From d813ab313ccaba0a88bae7a8d0b2437b9d3e3fe2 Mon Sep 17 00:00:00 2001
From: Quanah Gibson-Mount <quanah@openldap.org>
Date: Wed, 3 Jun 2009 03:41:51 +0000
Subject: [PATCH] ITS#6023, more for slapschema as well
---
CHANGES | 1 +
doc/man/man1/ldapcompare.1 | 43 ++++---
doc/man/man1/ldapdelete.1 | 39 +++---
doc/man/man1/ldapexop.1 | 35 +++---
doc/man/man1/ldapmodify.1 | 58 +++++----
doc/man/man1/ldapmodrdn.1 | 45 +++----
doc/man/man1/ldappasswd.1 | 20 ++-
doc/man/man1/ldapsearch.1 | 126 ++++++++++---------
doc/man/man1/ldapurl.1 | 48 ++++----
doc/man/man1/ldapwhoami.1 | 26 ++--
doc/man/man3/lber-decode.3 | 2 +-
doc/man/man3/lber-encode.3 | 6 +-
doc/man/man3/lber-memory.3 | 2 +-
doc/man/man3/lber-sockbuf.3 | 6 +-
doc/man/man3/lber-types.3 | 2 +-
doc/man/man3/ldap.3 | 8 +-
doc/man/man3/ldap_abandon.3 | 2 +-
doc/man/man3/ldap_add.3 | 2 +-
doc/man/man3/ldap_bind.3 | 4 +-
doc/man/man3/ldap_compare.3 | 2 +-
doc/man/man3/ldap_controls.3 | 2 +-
doc/man/man3/ldap_delete.3 | 4 +-
doc/man/man3/ldap_error.3 | 2 +-
doc/man/man3/ldap_extended_operation.3 | 2 +-
doc/man/man3/ldap_first_attribute.3 | 2 +-
doc/man/man3/ldap_first_entry.3 | 2 +-
doc/man/man3/ldap_first_message.3 | 2 +-
doc/man/man3/ldap_first_reference.3 | 2 +-
doc/man/man3/ldap_get_dn.3 | 2 +-
doc/man/man3/ldap_get_option.3 | 6 +-
doc/man/man3/ldap_get_values.3 | 2 +-
doc/man/man3/ldap_memory.3 | 2 +-
doc/man/man3/ldap_modify.3 | 2 +-
doc/man/man3/ldap_modrdn.3 | 4 +-
doc/man/man3/ldap_open.3 | 2 +-
doc/man/man3/ldap_parse_reference.3 | 2 +-
doc/man/man3/ldap_parse_result.3 | 2 +-
doc/man/man3/ldap_parse_sort_control.3 | 2 +-
doc/man/man3/ldap_parse_vlv_control.3 | 2 +-
doc/man/man3/ldap_rename.3 | 4 +-
doc/man/man3/ldap_result.3 | 8 +-
doc/man/man3/ldap_schema.3 | 2 +-
doc/man/man3/ldap_search.3 | 2 +-
doc/man/man3/ldap_sort.3 | 2 +-
doc/man/man3/ldap_sync.3 | 8 +-
doc/man/man3/ldap_tls.3 | 2 +-
doc/man/man3/ldap_url.3 | 2 +-
doc/man/man5/ldap.conf.5 | 20 +--
doc/man/man5/ldif.5 | 14 +--
doc/man/man5/slapd-bdb.5 | 8 +-
doc/man/man5/slapd-config.5 | 64 +++++-----
doc/man/man5/slapd-dnssrv.5 | 2 +-
doc/man/man5/slapd-ldap.5 | 120 +++++++++---------
doc/man/man5/slapd-ldbm.5 | 4 +-
doc/man/man5/slapd-ldif.5 | 2 +-
doc/man/man5/slapd-meta.5 | 90 +++++++-------
doc/man/man5/slapd-monitor.5 | 4 +-
doc/man/man5/slapd-ndb.5 | 2 +-
doc/man/man5/slapd-null.5 | 2 +-
doc/man/man5/slapd-passwd.5 | 2 +-
doc/man/man5/slapd-perl.5 | 4 +-
doc/man/man5/slapd-relay.5 | 38 +++---
doc/man/man5/slapd-shell.5 | 8 +-
doc/man/man5/slapd-sock.5 | 10 +-
doc/man/man5/slapd-sql.5 | 12 +-
doc/man/man5/slapd.access.5 | 16 +--
doc/man/man5/slapd.backends.5 | 4 +-
doc/man/man5/slapd.conf.5 | 92 +++++++-------
doc/man/man5/slapd.overlays.5 | 12 +-
doc/man/man5/slapd.plugin.5 | 2 +-
doc/man/man5/slapo-accesslog.5 | 6 +-
doc/man/man5/slapo-auditlog.5 | 4 +-
doc/man/man5/slapo-chain.5 | 46 +++----
doc/man/man5/slapo-collect.5 | 4 +-
doc/man/man5/slapo-constraint.5 | 2 +-
doc/man/man5/slapo-dds.5 | 4 +-
doc/man/man5/slapo-dyngroup.5 | 2 +-
doc/man/man5/slapo-dynlist.5 | 14 +--
doc/man/man5/slapo-memberof.5 | 20 +--
doc/man/man5/slapo-pcache.5 | 12 +-
doc/man/man5/slapo-ppolicy.5 | 56 ++++-----
doc/man/man5/slapo-refint.5 | 4 +-
doc/man/man5/slapo-retcode.5 | 32 ++---
doc/man/man5/slapo-rwm.5 | 134 ++++++++++----------
doc/man/man5/slapo-syncprov.5 | 12 +-
doc/man/man5/slapo-translucent.5 | 10 +-
doc/man/man5/slapo-unique.5 | 17 ++-
doc/man/man5/slapo-valsort.5 | 14 +--
doc/man/man8/slapacl.8 | 96 +++++++++------
doc/man/man8/slapadd.8 | 96 +++++++++------
doc/man/man8/slapauth.8 | 85 +++++++------
doc/man/man8/slapcat.8 | 89 ++++++++------
doc/man/man8/slapd.8 | 161 +++++++++++++++----------
doc/man/man8/slapdn.8 | 54 +++++----
doc/man/man8/slapindex.8 | 70 ++++++-----
doc/man/man8/slappasswd.8 | 77 +++++++-----
doc/man/man8/slapschema.8 | 89 ++++++++------
doc/man/man8/slaptest.8 | 55 +++++----
98 files changed, 1230 insertions(+), 1120 deletions(-)
diff --git a/CHANGES b/CHANGES
index 400ce62cfe..55c7144f60 100644
--- a/CHANGES
+++ b/CHANGES
@@ -40,6 +40,7 @@ OpenLDAP 2.4.17 Engineering
Documentation
admin24 fixed example regex (ITS#6052)
admin24 removed temporary back-monitor note (ITS#6130)
+ man page consistency fixes (ITS#6023)
ldapsearch(1) output format description (ITS#6146)
ldap.conf(5) improve sizelimit/timelimit limits (ITS#6127)
slapd.conf(5) pidfile/argsfile description fix (ITS#5975)
diff --git a/doc/man/man1/ldapcompare.1 b/doc/man/man1/ldapcompare.1
index a8cd5d4fa2..2de69dd1a0 100644
--- a/doc/man/man1/ldapcompare.1
+++ b/doc/man/man1/ldapcompare.1
@@ -13,7 +13,7 @@ ldapcompare \- LDAP compare tool
[\c
.BR \-z ]
[\c
-.BR \-M[M] ]
+.BR \-M [ M ]]
[\c
.BI \-d \ debuglevel\fR]
[\c
@@ -31,9 +31,9 @@ ldapcompare \- LDAP compare tool
[\c
.BI \-p \ ldapport\fR]
[\c
-.BI \-P \ 2\fR\||\|\fI3\fR]
+.BR \-P \ { 2 \||\| 3 }]
[\c
-.BR \-O \ security-properties ]
+.BI \-O \ security-properties\fR]
[\c
.BR \-I ]
[\c
@@ -49,10 +49,12 @@ ldapcompare \- LDAP compare tool
[\c
.BI \-Y \ mech\fR]
[\c
-.BR \-Z[Z] ]
-.IR DN \ <
-.BR attr:value \ |
-.BR attr::b64value \ >
+.BR \-Z [ Z ]]
+.IR DN
+{\c
+.BI attr: value
+|
+.BI attr:: b64value\fR}
.SH DESCRIPTION
.I ldapcompare
is a shell-accessible interface to the
@@ -66,14 +68,14 @@ name in the directory. \fIAttr\fP should be a known attribute. If
followed by one colon, the assertion \fIvalue\fP should be provided
as a string. If followed by two colons, the base64 encoding of the
value is provided. The result code of the compare is provided as
-the exit code and, unless ran with -z, the program prints
+the exit code and, unless ran with \fB\-z\fP, the program prints
TRUE, FALSE, or UNDEFINED on standard output.
.LP
.SH OPTIONS
.TP
.B \-n
Show what would be done, but don't actually perform the compare. Useful for
-debugging in conjunction with -v.
+debugging in conjunction with \fB\-v\fP.
.TP
.B \-v
Run in verbose mode, with many diagnostics written to standard output.
@@ -82,7 +84,7 @@ Run in verbose mode, with many diagnostics written to standard output.
Run in quiet mode, no output is written. You must check the return
status. Useful in shell scripts.
.TP
-.B \-M[M]
+.BR \-M [ M ]
Enable manage DSA IT control.
.B \-MM
makes control critical.
@@ -97,7 +99,7 @@ Use simple authentication instead of SASL.
.TP
.BI \-D \ binddn
Use the Distinguished Name \fIbinddn\fP to bind to the LDAP directory.
-For SASL Binds, the server is expected to ignore this value.
+For SASL binds, the server is expected to ignore this value.
.TP
.B \-W
Prompt for simple authentication.
@@ -120,7 +122,7 @@ by default appends a trailing newline to the echoed string.
The recommended portable way to store a cleartext password in a file
for use with this option is to use
.BR slappasswd (8)
-with \fI{CLEARTEXT}\fP as hash and the option \fI\-n\fP.
+with \fI{CLEARTEXT}\fP as hash and the option \fB\-n\fP.
.TP
.BI \-H \ ldapuri
Specify URI(s) referring to the ldap server(s); only the protocol/host/port
@@ -129,13 +131,13 @@ is expected.
.TP
.BI \-h \ ldaphost
Specify an alternate host on which the ldap server is running.
-Deprecated in favor of -H.
+Deprecated in favor of \fB\-H\fP.
.TP
.BI \-p \ ldapport
Specify an alternate TCP port where the ldap server is listening.
-Deprecated in favor of -H.
+Deprecated in favor of \fB\-H\fP.
.TP
-.BI \-P \ 2\fR\||\|\fI3
+.BR \-P \ { 2 \||\| 3 }
Specify the LDAP protocol version to use.
.TP
.BI \-O \ security-properties
@@ -160,20 +162,17 @@ depends on the actual SASL mechanism used.
Specify the requested authorization ID for SASL bind.
.I authzid
must be one of the following formats:
-.B dn:\c
-.I <distinguished name>
+.BI dn: "<distinguished name>"
or
-.B u:\c
-.I <username>
+.BI u: <username>
.TP
.BI \-Y \ mech
Specify the SASL mechanism to be used for authentication. If it's not
specified, the program will choose the best mechanism the server knows.
.TP
-.B \-Z[Z]
+.BR \-Z [ Z ]
Issue StartTLS (Transport Layer Security) extended operation. If you use
-.B \-ZZ\c
-, the command will require the operation to be successful.
+\fB\-ZZ\fP, the command will require the operation to be successful.
.SH EXAMPLES
.nf
ldapcompare "uid=babs,dc=example,dc=com" sn:Jensen
diff --git a/doc/man/man1/ldapdelete.1 b/doc/man/man1/ldapdelete.1
index 328bd9206f..5e2191aff6 100644
--- a/doc/man/man1/ldapdelete.1
+++ b/doc/man/man1/ldapdelete.1
@@ -13,7 +13,7 @@ ldapdelete \- LDAP delete entry tool
[\c
.BR \-c ]
[\c
-.BR \-M[M] ]
+.BR \-M [ M ]]
[\c
.BI \-d \ debuglevel\fR]
[\c
@@ -31,11 +31,11 @@ ldapdelete \- LDAP delete entry tool
[\c
.BI \-h \ ldaphost\fR]
[\c
-.BI \-P \ 2\fR\||\|\fI3\fR]
+.BR \-P \ { 2 \||\| 3 }]
[\c
.BI \-p \ ldapport\fR]
[\c
-.BR \-O \ security-properties ]
+.BI \-O \ security-properties\fR]
[\c
.BI \-U \ authcid\fR]
[\c
@@ -55,9 +55,9 @@ ldapdelete \- LDAP delete entry tool
[\c
.BI \-z \ sizelimit\fR]
[\c
-.BR \-Z[Z] ]
+.BR \-Z [ Z ]]
[\c
-.IR dn ]...
+.IR DN \ [ ... ]]
.SH DESCRIPTION
.I ldapdelete
is a shell-accessible interface to the
@@ -69,14 +69,14 @@ opens a connection to an LDAP server, binds, and deletes one or more
entries. If one or more \fIDN\fP arguments are provided, entries with
those Distinguished Names are deleted. Each \fIDN\fP should be provided
using the LDAPv3 string representation as defined in RFC 4514.
-If no \fIdn\fP arguments
+If no \fIDN\fP arguments
are provided, a list of DNs is read from standard input (or from
-\fIfile\fP if the -f flag is used).
+\fIfile\fP if the \fB\-f\fP flag is used).
.SH OPTIONS
.TP
.B \-n
Show what would be done, but don't actually delete entries. Useful for
-debugging in conjunction with -v.
+debugging in conjunction with \fB\-v\fP.
.TP
.B \-v
Use verbose mode, with many diagnostics written to standard output.
@@ -87,7 +87,7 @@ Continuous operation mode. Errors are reported, but
will continue with deletions. The default is to exit after
reporting an error.
.TP
-.B \-M[M]
+.BR \-M [ M ]
Enable manage DSA IT control.
.B \-MM
makes control critical.
@@ -106,7 +106,7 @@ Use simple authentication instead of SASL.
.TP
.BI \-D \ binddn
Use the Distinguished Name \fIbinddn\fP to bind to the LDAP directory.
