\-mod=\-rw\-\-\-\-\-\-\-" means that read and write is only allowed
for authenticated connections, and bind is required for all operations.
This feature is experimental, and requires to be manually enabled
at configure time.
.TP
-.BI \-r " directory"
+.BI \-r \ directory
Specifies a directory to become the root directory. slapd will
change the current working directory to this directory and
then
@@ -189,31 +217,31 @@ then
to this directory. This is done after opening listeners but before
reading any configuration file or initializing any backend. When
used as a security mechanism, it should be used in conjunction with
-.B -u
+.B \-u
and
-.B -g
+.B \-g
options.
.TP
-.BI \-u " user"
+.BI \-u \ user
.B slapd
will run slapd with the specified user name or id, and that user's
supplementary group access list as set with initgroups(3). The group ID
-is also changed to this user's gid, unless the -g option is used to
+is also changed to this user's gid, unless the \fB\-g\fP option is used to
override. Note when used with
-.BR -r ,
+.BR \-r ,
slapd will use the user database in the change root environment.
Note that on some systems, running as a non-privileged user will prevent
passwd back-ends from accessing the encrypted passwords. Note also that
any shell back-ends will run as the specified non-privileged user.
.TP
-.BI \-g " group"
+.BI \-g \ group
.B slapd
will run with the specified group name or id. Note when used with
-.BR -r ,
+.BR \-r ,
slapd will use the group database in the change root environment.
.TP
-.BI \-c " cookie"
+.BI \-c \ cookie
This option provides a cookie for the syncrepl replication consumer.
The cookie is a comma separated list of \fIname=value\fP pairs.
Currently supported syncrepl cookie fields are
@@ -226,7 +254,7 @@ identifies a replication thread within the consumer server
and is used to find the syncrepl specification in
.BR slapd.conf (5)
or
-.BR slapd-config (5)
+.BR slapd\-config (5)
having the matching replication identifier in its definition. The
.B rid
must be provided in order for any other specified values to be used.
@@ -244,23 +272,21 @@ Use only the
.B rid
part to force a full reload.
.TP
-.BI \-o " option[=value]"
+.BI \-o \ option\fR[ = value\fR]
This option provides a generic means to specify options without the need to reserve
a separate letter for them.
It supports the following options:
.RS
.TP
-slp={\fBon\fP|\fBoff\fP|\fIslp\-attrs\fP}
-When SLP support is compiled into slapd, disable it (
-.B off
-), enable it by registering at SLP DAs without specific SLP attributes (
-.B on
-), or with specific SLP attributes
-.I slp\-attrs
+.BR slp= { on \||\| off \||\| \fIslp-attrs\fP }
+When SLP support is compiled into slapd, disable it (\fBoff\fP),
+ enable it by registering at SLP DAs without specific SLP attributes (\fBon\fP),
+or with specific SLP attributes
+.I slp-attrs
that must be an SLP attribute list definition according to the SLP standard.
-For example, "-o slp=(tree=production),(server-type=OpenLDAP),(server-version=2.3.20)"
+For example, \fB"slp=(tree=production),(server-type=OpenLDAP),(server\-version=2.4.15)"\fP
registers at SLP DAs with the three SLP attributes tree, server-type and server-version
that have the values given above.
This allows to specifically query the SLP DAs for LDAP servers holding the
@@ -286,7 +312,7 @@ on voluminous debugging which will be printed on standard error, type:
.LP
.nf
.ft tt
- LIBEXECDIR/slapd -f /var/tmp/slapd.conf -d 255
+ LIBEXECDIR/slapd \-f /var/tmp/slapd.conf \-d 255
.ft
.fi
.LP
@@ -294,7 +320,7 @@ To test whether the configuration file is correct or not, type:
.LP
.nf
.ft tt
- LIBEXECDIR/slapd -Tt
+ LIBEXECDIR/slapd \-Tt
.ft
.fi
.LP
@@ -310,6 +336,7 @@ To test whether the configuration file is correct or not, type:
.BR slapdn (8),
.BR slapindex (8),
.BR slappasswd (8),
+.BR slapschema (8),
.BR slaptest (8).