-For SASL Binds, the server is expected to ignore this value.
+For SASL binds, the server is expected to ignore this value.
.TP
.B \-W
Prompt for simple authentication.
@@ -126,13 +126,13 @@ is expected.
.TP
.BI \-h \ ldaphost
Specify an alternate host on which the ldap server is running.
-Deprecated in favor of -H.
+Deprecated in favor of \fB\-H\fP.
.TP
.BI \-p \ ldapport
Specify an alternate TCP port where the ldap server is listening.
-Deprecated in favor of -H.
+Deprecated in favor of \fB\-H\fP.
.TP
-.BI \-P \ 2\fR\||\|\fI3
+.BR \-P \ { 2 \||\| 3 }
Specify the LDAP protocol version to use.
.TP
.B \-r
@@ -144,7 +144,7 @@ happily delete large portions of your tree. Use with care.
.BI \-z \ sizelimit
Use \fIsizelimit\fP when searching for children DN to delete,
to circumvent any server-side size limit. Only useful in conjunction
-with \-r.
+with \fB\-r\fP.
.TP
.BI \-O \ security-properties
Specify SASL security properties.
@@ -168,20 +168,17 @@ depends on the actual SASL mechanism used.
Specify the requested authorization ID for SASL bind.
.I authzid
must be one of the following formats:
-.B dn:\c
-.I <distinguished name>
+.BI dn: "<distinguished name>"
or
-.B u:\c
-.I <username>
+.BI u: <username>
.TP
.BI \-Y \ mech
Specify the SASL mechanism to be used for authentication. If it's not
specified, the program will choose the best mechanism the server knows.
.TP
-.B \-Z[Z]
+.BR \-Z [ Z ]
Issue StartTLS (Transport Layer Security) extended operation. If you use
-.B \-ZZ\c
-, the command will require the operation to be successful.
+\fB\-ZZ\fP, the command will require the operation to be successful.
.SH EXAMPLE
The following command:
.LP
diff --git a/doc/man/man1/ldapexop.1 b/doc/man/man1/ldapexop.1
index 1cbb5170d6..f857dd2056 100644
--- a/doc/man/man1/ldapexop.1
+++ b/doc/man/man1/ldapexop.1
@@ -24,7 +24,7 @@ ldapexop
[\c
.BI \-D \ binddn\fR]
[\c
-.BI \-e \ [!]ext[=extparam]\fR]
+.BR \-e \ [ ! ] \fIext\fP [ =\fIextparam\fP ]]
[\c
.BI \-f \ file\fR]
[\c
@@ -40,7 +40,7 @@ ldapexop
[\c
.BI \-O \ security-properties\fR]
[\c
-.BI \-o \ [!]ext[=extparam]\fR]
+.BI \-o \ opt\fR[\fP = optparam\fR]]
[\c
.BI \-p \ port\fR]
[\c
@@ -66,8 +66,8 @@ ldapexop
[\c
.BI \-Y \ mech\fR]
[\c
-.BR \-Z[Z] ]
-\ {
+.BR \-Z [ Z ]]
+{\c
.I oid
|
.BI oid: data
@@ -78,8 +78,7 @@ ldapexop
|
.BI cancel \ cancel-id
|
-.BI refresh \ DN \ \fR[\fIttl\fR]
-}
+.BI refresh \ DN \ \fR[\fIttl\fR]}
.SH DESCRIPTION
ldapexop issues the LDAP extended operation specified by \fBoid\fP
@@ -128,7 +127,7 @@ Set the LDAP debugging level to \fIlevel\fP.
.BI \-D \ binddn
Use the Distinguished Name \fIbinddn\fP to bind to the LDAP directory.
.TP
-.BI \-e \ [!]ext[=extparam]
+.BR \-e \ [ ! ] \fIext\fP [ =\fIextparam\fP ]
Specify general extensions. \'!\' indicates criticality.
.nf
[!]assert=<filter> (RFC 4528; a RFC 4515 Filter string)
@@ -152,7 +151,7 @@ Read operations from \fIfile\fP.
.TP
.BI \-h \ host
Specify the host on which the ldap server is running.
-Deprecated in favor of \fB-H\fP.
+Deprecated in favor of \fB\-H\fP.
.TP
.BI \-H \ URI
Specify URI(s) referring to the ldap server(s); only the protocol/host/port
@@ -165,7 +164,7 @@ only as needed.
.TP
.BI \-n
Show what would be done but don't actually do it.
-Useful for debugging in conjunction with \fB-v\fP.
+Useful for debugging in conjunction with \fB\-v\fP.
.TP
.BI \-N
Do not use reverse DNS to canonicalize SASL host name.
@@ -173,7 +172,7 @@ Do not use reverse DNS to canonicalize SASL host name.
.BI \-O \ security-properties
Specify SASL security properties.
.TP
-.BI \-o \ opt[=optparam]
+.BI \-o \ opt\fR[\fP = optparam\fR]
Specify general options:
.nf
nettimeout=<timeout> (in seconds, or "none" or "max")
@@ -181,7 +180,7 @@ Specify general options:
.TP
.BI \-p \ port
Specify the TCP port where the ldap server is listening.
-Deprecated in favor of \fB-H\fP.
+Deprecated in favor of \fB\-H\fP.
.TP
.BI \-Q
Enable SASL Quiet mode. Never prompt.
@@ -199,7 +198,7 @@ Run in verbose mode, with many diagnostics written to standard output.
.TP
.BI \-V
Print version info and usage message.
-If\fB-VV\fP is given, only the version information is printed.
+If\fB\-VV\fP is given, only the version information is printed.
.TP
.BI \-w \ passwd
Use \fIpasswd\fP as the password for simple authentication.
@@ -215,11 +214,9 @@ Use simple authentication instead of SASL.
Specify the requested authorization ID for SASL bind.
.I authzid
must be one of the following formats:
-.B dn:\c
-.I <distinguished name>
+.BI dn: "<distinguished name>"
or
-.B u:\c
-.I <username>
+.BI u: <username>
.TP
.BI \-y \ file
Use complete contents of \fIfile\fP as the password for
@@ -229,9 +226,9 @@ simple authentication.
Specify the SASL mechanism to be used for authentication.
Without this option, the program will choose the best mechanism the server knows.
.TP
-.B \-Z[Z]
+.BR \-Z [ Z ]
Issue StartTLS (Transport Layer Security) extended operation.
-Giving it twice (\fB-ZZ\fP) will require the operation to be successful.
+Giving it twice (\fB\-ZZ\fP) will require the operation to be successful.
.SH DIAGNOSTICS
Exit status is zero if no errors occur.
@@ -248,5 +245,5 @@ with \fBldapexop\fP.
Do not expect it to be complete or absolutely correct.
.SH ACKNOWLEDGEMENTS
-The OpenLDAP Project <http://www.openldap.org/>
+.so ../Project
diff --git a/doc/man/man1/ldapmodify.1 b/doc/man/man1/ldapmodify.1
index 31269c1342..5c8794995b 100644
--- a/doc/man/man1/ldapmodify.1
+++ b/doc/man/man1/ldapmodify.1
@@ -17,7 +17,7 @@ ldapmodify, ldapadd \- LDAP modify entry and LDAP add entry tools
[\c
.BR \-v ]
[\c
-.BR \-M[M] ]
+.BR \-M [ M ]]
[\c
.BI \-d \ debuglevel\fR]
[\c
@@ -35,9 +35,9 @@ ldapmodify, ldapadd \- LDAP modify entry and LDAP add entry tools
[\c
.BI \-p \ ldapport\fR]
[\c
-.BI \-P \ 2\fR\||\|\fI3\fR]
+.BR \-P \ { 2 \||\| 3 }]
[\c
-.BR \-O \ security-properties ]
+.BI \-O \ security-properties\fR]
[\c
.BR \-I ]
[\c
@@ -53,7 +53,7 @@ ldapmodify, ldapadd \- LDAP modify entry and LDAP add entry tools
[\c
.BI \-Y \ mech\fR]
[\c
-.BR \-Z[Z] ]
+.BR \-Z [ Z ]]
[\c
.BI \-f \ file\fR]
.LP
@@ -67,7 +67,7 @@ ldapmodify, ldapadd \- LDAP modify entry and LDAP add entry tools
[\c
.BR \-v ]
[\c
-.BR \-M[M] ]
+.BR \-M [ M ]]
[\c
.BI \-d \ debuglevel\fR]
[\c
@@ -85,9 +85,9 @@ ldapmodify, ldapadd \- LDAP modify entry and LDAP add entry tools
[\c
.BI \-p \ ldapport\fR]
[\c
-.BI \-P \ 2\fR\||\|\fI3\fR]
+.BR \-P \ { 2 \||\| 3 }]
[\c
-.BR \-O \ security-properties ]
+.BI \-O \ security-properties\fR]
[\c
.BR \-I ]
[\c
@@ -103,7 +103,7 @@ ldapmodify, ldapadd \- LDAP modify entry and LDAP add entry tools
[\c
.BI \-Y \ mech\fR]
[\c
-.BR \-Z[Z] ]
+.BR \-Z [ Z ]]
[\c
.BI \-f \ file\fR]
.SH DESCRIPTION
@@ -118,12 +118,12 @@ library calls.
.B ldapadd
is implemented as a hard link to the ldapmodify tool. When invoked as
.B ldapadd
-the -a (add new entry) flag is turned on automatically.
+the \fB\-a\fP (add new entry) flag is turned on automatically.
.LP
.B ldapmodify
opens a connection to an LDAP server, binds, and modifies or adds entries.
The entry information is read from standard input or from \fIfile\fP through
-the use of the -f option.
+the use of the \fB\-f\fP option.
.SH OPTIONS
.TP
.B \-a
@@ -142,16 +142,16 @@ reporting an error.
.BI \-S \ file
Add or change records which where skipped due to an error are written to \fIfile\fP
and the error message returned by the server is added as a comment. Most useful in
-conjunction with -c.
+conjunction with \fB\-c\fP.
.TP
.B \-n
Show what would be done, but don't actually modify entries. Useful for
-debugging in conjunction with -v.
+debugging in conjunction with \fB\-v\fP.
.TP
.B \-v
Use verbose mode, with many diagnostics written to standard output.
.TP
-.B \-M[M]
+.BR \-M [ M ]
Enable manage DSA IT control.
.B \-MM
makes control critical.
@@ -170,7 +170,7 @@ Use simple authentication instead of SASL.
.TP
.BI \-D \ binddn
Use the Distinguished Name \fIbinddn\fP to bind to the LDAP directory.
-For SASL Binds, the server is expected to ignore this value.
+For SASL binds, the server is expected to ignore this value.
.TP
.B \-W
Prompt for simple authentication.
@@ -190,13 +190,13 @@ is expected.
.TP
.BI \-h \ ldaphost
Specify an alternate host on which the ldap server is running.
-Deprecated in favor of -H.
+Deprecated in favor of \fB\-H\fP.
.TP
.BI \-p \ ldapport
Specify an alternate TCP port where the ldap server is listening.
-Deprecated in favor of -H.
+Deprecated in favor of \fB\-H\fP.
.TP
-.BI \-P \ 2\fR\||\|\fI3
+.BR \-P \ { 2 \||\| 3 }
Specify the LDAP protocol version to use.
.TP
.BI \-O \ security-properties
@@ -221,22 +221,20 @@ depends on the actual SASL mechanism used.
Specify the requested authorization ID for SASL bind.
.I authzid
must be one of the following formats:
-.B dn:\c
-.I <distinguished name>
+.BI dn: "<distinguished name>"
or
-.B u:\c
-.I <username>
+.BI u: <username>
.TP
.BI \-Y \ mech
Specify the SASL mechanism to be used for authentication. If it's not
specified, the program will choose the best mechanism the server knows.
.TP
-.B \-Z[Z]
+.BR \-Z [ Z ]
Issue StartTLS (Transport Layer Security) extended operation. If you use
.B \-ZZ\c
, the command will require the operation to be successful.
.SH INPUT FORMAT
-The contents of \fIfile\fP (or standard input if no \-f flag is given on
+The contents of \fIfile\fP (or standard input if no \fB\-f\fP flag is given on
the command line) must conform to the format defined in
.BR ldif (5)
(LDIF as defined in RFC 2849).
@@ -250,21 +248,21 @@ exists and has the contents:
changetype: modify
replace: mail
mail: modme@example.com
- -
+ \-
add: title
title: Grand Poobah
- -
+ \-
add: jpegPhoto
jpegPhoto:< file:///tmp/modme.jpeg
- -
+ \-
delete: description
- -
+ \-
.fi
.LP
the command:
.LP
.nf
- ldapmodify -f /tmp/entrymods
+ ldapmodify \-f /tmp/entrymods
.fi
.LP
will replace the contents of the "Modify Me" entry's
@@ -296,7 +294,7 @@ exists and has the contents:
the command:
.LP
.nf
- ldapadd -f /tmp/newentry
+ ldapadd \-f /tmp/newentry
.fi
.LP
will add a new entry for Babs Jensen, using the values from the
@@ -315,7 +313,7 @@ exists and has the contents:
the command:
.LP
.nf
- ldapmodify -f /tmp/entrymods
+ ldapmodify \-f /tmp/entrymods
.fi
.LP
will remove Babs Jensen's entry.
diff --git a/doc/man/man1/ldapmodrdn.1 b/doc/man/man1/ldapmodrdn.1
index 646f3f4ed6..22a0d887a6 100644
--- a/doc/man/man1/ldapmodrdn.1
+++ b/doc/man/man1/ldapmodrdn.1
@@ -17,7 +17,7 @@ ldapmodrdn \- LDAP rename entry tool
[\c
.BR \-c ]
[\c
-.BR \-M[M] ]
+.BR \-M [ M ]]
[\c
.BI \-d \ debuglevel\fR]
[\c
@@ -35,9 +35,9 @@ ldapmodrdn \- LDAP rename entry tool
[\c
.BI \-p \ ldapport\fR]
[\c
-.BI \-P \ 2\fR\||\|\fI3\fR]
+.BR \-P \ { 2 \||\| 3 }]
[\c
-.BR \-O \ security-properties ]
+.BI \-O \ security-properties\fR]
[\c
.BR \-I ]
[\c
@@ -53,7 +53,7 @@ ldapmodrdn \- LDAP rename entry tool
[\c
.BI \-Y \ mech\fR]
[\c
-.BR \-Z[Z] ]
+.BR \-Z [ Z ]]
[\c
.BI \-f \ file\fR]
[\c
@@ -82,7 +82,7 @@ child of the new superior.) This option is not supported in LDAPv2.
.TP
.B \-n
Show what would be done, but don't actually change entries. Useful for
-debugging in conjunction with -v.
+debugging in conjunction with \fB\-v\fP.
.TP
.B \-v
Use verbose mode, with many diagnostics written to standard output.
@@ -92,33 +92,33 @@ Continuous operation mode. Errors are reported, but ldapmodrdn
will continue with modifications. The default is to exit after
reporting an error.
.TP
-.B \-M[M]
+.BR \-M [ M ]
Enable manage DSA IT control.
.B \-MM
makes control critical.
.TP
-.B \-d debuglevel
+.BI \-d \ debuglevel
Set the LDAP debugging level to \fIdebuglevel\fP.
.B ldapmodrdn
must be
compiled with LDAP_DEBUG defined for this option to have any effect.
.TP
-.B \-f file
+.BI \-f \ file
Read the entry modification information from \fIfile\fP instead of from
standard input or the command-line.
.TP
.B \-x
Use simple authentication instead of SASL.
.TP
-.B \-D binddn
+.BI \-D \ binddn
Use the Distinguished Name \fIbinddn\fP to bind to the LDAP directory.
-For SASL Binds, the server is expected to ignore this value.
+For SASL binds, the server is expected to ignore this value.
.TP
.B \-W
Prompt for simple authentication.
This is used instead of specifying the password on the command line.
.TP
-.B \-w passwd
+.BI \-w \ passwd
Use \fIpasswd\fP as the password for simple authentication.
.TP
.BI \-y \ passwdfile
@@ -132,13 +132,13 @@ is expected.
.TP
.BI \-h \ ldaphost
Specify an alternate host on which the ldap server is running.
-Deprecated in favor of -H.
+Deprecated in favor of \fB\-H\fP.
.TP
.BI \-p \ ldapport
Specify an alternate TCP port where the ldap server is listening.
-Deprecated in favor of -H.
+Deprecated in favor of \fB\-H\fP.
.TP
-.BI \-P \ 2\fR\||\|\fI3
+.BR \-P \ { 2 \||\| 3 }
Specify the LDAP protocol version to use.
.TP
.BI \-O \ security-properties
@@ -163,28 +163,23 @@ depends on the actual SASL mechanism used.
Specify the requested authorization ID for SASL bind.
.I authzid
must be one of the following formats:
-.B dn:\c
-.I <distinguished name>
+.BI dn: "<distinguished name>"
or
-.B u:\c
-.I <username>
+.BI u: <username>
.TP
.BI \-Y \ mech
Specify the SASL mechanism to be used for authentication. If it's not
specified, the program will choose the best mechanism the server knows.
.TP
-.B \-Z[Z]
+.BR \-Z [ Z ]
Issue StartTLS (Transport Layer Security) extended operation. If you use
-.B \-ZZ\c
-, the command will require the operation to be successful.
+\fB\-ZZ\fP, the command will require the operation to be successful.
.SH INPUT FORMAT
If the command-line arguments \fIdn\fP and \fIrdn\fP are given, \fIrdn\fP
will replace the RDN of the entry specified by the DN, \fIdn\fP.
.LP
Otherwise, the contents of \fIfile\fP (or standard input if
-no
-.RI \- f
-flag is given) should consist of one or more entries.
+no \fB\-f\fP flag is given) should consist of one or more entries.
.LP
.nf
Distinguished Name (DN)
@@ -205,7 +200,7 @@ exists and has the contents:
the command:
.LP
.nf
- ldapmodrdn -r -f /tmp/entrymods
+ ldapmodrdn \-r \-f /tmp/entrymods
.fi
.LP
will change the RDN of the "Modify Me" entry from "Modify Me" to
diff --git a/doc/man/man1/ldappasswd.1 b/doc/man/man1/ldappasswd.1
index 828fae08b9..4b74541cda 100644
--- a/doc/man/man1/ldappasswd.1
+++ b/doc/man/man1/ldappasswd.1
@@ -39,7 +39,7 @@ ldappasswd \- change the password of an LDAP entry
[\c
.BI \-y \ passwdfile\fR]
[\c
-.BR \-O \ security-properties ]
+.BI \-O \ security-properties\fR]
[\c
.BR \-I ]
[\c
@@ -55,7 +55,7 @@ ldappasswd \- change the password of an LDAP entry
[\c
.BI \-Y \ mech\fR]
[\c
-.BR \-Z[Z] ]
+.BR \-Z [ Z ]]
[\c
.IR user ]
.SH DESCRIPTION
@@ -94,7 +94,7 @@ Use simple authentication instead of SASL.
.TP
.BI \-D \ binddn
Use the Distinguished Name \fIbinddn\fP to bind to the LDAP directory.
-For SASL Binds, the server is expected to ignore this value.
+For SASL binds, the server is expected to ignore this value.
.TP
.BI \-d \ debuglevel
Set the LDAP debugging level to \fIdebuglevel\fP.
@@ -108,16 +108,15 @@ is expected.
.TP
.BI \-h \ ldaphost
Specify an alternate host on which the ldap server is running.
-Deprecated in favor of -H.
+Deprecated in favor of \fB\-H\fP.
.TP
.BI \-p \ ldapport
Specify an alternate TCP port where the ldap server is listening.
-Deprecated in favor of -H.
+Deprecated in favor of \fB\-H\fP.
.TP
.B \-n
Do not set password. (Can be useful when used in conjunction with
-.BR \-v \ or
-.BR \-d )
+\fB\-v\fP or \fB\-d\fP)
.TP
.BI \-S
Prompt for new password.
@@ -165,7 +164,7 @@ depends on the actual SASL mechanism used.
Specify the requested authorization ID for SASL bind.
.I authzid
must be one of the following formats:
-.BI dn: <distinguished name>
+.BI dn: "<distinguished name>"
or
.BI u: <username>\fP.
.TP
@@ -173,10 +172,9 @@ or
Specify the SASL mechanism to be used for authentication. If it's not
specified, the program will choose the best mechanism the server knows.
.TP
-.B \-Z[Z]
+.BR \-Z [ Z ]
Issue StartTLS (Transport Layer Security) extended operation. If you use
-.BR \-ZZ ,
-the command will require the operation to be successful
+\fB\-ZZ\fP, the command will require the operation to be successful
.SH SEE ALSO
.BR ldap_sasl_bind (3),
.BR ldap_extended_operation (3),
diff --git a/doc/man/man1/ldapsearch.1 b/doc/man/man1/ldapsearch.1
index bdd33d7bda..8133aaf2b7 100644
--- a/doc/man/man1/ldapsearch.1
+++ b/doc/man/man1/ldapsearch.1
@@ -15,7 +15,7 @@ ldapsearch \- LDAP search tool
[\c
.BR \-v ]
[\c
-.BR \-t[t] ]
+.BR \-t [ t ]]
[\c
.BI \-T \ path\fR]
[\c
@@ -23,9 +23,9 @@ ldapsearch \- LDAP search tool
[\c
.BR \-A ]
[\c
-.BR \-L[L[L]] ]
+.BR \-L [ L [ L ]]]
[\c
-.BR \-M[M] ]
+.BR \-M [ M ]]
[\c
.BI \-S \ attribute\fR]
[\c
@@ -51,21 +51,21 @@ ldapsearch \- LDAP search tool
[\c
.BI \-b \ searchbase\fR]
[\c
-.BI \-s \ base\fR\||\|\fIone\fR\||\|\fIsub\fR\||\|\fIchildren\fR]
+.BR \-s \ { base \||\| one \||\| sub \||\| children }]
[\c
-.BI \-a \ never\fR\||\|\fIalways\fR\||\|\fIsearch\fR\||\|\fIfind\fR]
+.BR \-a \ { never \||\| always \||\| search \||\| find }]
[\c
-.BI \-P \ 2\fR\||\|\fI3\fR]
+.BR \-P \ { 2 \||\| 3 }]
[\c
-.BR \-e \ [!]ext[=extparam]]
+.BR \-e \ [ ! ] \fIext\fP [ =\fIextparam\fP ]]
[\c
-.BR \-E \ [!]ext[=extparam]]
+.BR \-E \ [ ! ] \fIext\fP [ =\fIextparam\fP ]]
[\c
.BI \-l \ timelimit\fR]
[\c
.BI \-z \ sizelimit\fR]
[\c
-.BR \-O \ security-properties ]
+.BI \-O \ security-properties\fR]
[\c
.BR \-I ]
[\c
@@ -79,7 +79,7 @@ ldapsearch \- LDAP search tool
[\c
.BI \-Y \ mech\fR]
[\c
-.BR \-Z[Z] ]
+.BR \-Z [ Z ]]
.I filter
[\c
.IR attrs... ]
@@ -123,19 +123,19 @@ in the output.
.B \-v
Run in verbose mode, with many diagnostics written to standard output.
.TP
-.B \-t[t]
-A single -t writes retrieved non-printable values to a set of temporary
+.BR \-t [ t ]
+A single \fB\-t\fP writes retrieved non-printable values to a set of temporary
files. This is useful for dealing with values containing non-character
-data such as jpegPhoto or audio. A second -t writes all retrieved values to
+data such as jpegPhoto or audio. A second \fB\-t\fP writes all retrieved values to
files.
.TP
.BI \-T \ path
Write temporary files to directory specified by \fIpath\fP (default:
-/var/tmp/)
+\fB/var/tmp/\fP)
.TP
.BI \-F \ prefix
-URL prefix for temporary files. Default is file://\fIpath\fP/ where
-\fIpath\fP is /var/tmp/ or specified with -T.
+URL prefix for temporary files. Default is \fBfile://\fIpath\fP where
+\fIpath\fP is \fB/var/tmp/\fP or specified with \fB\-T\fP.
.TP
.B \-A
Retrieve attributes only (no values). This is useful when you just want to
@@ -145,12 +145,12 @@ specific values.
.B \-L
Search results are display in LDAP Data Interchange Format detailed in
.BR ldif (5).
-A single -L restricts the output to LDIFv1.
-A second -L disables comments.
-A third -L disables printing of the LDIF version.
+A single \fB\-L\fP restricts the output to LDIFv1.
+ A second \fB\-L\fP disables comments.
+A third \fB\-L\fP disables printing of the LDIF version.
The default is to use an extended version of LDIF.
.TP
-.B \-M[M]
+.BR \-M [ M ]
Enable manage DSA IT control.
.B \-MM
makes control critical.
@@ -162,8 +162,7 @@ the entries are sorted by the components of their Distinguished Name. See
.BR ldap_sort (3)
for more details. Note that
.B ldapsearch
-normally prints out entries as it receives them. The use of the
-.B \-S
+normally prints out entries as it receives them. The use of the \fB\-S\fP
option defeats this behavior, causing all entries to be retrieved,
then sorted, then printed.
.TP
@@ -181,17 +180,17 @@ the \fB%\fP character in the pattern will be regarded as an error.
Where it is desired that the search filter include a \fB%\fP character,
the character should be encoded as \fB\\25\fP (see RFC 4515).
If \fIfile\fP is a single
-\fI-\fP character, then the lines are read from standard input.
+\fB\-\fP character, then the lines are read from standard input.
.B ldapsearch
will exit when the first non-successful search result is returned,
-unless -c is used.
+unless \fB\-c\fP is used.
.TP
.B \-x
Use simple authentication instead of SASL.
.TP
.BI \-D \ binddn
Use the Distinguished Name \fIbinddn\fP to bind to the LDAP directory.
-For SASL Binds, the server is expected to ignore this value.
+For SASL binds, the server is expected to ignore this value.
.TP
.B \-W
Prompt for simple authentication.
@@ -216,50 +215,50 @@ and must be escaped according to RFC 2396.
.TP
.BI \-h \ ldaphost
Specify an alternate host on which the ldap server is running.
-Deprecated in favor of -H.
+Deprecated in favor of \fB\-H\fP.
.TP
.BI \-p \ ldapport
Specify an alternate TCP port where the ldap server is listening.
-Deprecated in favor of -H.
+Deprecated in favor of \fB\-H\fP.
.TP
.BI \-b \ searchbase
Use \fIsearchbase\fP as the starting point for the search instead of
the default.
.TP
-.BI \-s \ base\fR\||\|\fIone\fR\||\|\fIsub\fR\||\|\fIchildren
+.BR \-s \ { base \||\| one \||\| sub \||\| children }
Specify the scope of the search to be one of
-.IR base ,
-.IR one ,
-.IR sub ,
+.BR base ,
+.BR one ,
+.BR sub ,
or
-.I children
+.B children
to specify a base object, one-level, subtree, or children search.
The default is
-.IR sub .
+.BR sub .
Note:
.I children
scope requires LDAPv3 subordinate feature extension.
.TP
-.BI \-a \ never\fR\||\|\fIalways\fR\||\|\fIsearch\fR\||\|\fIfind
+.BR \-a \ { never \||\| always \||\| search \||\| find }
Specify how aliases dereferencing is done. Should be one of
-.IR never ,
-.IR always ,
-.IR search ,
+.BR never ,
+.BR always ,
+.BR search ,
or
-.I find
+.B find
to specify that aliases are never dereferenced, always dereferenced,
dereferenced when searching, or dereferenced only when locating the
base object for the search. The default is to never dereference aliases.
.TP
-.BI \-P \ 2\fR\||\|\fI3
+.BR \-P \ { 2 \||\| 3 }
Specify the LDAP protocol version to use.
.TP
-.B \-e \fI[!]ext[=extparam]\fP
+.BR \-e \ [ ! ] \fIext\fP [ =\fIextparam\fP ]
.TP
-.B \-E \fI[!]ext[=extparam]\fP
+.BR \-E \ [ ! ] \fIext\fP [ =\fIextparam\fP ]
-Specify general extensions with -e and search extensions with -E.
-\'!\' indicates criticality.
+Specify general extensions with \fB\-e\fP and search extensions with \fB\-E\fP.
+\'\fB!\fP\' indicates criticality.