.LP
"OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)
diff --git a/doc/man/man8/slapdn.8 b/doc/man/man8/slapdn.8
index 97e70ab20fdf2c433dea4928973ebced76ab94eb..3dca05ac0541cdb56e38640d42633c5ffd093f80 100644
--- a/doc/man/man8/slapdn.8
+++ b/doc/man/man8/slapdn.8
@@ -6,13 +6,19 @@
slapdn \- Check a list of string-represented LDAP DNs based on schema syntax
.SH SYNOPSIS
.B SBINDIR/slapdn
-.B [\-d level]
-.B [\-f slapd.conf]
-.B [\-F confdir]
-.B [\-N | \-P]
-.B [\-o name[=value]]
-.B [\-v]
-.B DN [...]
+[\c
+.BI \-d \ debug-level\fR]
+[\c
+.BI \-f \ slapd.conf\fR]
+[\c
+.BI \-F \ confdir\fR]
+[\c
+.BR \-N | \-P ]
+[\c
+.BI \-o \ option\fR[ = value\fR]]
+[\c
+.BR \-v ]
+.IR DN \ [...]
.LP
.SH DESCRIPTION
.LP
@@ -24,31 +30,31 @@ and that loaded via
.BR slapd.conf (5).
It opens the
.BR slapd.conf (5)
-configuration file or the slapd-config (5) backend, reads in the schema definitions, and then
+configuration file or the slapd\-config (5) backend, reads in the schema definitions, and then
parses the
-.B DN
+.I DN
list given on the command-line.
.LP
.SH OPTIONS
.TP
-.BI \-d " level"
+.BI \-d \ debug-level
enable debugging messages as defined by the specified
-.IR level ;
+.IR debug-level ;
see
.BR slapd (8)
for details.
.TP
-.BI \-f " slapd.conf"
+.BI \-f \ slapd.conf
specify an alternative
.BR slapd.conf (5)
file.
.TP
-.BI \-F " confdir"
+.BI \-F \ confdir
specify a config directory.
If both
-.B -f
+.B \-f
and
-.B -F
+.B \-F
are specified, the config file will be read and converted to
config directory format and written to the specified directory.
If neither option is specified, an attempt to read the
@@ -57,26 +63,26 @@ config file. If a valid config directory exists then the
default config file is ignored.
.TP
.BI \-N
-only output a normalized form of the DN, suitable to be used
+only output a normalized form of the \fIDN\fP, suitable to be used
in a normalization tool; incompatible with
.BR \-P .
.TP
-.BI \-o " option[=value]"
+.BI \-o \ option\fR[ = value\fR]
Specify an
-.BR option
+.I option
with a(n optional)
-.BR value .
+.IR value .
Possible generic options/values are:
.LP
.nf
syslog=<subsystems> (see `\-s' in slapd(8))
- syslog-level=<level> (see `\-S' in slapd(8))
- syslog-user=<user> (see `\-l' in slapd(8))
+ syslog\-level=<level> (see `\-S' in slapd(8))
+ syslog\-user=<user> (see `\-l' in slapd(8))
.fi
.TP
.BI \-P
-only output a prettified form of the DN, suitable to be used
+only output a prettified form of the \fIDN\fP, suitable to be used
in a check and beautification tool; incompatible with
.BR \-N .
.TP
@@ -89,12 +95,12 @@ give the command:
.LP
.nf
.ft tt
- SBINDIR/slapdn -f /ETCDIR/slapd.conf -v DN
+ SBINDIR/slapdn \-f /ETCDIR/slapd.conf \-v DN
.ft
.fi
.SH "SEE ALSO"
.BR ldap (3),
-.BR slapd (8)
+.BR slapd (8),
.BR slaptest (8)
.LP
"OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)
diff --git a/doc/man/man8/slapindex.8 b/doc/man/man8/slapindex.8
index ff83baef44178c7eaac8b2e4588bc813ee622ee5..72965d444bde21702047f32facb7bb7606abafe7 100644
--- a/doc/man/man8/slapindex.8
+++ b/doc/man/man8/slapindex.8
@@ -6,18 +6,30 @@
slapindex \- Reindex entries in a SLAPD database
.SH SYNOPSIS
.B SBINDIR/slapindex
-.B [\-b suffix]
-.B [\-c]
-.B [\-d level]
-.B [\-f slapd.conf]
-.B [\-F confdir]
-.B [\-g]
-.B [\-n dbnum]
-.B [\-o name[=value]]
-.B [\-q]
-.B [\-t]
-.B [\-v]
-.B [attr] [...]