General extensions:
.nf
@@ -278,7 +277,7 @@ Search extensions:
[!]domainScope (domain scope)
[!]mv=<filter> (matched values filter)
[!]pr=<size>[/prompt|noprompt] (paged results/prompt)
- [!]sss=[-]<attr[:OID]>[/[-]<attr[:OID]>...] (server side sorting)
+ [!]sss=[\-]<attr[:OID]>[/[\-]<attr[:OID]>...] (server side sorting)
[!]subentries[=true|false] (subentries)
[!]sync=ro[/<cookie>] (LDAP Sync refreshOnly)
rp[/<cookie>][/<slimit>] (LDAP Sync refreshAndPersist)
@@ -332,20 +331,17 @@ depends on the actual SASL mechanism used.
Specify the requested authorization ID for SASL bind.
.I authzid
must be one of the following formats:
-.B dn:\c
-.I <distinguished name>
+.BI dn: "<distinguished name>"
or
-.B u:\c
-.I <username>
+.BI u: <username>
.TP
.BI \-Y \ mech
Specify the SASL mechanism to be used for authentication. If it's not
specified, the program will choose the best mechanism the server knows.
.TP
-.B \-Z[Z]
+.BR \-Z [ Z ]
Issue StartTLS (Transport Layer Security) extended operation. If you use
-.B \-ZZ\c
-, the command will require the operation to be successful.
+\fB\-ZZ\fP, the command will require the operation to be successful.
.SH OUTPUT FORMAT
If one or more entries are found, each entry is written to standard
output in LDAP Data Interchange Format or
@@ -364,14 +360,14 @@ output in LDAP Data Interchange Format or
...
.fi
.LP
-If the -t option is used, the URI of a temporary file
-is used in place of the actual value. If the -A option
+If the \fB\-t\fP option is used, the URI of a temporary file
+is used in place of the actual value. If the \fB\-A\fP option
is given, only the "attributename" part is written.
.SH EXAMPLE
The following command:
.LP
.nf
- ldapsearch -LLL "(sn=smith)" cn sn telephoneNumber
+ ldapsearch \-LLL "(sn=smith)" cn sn telephoneNumber
.fi
.LP
will perform a subtree search (using the default search base and
@@ -387,23 +383,23 @@ The output might look something like this if two entries are found:
cn: John Smith
cn: John T. Smith
sn: Smith
- sn;lang-en: Smith
- sn;lang-de: Schmidt
- telephoneNumber: 1 555 123-4567
+ sn;lang\-en: Smith
+ sn;lang\-de: Schmidt
+ telephoneNumber: 1 555 123\-4567
dn: uid=sss,dc=example,dc=com
cn: Steve Smith
cn: Steve S. Smith
sn: Smith
- sn;lang-en: Smith
- sn;lang-de: Schmidt
- telephoneNumber: 1 555 765-4321
+ sn;lang\-en: Smith
+ sn;lang\-de: Schmidt
+ telephoneNumber: 1 555 765\-4321
.fi
.LP
The command:
.LP
.nf
- ldapsearch -LLL -u -t "(uid=xyz)" jpegPhoto audio
+ ldapsearch \-LLL \-u \-t "(uid=xyz)" jpegPhoto audio
.fi
.LP
will perform a subtree search using the default search base for entries
@@ -416,14 +412,14 @@ requested attributes is found:
.nf
dn: uid=xyz,dc=example,dc=com
ufn: xyz, example, com
- audio:< file:///tmp/ldapsearch-audio-a19924
- jpegPhoto:< file:///tmp/ldapsearch-jpegPhoto-a19924
+ audio:< file:///tmp/ldapsearch\-audio\-a19924
+ jpegPhoto:< file:///tmp/ldapsearch\-jpegPhoto\-a19924
.fi
.LP
This command:
.LP
.nf
- ldapsearch -LLL -s one -b "c=US" "(o=University*)" o description
+ ldapsearch \-LLL \-s one \-b "c=US" "(o=University*)" o description
.fi
.LP
will perform a one-level search at the c=US level for all entries
@@ -446,7 +442,7 @@ and printed to standard output, resulting in output similar to this:
o: University of Colorado at Denver
o: UCD
o: CU/Denver
- o: CU-Denver
+ o: CU\-Denver
description: Institute for Higher Learning and Research
dn: o=University of Florida,c=US
diff --git a/doc/man/man1/ldapurl.1 b/doc/man/man1/ldapurl.1
index 5d1405a90b..cf4e17364a 100644
--- a/doc/man/man1/ldapurl.1
+++ b/doc/man/man1/ldapurl.1
@@ -11,7 +11,7 @@ ldapurl \- LDAP URL formatting tool
[\c
.BI \-b \ searchbase\fR]
[\c
-.BR \-E \ [!]ext[=extparam]]
+.BR \-E \ [ ! ] \fIext\fP [ =\fIextparam\fP ]]
[\c
.BI \-f \ filter\fR]
[\c
@@ -21,14 +21,14 @@ ldapurl \- LDAP URL formatting tool
[\c
.BI \-p \ ldapport\fR]
[\c
-.BI \-s \ base\fR\||\|\fIone\fR\||\|\fIsub\fR\||\|\fIchildren\fR]
+.BR \-s \ { base \||\| one \||\| sub \||\| children }]
[\c
.BI \-S \ scheme\fR]
.SH DESCRIPTION
.I ldapurl
is a command that allows to either compose or decompose LDAP URIs.
.LP
-When invoked with the \fI-H\fP option,
+When invoked with the \fB\-H\fP option,
.B ldapurl
extracts the components of the \fIldapuri\fP option argument,
unescaping hex-escaped chars as required.
@@ -37,17 +37,17 @@ It basically acts as a frontend to the
call.
Otherwise, it builds an LDAP URI based on the components
passed with the appropriate options, performing the inverse operation.
-Option \fI-H\fP is incompatible with options
-.IR \-a ,
-.IR \-b ,
-.IR \-E ,
-.IR \-f ,
-.IR \-H ,
-.IR \-h ,
-.IR \-p ,
-.IR \-S ,
+Option \fB\-H\fP is incompatible with options
+.BR \-a ,
+.BR \-b ,
+.BR \-E ,
+.BR \-f ,
+.BR \-H ,
+.BR \-h ,
+.BR \-p ,
+.BR \-S ,
and
-.IR \-s .
+.BR \-s .
.SH OPTIONS
.TP
.TP
@@ -57,7 +57,7 @@ Set a comma-separated list of attribute selectors.
.BI \-b \ searchbase
Set the \fIsearchbase\fP.
.TP
-.B \-E \fI[!]ext[=extparam]\fP
+.BR \-E \ [ ! ] \fIext\fP [ =\fIextparam\fP ]
Set URL extensions; \'!\' indicates criticality.
.TP
.BI \-f \ filter
@@ -77,22 +77,22 @@ Set the TCP port.
Set the URL scheme. Defaults for other fields, like \fIldapport\fP,
may depend on the value of \fIscheme\fP.
.TP
-.BI \-s \ base\fR\||\|\fIone\fR\||\|\fIsub\fR\||\|\fIchildren
+.BR \-s \ { base \||\| one \||\| sub \||\| children }
Specify the scope of the search to be one of
-.IR base ,
-.IR one ,
-.IR sub ,
+.BR base ,
+.BR one ,
+.BR sub ,
or
-.I children
+.B children
to specify a base object, one-level, subtree, or children search.
The default is
-.IR sub .
+.BR sub .
Note:
-.I children
+.B children
scope requires LDAPv3 subordinate feature extension.
.SH OUTPUT FORMAT
-If the \fI-H\fP option is used, the \fIldapuri\fP supplied
+If the \fB\-H\fP option is used, the \fIldapuri\fP supplied
is exploded in its components, which are printed to standard output
in an LDIF-like form.
.LP
@@ -102,7 +102,7 @@ is printed to standard output.
The following command:
.LP
.nf
- ldapuri -h ldap.example.com -b dc=example,dc=com -s sub -f (cn=Some One)
+ ldapuri \-h ldap.example.com \-b dc=example,dc=com \-s sub \-f "(cn=Some One)"
.fi
.LP
returns
@@ -114,7 +114,7 @@ returns
The command:
.LP
.nf
- ldapuri -H ldap://ldap.example.com:389/dc=example,dc=com??sub?(cn=Some%20One)
+ ldapuri \-H ldap://ldap.example.com:389/dc=example,dc=com??sub?(cn=Some%20One)
.fi
.LP
returns
diff --git a/doc/man/man1/ldapwhoami.1 b/doc/man/man1/ldapwhoami.1
index 159df0d932..3abb05313f 100644
--- a/doc/man/man1/ldapwhoami.1
+++ b/doc/man/man1/ldapwhoami.1
@@ -45,7 +45,7 @@ ldapwhoami \- LDAP who am i? tool
[\c
.BI \-Y \ mech\fR]
[\c
-.BR \-Z[Z] ]
+.BR \-Z [ Z ]]
.SH DESCRIPTION
.I ldapwhoami
implements the LDAP "Who Am I?" extended operation.
@@ -58,7 +58,7 @@ operation.
.B \-n
Show what would be done, but don't actually perform the whoami operation.
Useful for
-debugging in conjunction with -v.
+debugging in conjunction with \fB\-v\fP.
.TP
.B \-v
Run in verbose mode, with many diagnostics written to standard output.
@@ -73,7 +73,7 @@ Use simple authentication instead of SASL.
.TP
.BI \-D \ binddn
Use the Distinguished Name \fIbinddn\fP to bind to the LDAP directory.
-For SASL Binds, the server is expected to ignore this value.
+For SASL binds, the server is expected to ignore this value.
.TP
.B \-W
Prompt for simple authentication.
@@ -93,14 +93,11 @@ is expected.
.TP
.BI \-h \ ldaphost
Specify an alternate host on which the ldap server is running.
-Deprecated in favor of -H.
+Deprecated in favor of \fB\-H\fP.
.TP
.BI \-p \ ldapport
Specify an alternate TCP port where the ldap server is listening.
-Deprecated in favor of -H.
-.TP
-.BI \-P \ 2\fR\||\|\fI3
-Specify the LDAP protocol version to use.
+Deprecated in favor of \fB\-H\fP.
.TP
.BI \-O \ security-properties
Specify SASL security properties.
@@ -124,23 +121,20 @@ depends on the actual SASL mechanism used.
Specify the requested authorization ID for SASL bind.
.I authzid
must be one of the following formats:
-.B dn:\c
-.I <distinguished name>
+.BI dn: "<distinguished name>"
or
-.B u:\c
-.I <username>
+.BI u: <username>
.TP
.BI \-Y \ mech
Specify the SASL mechanism to be used for authentication. If it's not
specified, the program will choose the best mechanism the server knows.
.TP
-.B \-Z[Z]
+.BR \-Z [ Z ]
Issue StartTLS (Transport Layer Security) extended operation. If you use
-.B \-ZZ\c
-, the command will require the operation to be successful.
+\fB\-ZZ\fP, the command will require the operation to be successful.
.SH EXAMPLE
.nf
- ldapwhoami -x -D "cn=Manager,dc=example,dc=com" -W
+ ldapwhoami \-x \-D "cn=Manager,dc=example,dc=com" \-W
.fi
.SH "SEE ALSO"
.BR ldap.conf (5),
diff --git a/doc/man/man3/lber-decode.3 b/doc/man/man3/lber-decode.3
index bbc8ba4bc0..eb3c8c9c28 100644
--- a/doc/man/man3/lber-decode.3
+++ b/doc/man/man3/lber-decode.3
@@ -5,7 +5,7 @@
.SH NAME
ber_get_next, ber_skip_tag, ber_peek_tag, ber_scanf, ber_get_int, ber_get_enum, ber_get_stringb, ber_get_stringa, ber_get_stringal, ber_get_stringbv, ber_get_null, ber_get_boolean, ber_get_bitstring, ber_first_element, ber_next_element \- OpenLDAP LBER simplified Basic Encoding Rules library routines for decoding
.SH LIBRARY
-OpenLDAP LBER (liblber, -llber)
+OpenLDAP LBER (liblber, \-llber)
.SH SYNOPSIS
.B #include <lber.h>
.LP
diff --git a/doc/man/man3/lber-encode.3 b/doc/man/man3/lber-encode.3
index 0c56e2cbf8..30ede66a3f 100644
--- a/doc/man/man3/lber-encode.3
+++ b/doc/man/man3/lber-encode.3
@@ -5,7 +5,7 @@
.SH NAME
ber_alloc_t, ber_flush, ber_flush2, ber_printf, ber_put_int, ber_put_enum, ber_put_ostring, ber_put_string, ber_put_null, ber_put_boolean, ber_put_bitstring, ber_start_seq, ber_start_set, ber_put_seq, ber_put_set \- OpenLDAP LBER simplified Basic Encoding Rules library routines for encoding
.SH LIBRARY
-OpenLDAP LBER (liblber, -llber)
+OpenLDAP LBER (liblber, \-llber)
.SH SYNOPSIS
.B #include <lber.h>
.LP
@@ -266,14 +266,14 @@ can be achieved like so:
rc = ber_printf( ber, "{siiiib{v}}", dn, scope, ali,
size, time, attrsonly, attrs );
- if( rc == -1 ) {
+ if( rc == \-1 ) {
/* error */
} else {
/* success */
}
.fi
.SH ERRORS
-If an error occurs during encoding, generally these routines return -1.
+If an error occurs during encoding, generally these routines return \-1.
.LP
.SH NOTES
.LP
diff --git a/doc/man/man3/lber-memory.3 b/doc/man/man3/lber-memory.3
index 1a6e75b433..05fe20656b 100644
--- a/doc/man/man3/lber-memory.3
+++ b/doc/man/man3/lber-memory.3
@@ -5,7 +5,7 @@
.SH NAME
ber_memalloc, ber_memcalloc, ber_memrealloc, ber_memfree, ber_memvfree \- OpenLDAP LBER memory allocators
.SH LIBRARY
-OpenLDAP LBER (liblber, -llber)
+OpenLDAP LBER (liblber, \-llber)
.SH SYNOPSIS
.B #include <lber.h>
.LP
diff --git a/doc/man/man3/lber-sockbuf.3 b/doc/man/man3/lber-sockbuf.3
index fd4b1e9a79..0eda289566 100644
--- a/doc/man/man3/lber-sockbuf.3
+++ b/doc/man/man3/lber-sockbuf.3
@@ -5,7 +5,7 @@
.SH NAME
ber_sockbuf_alloc, ber_sockbuf_free, ber_sockbuf_ctrl, ber_sockbuf_add_io, ber_sockbuf_remove_io, Sockbuf_IO \- OpenLDAP LBER I/O infrastructure
.SH LIBRARY
-OpenLDAP LBER (liblber, -llber)
+OpenLDAP LBER (liblber, \-llber)
.SH SYNOPSIS
.B #include <lber.h>
.LP
@@ -83,7 +83,7 @@ Retrieves the file descriptor associated to the
.B arg
must be a
.BR "ber_socket_t *" .
-The return value will be 1 if a valid descriptor was present, -1 otherwise.
+The return value will be 1 if a valid descriptor was present, \-1 otherwise.
.TP
.B LBER_SB_OPT_SET_FD
Sets the file descriptor of the
@@ -101,7 +101,7 @@ the
.BR Sockbuf .
.B arg
should be NULL to disable and non-NULL to enable the non-blocking state.
-The return value will be 1 for success, -1 otherwise.
+The return value will be 1 for success, \-1 otherwise.
.TP
.B LBER_SB_OPT_DRAIN
Flush (read and discard) all available input on the
diff --git a/doc/man/man3/lber-types.3 b/doc/man/man3/lber-types.3
index b777d3e77a..fbeeb8fde2 100644
--- a/doc/man/man3/lber-types.3
+++ b/doc/man/man3/lber-types.3
@@ -5,7 +5,7 @@
.SH NAME
ber_int_t, ber_uint_t, ber_len_t, ber_slen_t, ber_tag_t, struct berval, BerValue, BerVarray, BerElement, ber_bvfree, ber_bvecfree, ber_bvecadd, ber_bvarray_free, ber_bvarray_add, ber_bvdup, ber_dupbv, ber_bvstr, ber_bvstrdup, ber_str2bv, ber_alloc_t, ber_init, ber_init2, ber_free \- OpenLDAP LBER types and allocation functions
.SH LIBRARY
-OpenLDAP LBER (liblber, -llber)
+OpenLDAP LBER (liblber, \-llber)
.SH SYNOPSIS
.B #include <lber.h>
.LP
diff --git a/doc/man/man3/ldap.3 b/doc/man/man3/ldap.3
index c6ce70d964..7b41f46c34 100644
--- a/doc/man/man3/ldap.3
+++ b/doc/man/man3/ldap.3
@@ -5,7 +5,7 @@
.SH NAME
ldap \- OpenLDAP Lightweight Directory Access Protocol API
.SH LIBRARY
-OpenLDAP LDAP (libldap, -lldap)
+OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
@@ -77,15 +77,15 @@ should use
to select version 3. The library manual pages assume version 3
has been selected.
.SH INPUT and OUTPUT PARAMETERS
-All character string input/output is expected to be/is UTF\-8
+All character string input/output is expected to be/is UTF-8
encoded Unicode (version 3.2).
.LP
Distinguished names (DN) (and relative distinguished names (RDN) to
-be passed to the LDAP routines should conform to RFC 4514 UTF\-8
+be passed to the LDAP routines should conform to RFC 4514 UTF-8
string representation.
.LP
Search filters to be passed to the search routines are to be
-constructed by hand and should conform to RFC 4515 UTF\-8
+constructed by hand and should conform to RFC 4515 UTF-8
string representation.
.LP
LDAP URLs to be passed to routines are expected to conform
diff --git a/doc/man/man3/ldap_abandon.3 b/doc/man/man3/ldap_abandon.3
index 7d2146ce21..5373fe3d41 100644
--- a/doc/man/man3/ldap_abandon.3
+++ b/doc/man/man3/ldap_abandon.3
@@ -5,7 +5,7 @@
.SH NAME
ldap_abandon_ext \- Abandon an LDAP operation in progress
.SH LIBRARY
-OpenLDAP LDAP (libldap, -lldap)
+OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.B
diff --git a/doc/man/man3/ldap_add.3 b/doc/man/man3/ldap_add.3
index e6a054a915..54da417b2d 100644
--- a/doc/man/man3/ldap_add.3
+++ b/doc/man/man3/ldap_add.3
@@ -5,7 +5,7 @@
.SH NAME
ldap_add_ext, ldap_add_ext_s \- Perform an LDAP add operation
.SH LIBRARY
-OpenLDAP LDAP (libldap, -lldap)
+OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.ft B
#include <ldap.h>
diff --git a/doc/man/man3/ldap_bind.3 b/doc/man/man3/ldap_bind.3
index 20f65c6cca..d4b12503a0 100644
--- a/doc/man/man3/ldap_bind.3
+++ b/doc/man/man3/ldap_bind.3
@@ -5,7 +5,7 @@
.SH NAME
ldap_bind, ldap_bind_s, ldap_simple_bind, ldap_simple_bind_s, ldap_sasl_bind, ldap_sasl_bind_s, ldap_sasl_interactive_bind_s, ldap_parse_sasl_bind_result, ldap_unbind, ldap_unbind_s, ldap_unbind_ext, ldap_unbind_ext_s, ldap_set_rebind_proc \- LDAP bind routines
.SH LIBRARY
-OpenLDAP LDAP (libldap, -lldap)
+OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.B #include <ldap.h>
@@ -267,7 +267,7 @@ and
.B ldap_unbind_ext_s()
allows the operations to specify controls.
.SH ERRORS
-Asynchronous routines will return -1 in case of error, setting the
+Asynchronous routines will return \-1 in case of error, setting the
\fIld_errno\fP parameter of the \fIld\fP structure. Synchronous
routines return whatever \fIld_errno\fP is set to. See
.BR ldap_error (3)
diff --git a/doc/man/man3/ldap_compare.3 b/doc/man/man3/ldap_compare.3
index 30d9ce1c85..d1c54d83ea 100644
--- a/doc/man/man3/ldap_compare.3
+++ b/doc/man/man3/ldap_compare.3
@@ -5,7 +5,7 @@
.SH NAME
ldap_compare, ldap_compare_s, ldap_compare_ext, ldap_compare_ext_s \- Perform an LDAP compare operation.
.SH LIBRARY
-OpenLDAP LDAP (libldap, -lldap)
+OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
diff --git a/doc/man/man3/ldap_controls.3 b/doc/man/man3/ldap_controls.3
index dcda029e3b..526c887fae 100644
--- a/doc/man/man3/ldap_controls.3
+++ b/doc/man/man3/ldap_controls.3
@@ -7,7 +7,7 @@ ldap_control_create, ldap_control_find, ldap_control_dup,
ldap_controls_dup, ldap_control_free, ldap_controls_free
\- LDAP control manipulation routines
.SH LIBRARY
-OpenLDAP LDAP (libldap, -lldap)
+OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.B #include <ldap.h>
.LP
diff --git a/doc/man/man3/ldap_delete.3 b/doc/man/man3/ldap_delete.3
index 42ff0a835d..a5c9418888 100644
--- a/doc/man/man3/ldap_delete.3
+++ b/doc/man/man3/ldap_delete.3
@@ -5,7 +5,7 @@
.SH NAME
ldap_delete, ldap_delete_s, ldap_delete_ext, ldap_delete_ext_s \- Perform an LDAP delete operation.
.SH LIBRARY
-OpenLDAP LDAP (libldap, -lldap)
+OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
@@ -74,7 +74,7 @@ by calling one of
.BR ldap_perror (3)
and friends.
.B ldap_delete()
-returns -1 if something went wrong initiating the request. It returns the
+returns \-1 if something went wrong initiating the request. It returns the
non-negative message id of the request if things went ok.
.LP
.B ldap_delete_ext()
diff --git a/doc/man/man3/ldap_error.3 b/doc/man/man3/ldap_error.3
index 0167f4e0e7..c3809c5159 100644
--- a/doc/man/man3/ldap_error.3
+++ b/doc/man/man3/ldap_error.3
@@ -5,7 +5,7 @@
.SH NAME
ldap_perror, ld_errno, ldap_result2error, ldap_errlist, ldap_err2string \- LDAP protocol error handling routines
.SH LIBRARY
-OpenLDAP LDAP (libldap, -lldap)
+OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
diff --git a/doc/man/man3/ldap_extended_operation.3 b/doc/man/man3/ldap_extended_operation.3
index 6a2f913dcb..656fa0335a 100644
--- a/doc/man/man3/ldap_extended_operation.3
+++ b/doc/man/man3/ldap_extended_operation.3
@@ -5,7 +5,7 @@
.SH NAME
ldap_extended_operation, ldap_extended_operation_s \- Extends the LDAP operations to the LDAP server.
.SH LIBRARY
-OpenLDAP LDAP (libldap, -lldap)
+OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
diff --git a/doc/man/man3/ldap_first_attribute.3 b/doc/man/man3/ldap_first_attribute.3
index ce21416d75..db68db3d81 100644
--- a/doc/man/man3/ldap_first_attribute.3
+++ b/doc/man/man3/ldap_first_attribute.3
@@ -5,7 +5,7 @@
.SH NAME
ldap_first_attribute, ldap_next_attribute \- step through LDAP entry attributes
.SH LIBRARY
-OpenLDAP LDAP (libldap, -lldap)
+OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
diff --git a/doc/man/man3/ldap_first_entry.3 b/doc/man/man3/ldap_first_entry.3
index 65dd6ed97b..e20538e4a0 100644
--- a/doc/man/man3/ldap_first_entry.3
+++ b/doc/man/man3/ldap_first_entry.3
@@ -5,7 +5,7 @@
.SH NAME
ldap_first_entry, ldap_next_entry, ldap_count_entries \- LDAP result entry parsing and counting routines
.SH LIBRARY
-OpenLDAP LDAP (libldap, -lldap)
+OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
diff --git a/doc/man/man3/ldap_first_message.3 b/doc/man/man3/ldap_first_message.3
index 7feb36d980..c718e3000f 100644
--- a/doc/man/man3/ldap_first_message.3
+++ b/doc/man/man3/ldap_first_message.3
@@ -5,7 +5,7 @@
.SH NAME
ldap_first_message, ldap_next_message, ldap_count_messages \- Stepping through messages in a result chain
.SH LIBRARY
-OpenLDAP LDAP (libldap, -lldap)
+OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
diff --git a/doc/man/man3/ldap_first_reference.3 b/doc/man/man3/ldap_first_reference.3
index 728df31411..004604e96c 100644
--- a/doc/man/man3/ldap_first_reference.3
+++ b/doc/man/man3/ldap_first_reference.3
@@ -5,7 +5,7 @@
.SH NAME
ldap_first_reference, ldap_next_reference, ldap_count_references \- Stepping through continuation references in a result chain
.SH LIBRARY
-OpenLDAP LDAP (libldap, -lldap)
+OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
diff --git a/doc/man/man3/ldap_get_dn.3 b/doc/man/man3/ldap_get_dn.3
index 4dd3ece6e0..0ce5c2e168 100644
--- a/doc/man/man3/ldap_get_dn.3
+++ b/doc/man/man3/ldap_get_dn.3
@@ -5,7 +5,7 @@
.SH NAME
ldap_get_dn, ldap_explode_dn, ldap_explode_rdn, ldap_dn2ufn \- LDAP DN handling routines
.SH LIBRARY
-OpenLDAP LDAP (libldap, -lldap)
+OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
diff --git a/doc/man/man3/ldap_get_option.3 b/doc/man/man3/ldap_get_option.3
index a7f1939ed4..a9631db4c8 100644
--- a/doc/man/man3/ldap_get_option.3
+++ b/doc/man/man3/ldap_get_option.3
@@ -5,7 +5,7 @@
.SH NAME
ldap_get_option, ldap_set_option \- LDAP option handling routines
.SH LIBRARY
-OpenLDAP LDAP (libldap, -lldap)
+OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.B #include <ldap.h>
@@ -66,7 +66,7 @@ and
.B invalue
must be a
.BR "struct timeval *" ,
-and they cannot be NULL. Using a struct with seconds set to -1 results
+and they cannot be NULL. Using a struct with seconds set to \-1 results
in an infinite timeout, which is the default.
.TP
.B LDAP_OPT_NETWORK_TIMEOUT
@@ -84,7 +84,7 @@ and
.B invalue
must be a
.BR "struct timeval *" ,
-and they cannot be NULL. Using a struct with seconds set to -1 results
+and they cannot be NULL. Using a struct with seconds set to \-1 results
in an infinite timeout, which is the default.
.TP
.B LDAP_OPT_DEREF
diff --git a/doc/man/man3/ldap_get_values.3 b/doc/man/man3/ldap_get_values.3
index 5b0ac49e27..d157fc6073 100644
--- a/doc/man/man3/ldap_get_values.3
+++ b/doc/man/man3/ldap_get_values.3
@@ -5,7 +5,7 @@
.SH NAME
ldap_get_values, ldap_get_values_len, ldap_count_values \- LDAP attribute value handling routines
.SH LIBRARY
-OpenLDAP LDAP (libldap, -lldap)
+OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
diff --git a/doc/man/man3/ldap_memory.3 b/doc/man/man3/ldap_memory.3
index 94e403c854..f3e8e8e309 100644
--- a/doc/man/man3/ldap_memory.3
+++ b/doc/man/man3/ldap_memory.3
@@ -5,7 +5,7 @@
.SH NAME
ldap_memfree, ldap_memvfree, ldap_memalloc, ldap_memcalloc, ldap_memrealloc, ldap_strdup \- LDAP memory allocation routines
.SH LIBRARY
-OpenLDAP LDAP (libldap, -lldap)
+OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.B #include <ldap.h>
.LP
diff --git a/doc/man/man3/ldap_modify.3 b/doc/man/man3/ldap_modify.3
index 8fa2c884b7..8425834e51 100644
--- a/doc/man/man3/ldap_modify.3
+++ b/doc/man/man3/ldap_modify.3
@@ -5,7 +5,7 @@
.SH NAME
ldap_modify_ext, ldap_modify_ext_s \- Perform an LDAP modify operation
.SH LIBRARY
-OpenLDAP LDAP (libldap, -lldap)
+OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
diff --git a/doc/man/man3/ldap_modrdn.3 b/doc/man/man3/ldap_modrdn.3
index aa4e6ea17f..7e6f692faa 100644
--- a/doc/man/man3/ldap_modrdn.3
+++ b/doc/man/man3/ldap_modrdn.3
@@ -5,7 +5,7 @@
.SH NAME
ldap_modrdn, ldap_modrdn_s, ldap_modrdn2, ldap_modrdn2_s \- Perform an LDAP modify RDN operation
.SH LIBRARY
-OpenLDAP LDAP (libldap, -lldap)
+OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
@@ -68,7 +68,7 @@ the entry or not.