+[\c
+.BI \-b \ suffix\fR]
+[\c
+.BR \-c ]
+[\c
+.BI \-d \ debug-level\fR]
+[\c
+.BI \-f \ slapd.conf\fR]
+[\c
+.BI \-F \ confdir\fR]
+[\c
+.BR \-g ]
+[\c
+.BI \-n \ dbnum\fR]
+[\c
+.BI \-o \ option\fR[ = value\fR]]
+[\c
+.BR \-q ]
+[\c
+.BR \-t ]
+[\c
+.BR \-v ]
+[\c
+.IR attr [ ... ]]
.B
.LP
.SH DESCRIPTION
@@ -33,7 +45,7 @@ on the command line, only the indices for those attributes will
be regenerated.
Databases configured as
.B subordinate
-of this one are also re-indexed, unless \fB-g\fP is specified.
+of this one are also re-indexed, unless \fB\-g\fP is specified.
All files eventually created by
.BR slapindex
@@ -51,9 +63,9 @@ or change file ownership before running
.BR slapd (8).
.SH OPTIONS
.TP
-.BI \-b " suffix"
+.BI \-b \ suffix
Use the specified \fIsuffix\fR to determine which database to
-generate output for. The \-b cannot be used in conjunction
+generate output for. The \fB\-b\fP cannot be used in conjunction
with the
.B \-n
option.
@@ -61,24 +73,24 @@ option.
.B \-c
enable continue (ignore errors) mode.
.TP
-.BI \-d " level"
+.BI \-d \ debug-level
enable debugging messages as defined by the specified
-.IR level ;
+.IR debug-level ;
see
.BR slapd (8)
for details.
.TP
-.BI \-f " slapd.conf"
+.BI \-f \ slapd.conf
specify an alternative
.BR slapd.conf (5)
file.
.TP
-.BI \-F " confdir"
+.BI \-F \ confdir
specify a config directory.
If both
-.B -f
+.B \-f
and
-.B -F
+.B \-F
are specified, the config file will be read and converted to
config directory format and written to the specified directory.
If neither option is specified, an attempt to read the
@@ -90,10 +102,10 @@ default config file is ignored.
disable subordinate gluing. Only the specified database will be
processed, and not its glued subordinates (if any).
.TP
-.BI \-n " dbnum"
-Generate output for the \fIdbnum\fR\-th database listed in the
+.BI \-n \ dbnum
+Generate output for the \fIdbnum\fR-th database listed in the
configuration file. The config database
-.BR slapd-config (5),
+.BR slapd\-config (5),
is always the first database, so use
.B \-n 0
@@ -103,17 +115,17 @@ cannot be used in conjunction with the
.B \-b
option.
.TP
-.BI \-o " option[=value]"
+.BI \-o \ option\fR[ = value\fR]
Specify an
-.BR option
+.I option
with a(n optional)
-.BR value .
+.IR value .
Possible generic options/values are:
.LP
.nf
syslog=<subsystems> (see `\-s' in slapd(8))
- syslog-level=<level> (see `\-S' in slapd(8))
- syslog-user=<user> (see `\-l' in slapd(8))
+ syslog\-level=<level> (see `\-S' in slapd(8))
+ syslog\-user=<user> (see `\-l' in slapd(8))
.fi
.TP
diff --git a/doc/man/man8/slappasswd.8 b/doc/man/man8/slappasswd.8
index 13bc9789c66d356f6d55acbb02f59c4c367f9a70..ab205e51a2053470b576aec401f4bb27790494c8 100644
--- a/doc/man/man8/slappasswd.8
+++ b/doc/man/man8/slappasswd.8
@@ -6,12 +6,18 @@
slappasswd \- OpenLDAP password utility
.SH SYNOPSIS
.B SBINDIR/slappasswd
-.B [\-v]
-.B [\-u]
-.B [\-g|\-s secret|\-T file]
-.B [\-h hash]
-.B [\-c salt-format]
-.B [\-n]
+[\c
+.BR \-v ]
+[\c
+.BR \-u ]
+[\c
+.BR \-g \||\| \-s \ \fIsecret\fR \||\| \fB\-T \ \fIfile\fR]
+[\c
+.BI \-h \ hash\fR]
+[\c
+.BI \-c \ salt-format\fR]
+[\c
+.BR \-n ]
.B
.LP
.SH DESCRIPTION
@@ -23,7 +29,7 @@ suitable for use with
.BR slapd.conf (5)
.I rootpw
configuration directive or the
-.BR slapd-config (5)
+.BR slapd\-config (5)
.I olcRootPW
configuration directive.
.
@@ -37,7 +43,7 @@ Generate RFC 2307 userPassword values (the default). Future
versions of this program may generate alternative syntaxes
by default. This option is provided for forward compatibility.