.SH ERRORS
The synchronous (_s) versions of these routines return an LDAP error
code, either LDAP_SUCCESS or an error if there was trouble.
-The asynchronous versions return -1 in case
+The asynchronous versions return \-1 in case
of trouble, setting the
.B ld_errno
field of \fIld\fP. See
diff --git a/doc/man/man3/ldap_open.3 b/doc/man/man3/ldap_open.3
index 146f50a6e5..0636fc9255 100644
--- a/doc/man/man3/ldap_open.3
+++ b/doc/man/man3/ldap_open.3
@@ -5,7 +5,7 @@
.SH NAME
ldap_init, ldap_initialize, ldap_open \- Initialize the LDAP library and open a connection to an LDAP server
.SH LIBRARY
-OpenLDAP LDAP (libldap, -lldap)
+OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
diff --git a/doc/man/man3/ldap_parse_reference.3 b/doc/man/man3/ldap_parse_reference.3
index 4489933d40..fc409b576a 100644
--- a/doc/man/man3/ldap_parse_reference.3
+++ b/doc/man/man3/ldap_parse_reference.3
@@ -5,7 +5,7 @@
.SH NAME
ldap_parse_reference \- Extract referrals and controls from a reference message
.SH LIBRARY
-OpenLDAP LDAP (libldap, -lldap)
+OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
diff --git a/doc/man/man3/ldap_parse_result.3 b/doc/man/man3/ldap_parse_result.3
index ce341f331b..dc6fe11b4a 100644
--- a/doc/man/man3/ldap_parse_result.3
+++ b/doc/man/man3/ldap_parse_result.3
@@ -5,7 +5,7 @@
.SH NAME
ldap_parse_result \- Parsing results
.SH LIBRARY
-OpenLDAP LDAP (libldap, -lldap)
+OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
diff --git a/doc/man/man3/ldap_parse_sort_control.3 b/doc/man/man3/ldap_parse_sort_control.3
index a46b0e8fdb..9d865e83b2 100644
--- a/doc/man/man3/ldap_parse_sort_control.3
+++ b/doc/man/man3/ldap_parse_sort_control.3
@@ -5,7 +5,7 @@
.SH NAME
ldap_parse_sort_control \- Decode the information returned from a search operation that used a server-side sort control
.SH LIBRARY
-OpenLDAP LDAP (libldap, -lldap)
+OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
diff --git a/doc/man/man3/ldap_parse_vlv_control.3 b/doc/man/man3/ldap_parse_vlv_control.3
index b0fb45e597..d71bda1175 100644
--- a/doc/man/man3/ldap_parse_vlv_control.3
+++ b/doc/man/man3/ldap_parse_vlv_control.3
@@ -5,7 +5,7 @@
.SH NAME
ldap_parse_vlv_control \- Decode the information returned from a search operation that used a VLV (virtual list view) control
.SH LIBRARY
-OpenLDAP LDAP (libldap, -lldap)
+OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
diff --git a/doc/man/man3/ldap_rename.3 b/doc/man/man3/ldap_rename.3
index d0ee439b23..7a0b453f38 100644
--- a/doc/man/man3/ldap_rename.3
+++ b/doc/man/man3/ldap_rename.3
@@ -5,7 +5,7 @@
.SH NAME
ldap_rename, ldap_rename_s \- Renames the specified entry.
.SH LIBRARY
-OpenLDAP LDAP (libldap, -lldap)
+OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
@@ -54,7 +54,7 @@ it initiated. The result of this operation can be obtained by calling
.BR ldap_result(3).
.SH ERRORS
.B ldap_rename()
-returns -1 in case of error initiating the request, and
+returns \-1 in case of error initiating the request, and
will set the \fIld_errno\fP field in the \fIld\fP parameter to
indicate the error.
.BR ldap_rename_s()
diff --git a/doc/man/man3/ldap_result.3 b/doc/man/man3/ldap_result.3
index 65aca1e44d..b2866cdbd3 100644
--- a/doc/man/man3/ldap_result.3
+++ b/doc/man/man3/ldap_result.3
@@ -5,7 +5,7 @@
.SH NAME
ldap_result \- Wait for the result of an LDAP operation
.SH LIBRARY
-OpenLDAP LDAP (libldap, -lldap)
+OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
@@ -29,7 +29,7 @@ an operation previously initiated by one of the LDAP asynchronous
operation routines (e.g.,
.BR ldap_search_ext (3),
.BR ldap_modify_ext (3),
-etc.). Those routines all return -1 in case of error, and an
+etc.). Those routines all return \-1 in case of error, and an
invocation identifier upon successful initiation of the operation. The
invocation identifier is picked by the library and is guaranteed to be
unique across the LDAP session. It can be used to request the result
@@ -118,12 +118,12 @@ The
routine returns the message id of a message.
.SH ERRORS
.B ldap_result()
-returns -1 if something bad happens, and zero if the
+returns \-1 if something bad happens, and zero if the
timeout specified was exceeded.
.B ldap_msgtype()
and
.B ldap_msgid()
-return -1 on error.
+return \-1 on error.
.SH SEE ALSO
.BR ldap (3),
.BR ldap_first_message (3),
diff --git a/doc/man/man3/ldap_schema.3 b/doc/man/man3/ldap_schema.3
index 8323709985..0fc4fd1537 100644
--- a/doc/man/man3/ldap_schema.3
+++ b/doc/man/man3/ldap_schema.3
@@ -5,7 +5,7 @@
.SH NAME
ldap_str2syntax, ldap_syntax2str, ldap_syntax2name, ldap_syntax_free, ldap_str2matchingrule, ldap_matchingrule2str, ldap_matchingrule2name, ldap_matchingrule_free, ldap_str2attributetype, ldap_attributetype2str, ldap_attributetype2name, ldap_attributetype_free, ldap_str2objectclass, ldap_objectclass2str, ldap_objectclass2name, ldap_objectclass_free, ldap_scherr2str \- Schema definition handling routines
.SH LIBRARY
-OpenLDAP LDAP (libldap, -lldap)
+OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
diff --git a/doc/man/man3/ldap_search.3 b/doc/man/man3/ldap_search.3
index 787dd1c7a3..770ed3b5bd 100644
--- a/doc/man/man3/ldap_search.3
+++ b/doc/man/man3/ldap_search.3
@@ -5,7 +5,7 @@
.SH NAME
ldap_search, ldap_search_s, ldap_search_st, ldap_search_ext, ldap_search_ext_s \- Perform an LDAP search operation
.SH LIBRARY
-OpenLDAP LDAP (libldap, -lldap)
+OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
diff --git a/doc/man/man3/ldap_sort.3 b/doc/man/man3/ldap_sort.3
index 0af6cb74a2..ec916840e6 100644
--- a/doc/man/man3/ldap_sort.3
+++ b/doc/man/man3/ldap_sort.3
@@ -5,7 +5,7 @@
.SH NAME
ldap_sort_entries, ldap_sort_values, ldap_sort_strcasecmp \- LDAP sorting routines (deprecated)
.SH LIBRARY
-OpenLDAP LDAP (libldap, -lldap)
+OpenLDAP LDAP (libldap, \-lldap)
.SH DESCRIPTION
The
.BR ldap_sort_entries (),
diff --git a/doc/man/man3/ldap_sync.3 b/doc/man/man3/ldap_sync.3
index 5638191701..cdb2cdc0cb 100644
--- a/doc/man/man3/ldap_sync.3
+++ b/doc/man/man3/ldap_sync.3
@@ -5,7 +5,7 @@
.SH NAME
ldap_sync_init, ldap_sync_init_refresh_only, ldap_sync_init_refresh_and_persist, ldap_sync_poll \- LDAP sync routines
.SH LIBRARY
-OpenLDAP LDAP (libldap, -lldap)
+OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.B #include <ldap.h>
@@ -98,7 +98,7 @@ to indicate no limit.
The desired timeout during polling with
.BR ldap_sync_poll (3).
A value of
-.BR -1
+.BR \-1
means that polling is blocking, so
.BR ldap_sync_poll (3)
will not return until a message is received; a value of
@@ -218,7 +218,7 @@ the regular client API routines, like
.BR ldap_parse_result (3).
The
.BR refreshDeletes
-argument is not relevant in this case; it should always be -1.
+argument is not relevant in this case; it should always be \-1.
.TP
.BI "void *" ls_private
A pointer to private data. The client may register here
@@ -291,7 +291,7 @@ in this case, it might be appropriate to set
.BR ls_timeout
to 0, or to set it to a finite, small value.
Otherwise, if the client's main purpose consists in waiting for
-responses, a timeout of -1 is most suitable, so that the function
+responses, a timeout of \-1 is most suitable, so that the function
only returns after some data has been received and handled.
.SH ERRORS
diff --git a/doc/man/man3/ldap_tls.3 b/doc/man/man3/ldap_tls.3
index 1439da7d2a..b69efabf93 100644
--- a/doc/man/man3/ldap_tls.3
+++ b/doc/man/man3/ldap_tls.3
@@ -5,7 +5,7 @@
.SH NAME
ldap_start_tls, ldap_start_tls_s, ldap_tls_inplace, ldap_install_tls \- LDAP TLS initialization routines
.SH LIBRARY
-OpenLDAP LDAP (libldap, -lldap)
+OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.B #include <ldap.h>
.LP
diff --git a/doc/man/man3/ldap_url.3 b/doc/man/man3/ldap_url.3
index 0ede2ccaa8..3e7cdd6355 100644
--- a/doc/man/man3/ldap_url.3
+++ b/doc/man/man3/ldap_url.3
@@ -5,7 +5,7 @@
.SH NAME
ldap_is_ldap_url, ldap_url_parse, ldap_free_urldesc \- LDAP Uniform Resource Locator routines
.SH LIBRARY
-OpenLDAP LDAP (libldap, -lldap)
+OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
diff --git a/doc/man/man5/ldap.conf.5 b/doc/man/man5/ldap.conf.5
index e4b43af6b0..cea93fab19 100644
--- a/doc/man/man5/ldap.conf.5
+++ b/doc/man/man5/ldap.conf.5
@@ -40,7 +40,7 @@ The name of the variable is the option name with an added prefix of \fBLDAP\fP.
For example, to define \fBBASE\fP via the environment, set the variable
\fBLDAPBASE\fP to the desired value.
.LP
-Some options are user\-only. Such options are ignored if present
+Some options are user-only. Such options are ignored if present
in the
.I ldap.conf
(or file specified by
@@ -127,7 +127,7 @@ The base must be specified as a Distinguished Name in LDAP format.
.B BINDDN <dn>
Specifies the default bind DN to use when performing ldap operations.
The bind DN must be specified as a Distinguished Name in LDAP format.
-.B This is a user\-only option.
+.B This is a user-only option.
.TP
.B DEREF <when>
Specifies how alias dereferencing is done when performing a search. The
@@ -211,19 +211,19 @@ there are more options you can specify.
.TP
.B SASL_MECH <mechanism>
Specifies the SASL mechanism to use.
-.B This is a user\-only option.
+.B This is a user-only option.
.TP
.B SASL_REALM <realm>
Specifies the SASL realm.
-.B This is a user\-only option.
+.B This is a user-only option.
.TP
.B SASL_AUTHCID <authcid>
Specifies the authentication identity.
-.B This is a user\-only option.
+.B This is a user-only option.
.TP
.B SASL_AUTHZID <authcid>
Specifies the proxy authorization identity.
-.B This is a user\-only option.
+.B This is a user-only option.
.TP
.B SASL_SECPROPS <properties>
Specifies Cyrus SASL security properties. The
@@ -312,7 +312,7 @@ This parameter is ignored with GNUtls.
.TP
.B TLS_CERT <filename>
Specifies the file that contains the client certificate.
-.B This is a user\-only option.
+.B This is a user-only option.
.TP
.B TLS_KEY <filename>
Specifies the file that contains the private key that matches the certificate
@@ -320,7 +320,7 @@ stored in the
.B TLS_CERT
file. Currently, the private key must not be protected with a password, so
it is of critical importance that the key file is protected carefully.
-.B This is a user\-only option.
+.B This is a user-only option.
.TP
.B TLS_CIPHER_SUITE <cipher-suite-spec>
Specifies acceptable cipher suite and preference order.
@@ -330,13 +330,13 @@ e.g., HIGH:MEDIUM:+SSLv2.
To check what ciphers a given spec selects, use:
.nf
- openssl ciphers -v <cipher-suite-spec>
+ openssl ciphers \-v <cipher-suite-spec>
.fi
To obtain the list of ciphers in GNUtls use:
.nf
- gnutls-cli -l
+ gnutls-cli \-l
.fi
.TP
.B TLS_RANDFILE <filename>
diff --git a/doc/man/man5/ldif.5 b/doc/man/man5/ldif.5
index 9b8696fadd..9312ca2aa6 100644
--- a/doc/man/man5/ldif.5
+++ b/doc/man/man5/ldif.5
@@ -136,7 +136,7 @@ of \fImodify\fP, the format is one or more of the following:
<attrdesc>: <value1>
<attrdesc>: <value2>
...
- -
+ \-
.fi
.LP
Or, for a replace modification:
@@ -146,7 +146,7 @@ Or, for a replace modification:
<attrdesc>: <value1>
<attrdesc>: <value2>
...
- -
+ \-
.fi
.LP
If no \fIattributetype\fP lines are given to replace,
@@ -159,7 +159,7 @@ Or, for a delete modification:
<attrdesc>: <value1>
<attrdesc>: <value2>
...
- -
+ \-
.fi
.LP
If no \fIattributetype\fP lines are given to delete,
@@ -215,13 +215,13 @@ of each type of change.
add: givenName
givenName: Barbara
givenName: babs
- -
+ \-
replace: description
description: the fabulous babs
- -
+ \-
delete: sn
sn: jensen
- -
+ \-
dn: cn=Babs Jensen,dc=example,dc=com
changetype: modrdn
@@ -270,7 +270,7 @@ commands.