.TP
-.BI \-s " secret"
+.BI \-s \ secret
The secret to hash.
If this,
.B \-g
@@ -48,7 +54,7 @@ are absent, the user will be prompted for the secret to hash.
.B \-g
and
.B \-T
-and mutually exclusive flags.
+are mutually exclusive flags.
.TP
.BI \-g
Generate the secret.
@@ -61,7 +67,7 @@ are absent, the user will be prompted for the secret to hash.
.B \-g
and
.B \-T
-and mutually exclusive flags.
+are mutually exclusive flags.
If this is present,
.I {CLEARTEXT}
is used as scheme.
@@ -70,7 +76,7 @@ and
.B \-h
are mutually exclusive flags.
.TP
-.BI \-T " file"
+.BI \-T \ "file"
Hash the contents of the file.
If this,
.B \-g
@@ -83,16 +89,16 @@ and
.B \-T
and mutually exclusive flags.
.TP
-.BI \-h " scheme"
-If -h is specified, one of the following RFC 2307 schemes may
+.BI \-h \ "scheme"
+If \fB\-h\fP is specified, one of the following RFC 2307 schemes may
be specified:
-.IR {CRYPT} ,
-.IR {MD5} ,
-.IR {SMD5} ,
-.IR {SSHA} ", and"
-.IR {SHA} .
+.BR {CRYPT} ,
+.BR {MD5} ,
+.BR {SMD5} ,
+.BR {SSHA} ", and"
+.BR {SHA} .
The default is
-.IR {SSHA} .
+.BR {SSHA} .
Note that scheme names may need to be protected, due to
.B {
@@ -119,22 +125,31 @@ indicates that the new password should be added to userPassword as
clear text.
Unless
.I {CLEARTEXT}
-is used, this flag is incompatible with
+is used, this flag is incompatible with option
.BR \-g .
.TP
-.BI \-c " crypt-salt-format"
+.BI \-c \ crypt-salt-format
Specify the format of the salt passed to
.BR crypt (3)
when generating {CRYPT} passwords.
This string needs to be in
.BR sprintf (3)
-format and may include one (and only one) %s conversion.
-This conversion will be substituted with a string random
-characters from [A\-Za\-z0\-9./]. For example, '%.2s'
-provides a two character salt and '$1$%.8s' tells some
-versions of crypt(3) to use an MD5 algorithm and provides
-8 random characters of salt. The default is '%s', which
-provides 31 characters of salt.
+format and may include one (and only one)
+.B %s
+conversion.
+This conversion will be substituted with a string of random
+characters from [A\-Za\-z0\-9./]. For example,
+.RB ' %.2s '
+provides a two character salt and
+.RB ' $1$%.8s '
+tells some
+versions of
+.BR crypt (3)
+to use an MD5 algorithm and provides
+8 random characters of salt.
+The default is
+.RB ' %s ' ,
+which provides 31 characters of salt.
.TP
.BI \-n
Omit the trailing newline; useful to pipe the credentials
@@ -153,7 +168,7 @@ is platform specific.
.SH "SECURITY CONSIDERATIONS"
Use of hashed passwords does not protect passwords during
protocol transfer. TLS or other eavesdropping protections
-should be in\-place before using LDAP simple bind.
+should be in-place before using LDAP simple bind.
.LP
The hashed password values should be protected as if they
were clear text passwords.
@@ -163,8 +178,8 @@ were clear text passwords.
.BR slapd (8),
.BR slapd.conf (5),
.BR slapd\-config (5),
-.B RFC 2307
-.B RFC 4519
+.B RFC 2307\fP,
+.B RFC 4519\fP,
.B RFC 3112
.LP
"OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)
diff --git a/doc/man/man8/slapschema.8 b/doc/man/man8/slapschema.8
index 26ca7c73b70392bf3a6a0f9c565b83c98e9d3cb5..040be52269cbbcaef3b25aac5ef253c16a78fcd9 100644
--- a/doc/man/man8/slapschema.8
+++ b/doc/man/man8/slapschema.8
@@ -6,19 +6,30 @@
slapschema \- SLAPD in-database schema checking utility
.SH SYNOPSIS
.B SBINDIR/slapschema
-.B [\-a filter]
-.B [\-b suffix]
-.B [\-c]
-.B [\-d level]
-.B [\-f slapd.conf]
-.B [\-F confdir]
-.B [\-g]
-.B [\-l error-file]
-.B [\-n dbnum]
-.B [\-o name[=value]]
-.B [\-s subtree-dn]
-.B [\-v]
-.B
+[\c
+.BI \-a filter\fR]
+[\c
+.BI \-b suffix\fR]
+[\c
+.BR \-c ]
+[\c
+.BI \-d debug-level\fR]
+[\c
+.BI \-f slapd.conf\fR]
+[\c
+.BI \-F confdir\fR]
+[\c
+.BR \-g ]
+[\c
+.BI \-l error-file\fR]
+[\c
+.BI \-n dbnum\fR]
+[\c
+.BI \-o option\fR[ = value\FR]]
+[\c
+.BI \-s subtree-dn\fR]
+[\c
+.BR \-v ]
.LP
.SH DESCRIPTION
.LP
@@ -31,7 +42,7 @@ suffix and checks the compliance of its contents with the corresponding
schema. Errors are written to standard output or the specified file.