.BR ldapmodify (1),
.BR slapadd (8),
.BR slapcat (8),
-.BR slapd-ldif (5),
+.BR slapd\-ldif (5),
.BR slapd.replog (5).
.LP
"LDAP Data Interchange Format," Good, G., RFC 2849.
diff --git a/doc/man/man5/slapd-bdb.5 b/doc/man/man5/slapd-bdb.5
index 94aaece6e8..ec3210e0ae 100644
--- a/doc/man/man5/slapd-bdb.5
+++ b/doc/man/man5/slapd-bdb.5
@@ -3,7 +3,7 @@
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.\" $OpenLDAP$
.SH NAME
-slapd-bdb, slapd-hdb \- Berkeley DB backends to slapd
+slapd\-bdb, slapd\-hdb \- Berkeley DB backends to slapd
.SH SYNOPSIS
.B ETCDIR/slapd.conf
.SH DESCRIPTION
@@ -83,7 +83,7 @@ or
.B cryptfile
may be configured.
.TP
-.BI dbconfig \ <Berkeley\-DB\-setting>
+.BI dbconfig \ <Berkeley-DB-setting>
Specify a configuration directive to be placed in the
.B DB_CONFIG
file of the database directory. The
@@ -123,7 +123,7 @@ file is 16, the default for all other files depends on the size of the
underlying filesystem's block size (typically 4 or 8).
The maximum that BerkeleyDB supports is 64. This
setting usually should not need to be changed, but if BerkeleyDB's
-"db_stat -d" shows a large amount of overflow pages in use in a file,
+"db_stat \-d" shows a large amount of overflow pages in use in a file,
setting a larger size may increase performance at the expense of
data integrity. This setting only takes effect when a database is
being newly created. See the Berkeley DB reference guide for more details.
@@ -133,7 +133,7 @@ Specify the directory where the BDB files containing this database and
associated indexes live.
A separate directory must be specified for each database.
The default is
-.BR LOCALSTATEDIR/openldap-data .
+.BR LOCALSTATEDIR/openldap\-data .
.TP
.B dirtyread
Allow reads of modified but not yet committed data.
diff --git a/doc/man/man5/slapd-config.5 b/doc/man/man5/slapd-config.5
index 06197ed4dd..c95c2a87ac 100644
--- a/doc/man/man5/slapd-config.5
+++ b/doc/man/man5/slapd-config.5
@@ -3,7 +3,7 @@
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.\" $OpenLDAP$
.SH NAME
-slapd-config \- configuration backend to slapd
+slapd\-config \- configuration backend to slapd
.SH SYNOPSIS
ETCDIR/slapd.d
.SH DESCRIPTION
@@ -109,7 +109,7 @@ reading the attribute via LDAP, the items will be returned as individual
attribute values.
Backend-specific options are discussed in the
-.B slapd-<backend>(5)
+.B slapd\-<backend>(5)
manual pages. Refer to the "OpenLDAP Administrator's Guide" for more
details on configuring slapd.
.SH GLOBAL CONFIGURATION OPTIONS
@@ -148,26 +148,26 @@ server's command line (program name and options).
.TP
.B olcAttributeOptions: <option-name>...
Define tagging attribute options or option tag/range prefixes.
-Options must not end with `-', prefixes must end with `-'.
-The `lang-' prefix is predefined.
+Options must not end with `\-', prefixes must end with `\-'.
+The `lang\-' prefix is predefined.
If you use the
.B olcAttributeOptions
-directive, `lang-' will no longer be defined and you must specify it
+directive, `lang\-' will no longer be defined and you must specify it
explicitly if you want it defined.
An attribute description with a tagging option is a subtype of that
attribute description without the option.
Except for that, options defined this way have no special semantics.
-Prefixes defined this way work like the `lang-' options:
+Prefixes defined this way work like the `lang\-' options:
They define a prefix for tagging options starting with the prefix.
-That is, if you define the prefix `x-foo-', you can use the option
-`x-foo-bar'.
+That is, if you define the prefix `x\-foo\-', you can use the option
+`x\-foo\-bar'.
Furthermore, in a search or compare, a prefix or range name (with
-a trailing `-') matches all options starting with that name, as well
-as the option with the range name sans the trailing `-'.
-That is, `x-foo-bar-' matches `x-foo-bar' and `x-foo-bar-baz'.
+a trailing `\-') matches all options starting with that name, as well
+as the option with the range name sans the trailing `\-'.
+That is, `x\-foo\-bar\-' matches `x\-foo\-bar' and `x\-foo\-bar\-baz'.
-RFC 4520 reserves options beginning with `x-' for private experiments.
+RFC 4520 reserves options beginning with `x\-' for private experiments.
Other options should be registered with IANA, see RFC 4520 section 3.5.
OpenLDAP also has the `binary' option built in, but this is a transfer
option, not a tagging option.
@@ -436,7 +436,7 @@ A SIGHUP signal will only cause a 'gentle' shutdown-attempt:
will stop listening for new connections, but will not close the
connections to the current clients. Future write operations return
unwilling-to-perform, though. Slapd terminates when all clients
-have closed their connections (if they ever do), or \- as before \-
+have closed their connections (if they ever do), or - as before -
if it receives a SIGTERM signal. This can be useful if you wish to
terminate the server and start a new
.B slapd
@@ -601,7 +601,7 @@ or as a list of the names that are shown between brackets, such that
are equivalent.
The keyword
.B any
-can be used as a shortcut to enable logging at all levels (equivalent to -1).
+can be used as a shortcut to enable logging at all levels (equivalent to \-1).
The keyword
.BR none ,
or the equivalent integer representation, causes those messages
@@ -652,7 +652,7 @@ If multiple values are specified, each url is provided.
.B olcReverseLookup: TRUE | FALSE
Enable/disable client name unverified reverse lookup (default is
.BR FALSE
-if compiled with --enable-rlookups).
+if compiled with \-\-enable\-rlookups).
.TP
.B olcRootDSE: <file>
Specify the name of an LDIF(5) file containing user defined attributes
@@ -663,7 +663,7 @@ The root DSE is an entry with information about the server and its
capabilities, in operational attributes.
It has the empty DN, and can be read with e.g.:
.ti +4
-ldapsearch -x -b "" -s base "+"
+ldapsearch \-x \-b "" \-s base "+"
.br
See RFC 4512 section 5.1 for details.
.TP
@@ -776,13 +776,13 @@ olcTLSCipherSuite: HIGH:MEDIUM:+SSLv2
To check what ciphers a given spec selects in OpenSSL, use:
.nf
- openssl ciphers -v <cipher-suite-spec>
+ openssl ciphers \-v <cipher-suite-spec>
.fi
To obtain the list of ciphers in GNUtls use:
.nf
- gnutls-cli -l
+ gnutls-cli \-l
.fi
.TP
.B olcTLSCACertificateFile: <filename>
@@ -893,7 +893,7 @@ is only valid when using GNUtls.
.SH DYNAMIC MODULE OPTIONS
If
.B slapd
-is compiled with --enable-modules then the module-related entries will
+is compiled with \-\-enable\-modules then the module-related entries will
be available. These entries are named
.B cn=module{x},cn=config
and
@@ -1023,7 +1023,7 @@ and must have the olcDatabaseConfig objectClass. Normally the config
engine generates the "{x}" index in the RDN automatically, so it
can be omitted when initially loading these entries.
-The special frontend database is always numbered "{-1}" and the config
+The special frontend database is always numbered "{\-1}" and the config
database is always numbered "{0}".
.SH GLOBAL DATABASE OPTIONS
@@ -1615,7 +1615,7 @@ attribute.
.B [sizelimit=<limit>]
.B [timelimit=<limit>]
.B [schemachecking=on|off]
-.B [network-timeout=<seconds>]
+.B [network\-timeout=<seconds>]
.B [timeout=<seconds>]
.B [bindmethod=simple|sasl]
.B [binddn=<dn>]
@@ -1720,7 +1720,7 @@ consumer site by turning on the
parameter. The default is off.
The
-.B network-timeout
+.B network\-timeout
parameter sets how long the consumer will wait to establish a
network connection to the provider. Once a connection is
established, the
@@ -1755,7 +1755,7 @@ The
.B authzid
parameter may be used to specify an authorization identity.
Specific security properties (as with the
-.B sasl-secprops
+.B sasl\-secprops
keyword above) for a SASL bind can be set with the
.B secprops
option. A non default SASL realm can be set with the
@@ -1786,7 +1786,7 @@ and
parameters must be set appropriately for the log that will be used. The
.B syncdata
parameter must be set to either "accesslog" if the log conforms to the
-.BR slapo-accesslog (5)
+.BR slapo\-accesslog (5)
log format, or "changelog" if the log conforms
to the obsolete \fIchangelog\fP format. If the
.B syncdata
@@ -1846,7 +1846,7 @@ dn: cn=config
objectClass: olcGlobal
cn: config
olcPidFile: LOCALSTATEDIR/run/slapd.pid
-olcAttributeOptions: x-hidden lang-
+olcAttributeOptions: x\-hidden lang\-
dn: cn=schema,cn=config
objectClass: olcSchemaConfig
@@ -1859,9 +1859,9 @@ objectClass: olcDatabaseConfig
objectClass: olcFrontendConfig
olcDatabase: frontend
# Subtypes of "name" (e.g. "cn" and "ou") with the
-# option ";x-hidden" can be searched for/compared,
+# option ";x\-hidden" can be searched for/compared,
# but are not shown. See \fBslapd.access\fP(5).
-olcAccess: to attrs=name;x-hidden by * =cs
+olcAccess: to attrs=name;x\-hidden by * =cs
# Protect passwords. See \fBslapd.access\fP(5).
olcAccess: to attrs=userPassword by * auth
# Read access to other attributes and entries.
@@ -1879,11 +1879,11 @@ dn: olcDatabase=bdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcBdbConfig
olcDatabase: bdb
-olcSuffix: "dc=our-domain,dc=com"
+olcSuffix: "dc=our\-domain,dc=com"
# The database directory MUST exist prior to
# running slapd AND should only be accessible
# by the slapd/tools. Mode 0700 recommended.
-olcDbDirectory: LOCALSTATEDIR/openldap-data
+olcDbDirectory: LOCALSTATEDIR/openldap\-data
# Indices to maintain
olcDbIndex: objectClass eq
olcDbIndex: cn,sn,mail pres,eq,approx,sub
@@ -1895,7 +1895,7 @@ objectClass: olcDatabaseConfig
objectClass: olcLdapConfig
olcDatabase: ldap
olcSuffix: ""
-olcDbUri: ldap://ldap.some-server.com/
+olcDbUri: ldap://ldap.some\-server.com/
.fi
.RE
.LP
@@ -1904,7 +1904,7 @@ ETCDIR/slapd.d directory has been created, this command will initialize
the configuration:
.RS
.nf
-slapadd -F ETCDIR/slapd.d -n 0 -l config.ldif
+slapadd \-F ETCDIR/slapd.d \-n 0 \-l config.ldif
.fi
.RE
@@ -1916,7 +1916,7 @@ Alternatively, an existing slapd.conf file can be converted to the new
format using slapd or any of the slap tools:
.RS
.nf
-slaptest -f ETCDIR/slapd.conf -F ETCDIR/slapd.d
+slaptest \-f ETCDIR/slapd.conf \-F ETCDIR/slapd.d
.fi
.RE
diff --git a/doc/man/man5/slapd-dnssrv.5 b/doc/man/man5/slapd-dnssrv.5
index ea0118538f..03920180dd 100644
--- a/doc/man/man5/slapd-dnssrv.5
+++ b/doc/man/man5/slapd-dnssrv.5
@@ -3,7 +3,7 @@
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.\" $OpenLDAP$
.SH NAME
-slapd-dnssrv \- DNS SRV referral backend to slapd
+slapd\-dnssrv \- DNS SRV referral backend to slapd
.SH SYNOPSIS
ETCDIR/slapd.conf
.SH DESCRIPTION
diff --git a/doc/man/man5/slapd-ldap.5 b/doc/man/man5/slapd-ldap.5
index 4938206730..f81e4c1ff0 100644
--- a/doc/man/man5/slapd-ldap.5
+++ b/doc/man/man5/slapd-ldap.5
@@ -3,7 +3,7 @@
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.\" $OpenLDAP$
.SH NAME
-slapd-ldap \- LDAP backend to slapd
+slapd\-ldap \- LDAP backend to slapd
.SH SYNOPSIS
ETCDIR/slapd.conf
.SH DESCRIPTION
@@ -28,7 +28,7 @@ in some modified form.
For this purpose, the proxy binds to the remote server with some
administrative identity, and, if required, authorizes the asserted identity.
See the
-.IR idassert- *
+.IR idassert\- *
rules below.
The administrative identity of the proxy, on the remote server, must be
allowed to authorize by means of appropriate
@@ -53,7 +53,7 @@ each connection requires a new thread; as a consequence,
.BR slapd (8)
must be compiled with thread support, and the \fBthreads\fP parameter
may need some tuning; in those cases, one may consider using
-.BR slapd-relay (5)
+.BR slapd\-relay (5)
instead, which performs the relayed operation
internally and thus reuses the same connection.
@@ -94,7 +94,7 @@ LDAP server to use. Multiple URIs can be set in a single
argument, resulting in the underlying library automatically
call the first server of the list that responds, e.g.
-\fBuri "ldap://host/ ldap://backup-host/"\fP
+\fBuri "ldap://host/ ldap://backup\-host/"\fP
The URI list is space- or comma-separated.
Whenever the server that responds is not the first one in the list,
@@ -103,7 +103,7 @@ so that it will be first contacted the next time a connection
needs be created.
.HP
.hy 0
-.B acl-bind
+.B acl\-bind
.B bindmethod=simple|sasl [binddn=<simple DN>] [credentials=<simple password>]
.B [saslmech=<SASL mech>] [secprops=<properties>] [realm=<realm>]
.B [authcId=<authentication ID>] [authzId=<authorization ID>]
@@ -131,8 +131,8 @@ The default is to use
.BR simple
bind, with empty \fIbinddn\fP and \fIcredentials\fP,
which means that the related operations will be performed anonymously.
-If not set, and if \fBidassert-bind\fP is defined, this latter identity
-is used instead. See \fBidassert-bind\fP for details.
+If not set, and if \fBidassert\-bind\fP is defined, this latter identity
+is used instead. See \fBidassert\-bind\fP for details.