Databases configured as
.B subordinate
-of this one are also output, unless \fB-g\fP is specified.
+of this one are also output, unless \fB\-g\fP is specified.
.LP
Administrators may need to modify existing schema items, including
adding new required attributes to objectClasses,
@@ -41,7 +52,7 @@ or any other change that may result in making perfectly valid entries
no longer compliant with the modified schema.
The execution of the
.B slapschema tool after modifying the schema can point out
-inconsistencies that would otherwise surface only as soon as
+inconsistencies that would otherwise surface only when
inconsistent entries need to be modified.
.LP
@@ -52,19 +63,19 @@ Dynamically generated attributes (such as subschemaSubentry)
will not be considered.
.SH OPTIONS
.TP
-.BI \-a " filter"
+.BI \-a \ filter
Only check entries matching the asserted filter.
For example
-slapschema -a \\
+slapschema \-a \\
"(!(entryDN:dnSubtreeMatch:=ou=People,dc=example,dc=com))"
will check all but the "ou=People,dc=example,dc=com" subtree
of the "dc=example,dc=com" database.
.TP
-.BI \-b " suffix"
+.BI \-b \ suffix
Use the specified \fIsuffix\fR to determine which database to
-check. The \-b cannot be used in conjunction
+check. The \fB\-b\fP cannot be used in conjunction
with the
.B \-n
option.
@@ -72,24 +83,24 @@ option.
.B \-c
Enable continue (ignore errors) mode.
.TP
-.BI \-d " level"
+.BI \-d \ debug-level
Enable debugging messages as defined by the specified
-.IR level ;
+.IR debug-level ;
see
.BR slapd (8)
for details.
.TP
-.BI \-f " slapd.conf"
+.BI \-f \ slapd.conf
Specify an alternative
.BR slapd.conf (5)
file.
.TP
-.BI \-F " confdir"
+.BI \-F \ confdir
specify a config directory.
If both
-.B -f
+.B \-f
and
-.B -F
+.B \-F
are specified, the config file will be read and converted to
config directory format and written to the specified directory.
If neither option is specified, an attempt to read the
@@ -101,13 +112,13 @@ default config file is ignored.
disable subordinate gluing. Only the specified database will be
processed, and not its glued subordinates (if any).
.TP
-.BI \-l " error-file"
+.BI \-l \ error-file
Write errors to specified file instead of standard output.
.TP
-.BI \-n " dbnum"
+.BI \-n \ dbnum
Check the \fIdbnum\fR\-th database listed in the
configuration file. The config database
-.BR slapd-config (5),
+.BR slapd\-config (5),
is always the first database, so use
.B \-n 0
@@ -117,23 +128,23 @@ cannot be used in conjunction with the
.B \-b
option.
.TP
-.BI \-o " option[=value]"
+.BI \-o \ option\fR[ = value\fR]
Specify an
-.BR option
+.I option
with a(n optional)
-.BR value .
+.IR value .
Possible generic options/values are:
.LP
.nf
syslog=<subsystems> (see `\-s' in slapd(8))
- syslog-level=<level> (see `\-S' in slapd(8))
- syslog-user=<user> (see `\-l' in slapd(8))
+ syslog\-level=<level> (see `\-S' in slapd(8))
+ syslog\-user=<user> (see `\-l' in slapd(8))
.fi
.TP
-.BI \-s " subtree-dn"
+.BI \-s \ subtree-dn
Only check entries in the subtree specified by this DN.
-Implies `-b subtree-dn' if no
+Implies \fB\-b\fP \fIsubtree-dn\fP if no
.B \-b
nor
.B \-n
@@ -149,10 +160,10 @@ mode) when you do this to ensure consistency of the database. It is
always safe to run
.B slapschema
with the
-.BR slapd-bdb (5),
-.BR slapd-hdb (5),
+.BR slapd\-bdb (5),
+.BR slapd\-hdb (5),
and
-.BR slapd-null (5)
+.BR slapd\-null (5)
backends.
.SH EXAMPLES
To check the schema compliance of your SLAPD database after modifications
@@ -162,7 +173,7 @@ give the command:
.LP
.nf
.ft tt
- SBINDIR/slapcat -l errors.ldif
+ SBINDIR/slapcat \-l errors.ldif
.ft
.fi
.SH "SEE ALSO"
diff --git a/doc/man/man8/slaptest.8 b/doc/man/man8/slaptest.8
index ce31015b2fb852a0922c459a77e9149b0c4afa46..cb6f93d9dae8a4685e2e17bc5ea6f50f8d616746 100644
--- a/doc/man/man8/slaptest.8
+++ b/doc/man/man8/slaptest.8
@@ -6,13 +6,20 @@
slaptest \- Check the suitability of the OpenLDAP slapd.conf file
.SH SYNOPSIS
.B SBINDIR/slaptest
-.B [\-d level]
-.B [\-f slapd.conf]
-.B [\-F confdir]
-.B [\-o name[=value]]
-.B [\-Q]
-.B [\-u]
-.B [\-v]
+[\c
+.BI \-d \ debug-level\fR]
+[\c
+.BI \-f \ slapd.conf\fR]
+[\c
+.BI \-F \ confdir\fR]
+[\c
+.BI \-o \ option\fR[ = value\fR]]
+[\c
+.BR \-Q ]
+[\c
+.BR \-u ]
+[\c
+.BR \-v ]
.LP
.SH DESCRIPTION
.LP
@@ -23,49 +30,49 @@ configuration file.
It opens the
.BR slapd.conf (5)
configuration file or the
-.BR slapd-config (5)
+.BR slapd\-config (5)
backend, and parses it according to the general and the backend-specific
rules, checking its sanity.
.LP
.SH OPTIONS
.TP
-.BI \-d " level"
+.BI \-d \ debug-level
enable debugging messages as defined by the specified
-.IR level ;
+.IR debug-level ;
see
.BR slapd (8)
for details.
.TP
-.BI \-f " slapd.conf"
+.BI \-f \ slapd.conf
specify an alternative
.BR slapd.conf (5)
file.
.TP
-.BI \-F " confdir"
+.BI \-F \ confdir
specify a config directory.
If both
-.B -f
+.B \-f
and
-.B -F
+.B \-F
are specified, the config file will be read and converted to
config directory format and written to the specified directory.
If neither option is specified, slaptest will attempt to read the
default config directory before trying to use the default
config file. If a valid config directory exists then the
-default config file is ignored. If dryrun mode is also specified,
+default config file is ignored. If dry-run mode is also specified,
no conversion will occur.
.TP
-.BI \-o " option[=value]"
+.BI \-o \ option\fR[ = value\fR]
Specify an
-.BR option
+.I option
with a(n optional)
-.BR value .
+.IR value .
Possible generic options/values are:
.LP
.nf
syslog=<subsystems> (see `\-s' in slapd(8))
- syslog-level=<level> (see `\-S' in slapd(8))
- syslog-user=<user> (see `\-l' in slapd(8))
+ syslog\-level=<level> (see `\-S' in slapd(8))
+ syslog\-user=<user> (see `\-l' in slapd(8))
.fi
.TP
@@ -73,8 +80,8 @@ Possible generic options/values are:
Be extremely quiet: only the exit code indicates success (0) or not
(any other value).
.TP
-.BI \-u
-enable dryrun mode (i.e. don't fail if databases cannot be opened,
+.B \-u
+enable dry-run mode (i.e. don't fail if databases cannot be opened,
but config is fine).
.TP
.BI \-v
@@ -86,12 +93,12 @@ give the command:
.LP
.nf
.ft tt
- SBINDIR/slaptest -f /ETCDIR/slapd.conf -v
+ SBINDIR/slaptest \-f /ETCDIR/slapd.conf \-v
.ft
.fi
.SH "SEE ALSO"
.BR ldap (3),
-.BR slapd (8)
+.BR slapd (8),
.BR slapdn (8)
.LP
"OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)