The connection between the proxy database and the remote server
associated to this identity is cached regardless of the lifespan
@@ -141,13 +141,13 @@ of the client-proxy connection that first established it.
.B This identity is by no means implicitly used by the proxy
.B when the client connects anonymously.
The
-.B idassert-bind
+.B idassert\-bind
feature, instead, in some cases can be crafted to implement that behavior,
which is \fIintrinsically unsafe and should be used with extreme care\fP.
This directive obsoletes
-.BR acl-authcDN ,
+.BR acl\-authcDN ,
and
-.BR acl-passwd .
+.BR acl\-passwd .
The TLS settings default to the same as the main slapd TLS settings,
except for
@@ -156,7 +156,7 @@ which defaults to "demand".
.RE
.TP
-.B cancel {ABANDON|ignore|exop[-discover]}
+.B cancel {ABANDON|ignore|exop[\-discover]}
Defines how to handle operation cancellation.
By default,
.B abandon
@@ -166,9 +166,9 @@ If set to
no action is taken and any further response is ignored; this may result
in further response messages to be queued for that connection, so it is
recommended that long lasting connections are timed out either by
-.I idle-timeout
+.I idle\-timeout
or
-.IR conn-ttl ,
+.IR conn\-ttl ,
so that resources eventually get released.
If set to
.BR exop ,
@@ -180,24 +180,24 @@ of the current operation; the
operation waits for remote server response, so its use
may not be recommended.
If set to
-.BR exop-discover ,
+.BR exop\-discover ,
support of the
.I cancel
extended operation is detected by reading the remote server's root DSE.
.TP
-.B chase-referrals {YES|no}
+.B chase\-referrals {YES|no}
enable/disable automatic referral chasing, which is delegated to the
underlying libldap, with rebinding eventually performed if the
-\fBrebind-as-user\fP directive is used. The default is to chase referrals.
+\fBrebind\-as\-user\fP directive is used. The default is to chase referrals.
.TP
-.B conn-ttl <time>
+.B conn\-ttl <time>
This directive causes a cached connection to be dropped an recreated
after a given ttl, regardless of being idle or not.
.TP
-.B idassert-authzFrom <authz-regexp>
+.B idassert\-authzFrom <authz-regexp>
if defined, selects what
.I local
identities are authorized to exploit the identity assertion feature.
@@ -209,12 +209,12 @@ attribute.
See
.BR slapd.conf (5),
section related to
-.BR authz-policy ,
+.BR authz\-policy ,
for details on the syntax of this field.
.HP
.hy 0
-.B idassert-bind
+.B idassert\-bind
.B bindmethod=none|simple|sasl [binddn=<simple DN>] [credentials=<simple password>]
.B [saslmech=<SASL mech>] [secprops=<properties>] [realm=<realm>]
.B [authcId=<authentication ID>] [authzId=<authorization ID>]
@@ -241,7 +241,7 @@ This requires to have
privileges on a wide set of DNs, e.g.
.BR authzTo=dn.subtree:"" ,
and the remote server to have
-.B authz-policy
+.B authz\-policy
set to
.B to
or
@@ -310,7 +310,7 @@ as the
or a SASL bind as the
.IR authcID ,
unless restricted by
-.BR idassert-authzFrom
+.BR idassert\-authzFrom
rules (see below), in which case the operation will fail;
eventually, it will assert some other identity according to
.BR <mode> .
@@ -341,7 +341,7 @@ useful when the asserted identities do not exist on the remote server.
Flags can be
-\fBoverride,[non-]prescriptive\fP
+\fBoverride,[non\-]prescriptive\fP
When the
.B override
@@ -356,13 +356,13 @@ When the
flag is used (the default), operations fail with
\fIinappropriateAuthentication\fP
for those identities whose assertion is not allowed by the
-.B idassert-authzFrom
+.B idassert\-authzFrom
patterns.
If the
-.B non-prescriptive
+.B non\-prescriptive
flag is used, operations are performed anonymously for those identities
whose assertion is not allowed by the
-.B idassert-authzFrom
+.B idassert\-authzFrom
patterns.
The TLS settings default to the same as the main slapd TLS settings,
@@ -371,31 +371,31 @@ except for
which defaults to "demand".
The identity associated to this directive is also used for privileged
-operations whenever \fBidassert-bind\fP is defined and \fBacl-bind\fP
-is not. See \fBacl-bind\fP for details.
+operations whenever \fBidassert\-bind\fP is defined and \fBacl\-bind\fP
+is not. See \fBacl\-bind\fP for details.
This directive obsoletes
-.BR idassert-authcDN ,
-.BR idassert-passwd ,
-.BR idassert-mode ,
+.BR idassert\-authcDN ,
+.BR idassert\-passwd ,
+.BR idassert\-mode ,
and
-.BR idassert-method .
+.BR idassert\-method .
.RE
.TP
-.B idle-timeout <time>
+.B idle\-timeout <time>
This directive causes a cached connection to be dropped an recreated
after it has been idle for the specified time.
.TP
-.B network-timeout <time>
+.B network\-timeout <time>
Sets the network timeout value after which
.BR poll (2)/ select (2)
following a
.BR connect (2)
returns in case of no activity.
The value is in seconds, and it can be specified as for
-.BR idle-timeout .
+.BR idle\-timeout .
.TP
.B norefs <NO|yes>
@@ -452,11 +452,11 @@ The process can be restarted by resetting the \fIolcDbQuarantine\fP
attribute of the database entry in the configuration backend.
.TP
-.B rebind-as-user {NO|yes}
+.B rebind\-as\-user {NO|yes}
If this option is given, the client's bind credentials are remembered
for rebinds, when trying to re-establish a broken connection,
or when chasing a referral, if
-.B chase-referrals
+.B chase\-referrals
is set to
.IR yes .
@@ -472,7 +472,7 @@ This directive is incompatible with setting \fIprotocol\-version\fP to 2.
Discards current cached connection when the client rebinds.
.TP
-.B t-f-support {NO|yes|discover}
+.B t\-f\-support {NO|yes|discover}
enable if the remote server supports absolute filters
(see \fIdraft-zeilenga-ldap-t-f\fP for details).
If set to
@@ -510,13 +510,13 @@ is destroyed, according to RFC4511.
Note: in some cases, this backend may issue binds prior
to other operations (e.g. to bind anonymously or with some prescribed
-identity according to the \fBidassert-bind\fP directive).
+identity according to the \fBidassert\-bind\fP directive).
In this case, the timeout of the operation that resulted in the bind
is used.
.HP
.hy 0
-.B tls {[try-]start|[try-]propagate|ldaps}
+.B tls {[try\-]start|[try\-]propagate|ldaps}
.B [tls_cert=<file>]
.B [tls_key=<file>]
.B [tls_cacert=<file>]
@@ -531,7 +531,7 @@ scheme is \fBldaps://\fP. In that case this keyword may only be
set to "ldaps" and the StartTLS operation will not be used.
\fBpropagate\fP issues the StartTLS operation only if the original
connection did.
-The \fBtry-\fP prefix instructs the proxy to continue operations
+The \fBtry\-\fP prefix instructs the proxy to continue operations
if the StartTLS operation failed; its use is \fBnot\fP recommended.
The TLS settings default to the same as the main slapd TLS settings,
@@ -541,7 +541,7 @@ which defaults to "demand".
.RE
.TP
-.B use-temporary-conn {NO|yes}
+.B use\-temporary\-conn {NO|yes}
when set to
.BR yes ,
create a temporary connection whenever competing with other threads
@@ -555,7 +555,7 @@ deprecated and should be no longer used, as they might disappear
in future releases.
.TP
-.B acl-authcDN "<administrative DN for access control purposes>"
+.B acl\-authcDN "<administrative DN for access control purposes>"
Formerly known as the
.BR binddn ,
it is the DN that is used to query the target server for acl checking;
@@ -564,70 +564,70 @@ on the proxy for acl checking.
There is no risk of giving away such values; they are only used to
check permissions.
-.B The acl-authcDN identity is by no means implicitly used by the proxy
+.B The acl\-authcDN identity is by no means implicitly used by the proxy
.B when the client connects anonymously.
The
-.B idassert-*
+.B idassert\-*
feature can be used (at own risk) for that purpose instead.
This directive is obsoleted by the
.B binddn
arg of
-.B acl-bind
+.B acl\-bind
when \fIbindmethod\fP=\fBsimple\fP, and will be dismissed in the future.
.TP
-.B acl-passwd <password>
+.B acl\-passwd <password>
Formerly known as the
.BR bindpw ,
it is the password used with the above
-.B acl-authcDN
+.B acl\-authcDN
directive.
This directive is obsoleted by the
.B credentials
arg of
-.B acl-bind
+.B acl\-bind
when \fIbindmethod\fP=\fBsimple\fP, and will be dismissed in the future.
.TP
-.B idassert-authcDN "<administrative DN for proxyAuthz purposes>"
+.B idassert\-authcDN "<administrative DN for proxyAuthz purposes>"
DN which is used to propagate the client's identity to the target
by means of the proxyAuthz control when the client does not
belong to the DIT fragment that is being proxied by back-ldap.
This directive is obsoleted by the
.B binddn
arg of
-.BR idassert-bind
+.BR idassert\-bind
when \fIbindmethod\fP=\fBsimple\fP, and will be dismissed in the future.
.TP
-.B idassert-passwd <password>
+.B idassert\-passwd <password>
Password used with the
-.B idassert-authcDN
+.B idassert\-authcDN
above.
This directive is obsoleted by the
.B crendentials
arg of
-.B idassert-bind
+.B idassert\-bind
when \fIbindmethod\fP=\fBsimple\fP, and will be dismissed in the future.
.TP
-.B idassert-mode <mode> [<flags>]
+.B idassert\-mode <mode> [<flags>]
defines what type of
.I identity assertion
is used.
This directive is obsoleted by the
.B mode
arg of
-.BR idassert-bind ,
+.BR idassert\-bind ,
and will be dismissed in the future.
.TP
-.B idassert-method <method> [<saslargs>]
+.B idassert\-method <method> [<saslargs>]
This directive is obsoleted by the
.B bindmethod
arg of
-.BR idassert-bind ,
+.BR idassert\-bind ,
and will be dismissed in the future.
.TP
@@ -652,10 +652,10 @@ overlay. Essentially, add a statement
.B overlay rwm
first, and prefix all rewrite/map statements with
-.B rwm-
+.B rwm\-
to obtain the original behavior.
See
-.BR slapo-rwm (5)
+.BR slapo\-rwm (5)
for details.
.\" However, to ease update from existing configurations, back-ldap still
.\" recognizes them and automatically instantiates the
diff --git a/doc/man/man5/slapd-ldbm.5 b/doc/man/man5/slapd-ldbm.5
index 62d14bfa73..519a43f699 100644
--- a/doc/man/man5/slapd-ldbm.5
+++ b/doc/man/man5/slapd-ldbm.5
@@ -3,7 +3,7 @@
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.\" $OpenLDAP$
.SH NAME
-slapd-ldbm \- Discontinued LDBM backend to slapd
+slapd\-ldbm \- Discontinued LDBM backend to slapd
.SH SYNOPSIS
ETCDIR/slapd.conf
.SH DESCRIPTION
@@ -14,7 +14,7 @@ It has been superseded by the more robust BDB and HDB backends.
.SH SEE ALSO
.BR slapd (8),
-.BR slapd-bdb (5),
+.BR slapd\-bdb (5),
.BR slapd.backends (5).
.SH ACKNOWLEDGEMENTS
.so ../Project
diff --git a/doc/man/man5/slapd-ldif.5 b/doc/man/man5/slapd-ldif.5
index 2a5be8ad32..9f6cf7148d 100644
--- a/doc/man/man5/slapd-ldif.5
+++ b/doc/man/man5/slapd-ldif.5
@@ -3,7 +3,7 @@
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.\" $OpenLDAP$
.SH NAME
-slapd-ldif \- LDIF backend to slapd
+slapd\-ldif \- LDIF backend to slapd
.SH SYNOPSIS
ETCDIR/slapd.conf
.SH DESCRIPTION
diff --git a/doc/man/man5/slapd-meta.5 b/doc/man/man5/slapd-meta.5
index e7d137dc9a..2c0bc2c964 100644
--- a/doc/man/man5/slapd-meta.5
+++ b/doc/man/man5/slapd-meta.5
@@ -8,7 +8,7 @@
.\" and maybe manual pages for librewrite.
.\"
.SH NAME
-slapd-meta \- metadirectory backend to slapd
+slapd\-meta \- metadirectory backend to slapd
.SH SYNOPSIS
ETCDIR/slapd.conf
.SH DESCRIPTION
@@ -52,13 +52,13 @@ Note: When looping back to the same instance of \fBslapd\fP(8),
each connection requires a new thread; as a consequence, \fBslapd\fP(8)
must be compiled with thread support, and the \fBthreads\fP parameter
may need some tuning; in those cases, unless the multiple target feature
-is required, one may consider using \fBslapd-relay\fP(5) instead,
+is required, one may consider using \fBslapd\-relay\fP(5) instead,
which performs the relayed operation internally and thus reuses
the same connection.
.SH EXAMPLES
There are examples in various places in this document, as well as in the
-slapd/back-meta/data/ directory in the OpenLDAP source tree.
+slapd/back\-meta/data/ directory in the OpenLDAP source tree.
.SH CONFIGURATION
These
.B slapd.conf
@@ -96,12 +96,12 @@ to all backends.
They are:
.TP
-.B conn-ttl <time>
+.B conn\-ttl <time>
This directive causes a cached connection to be dropped an recreated
after a given ttl, regardless of being idle or not.
.TP
-.B default-target none
+.B default\-target none
This directive forces the backend to reject all those operations
that must resolve to a single target in case none or multiple
targets are selected.
@@ -113,14 +113,14 @@ This directive can also be used when processing targets to mark a
specific target as default.
.TP
-.B dncache-ttl {DISABLED|forever|<ttl>}
+.B dncache\-ttl {DISABLED|forever|<ttl>}
This directive sets the time-to-live of the DN cache.
This caches the target that holds a given DN to speed up target
selection in case multiple targets would result from an uncached
search; forever means cache never expires; disabled means no DN
caching; otherwise a valid ( > 0 ) ttl is required, in the format
illustrated for the
-.B idle-timeout
+.B idle\-timeout
directive.
.TP
@@ -170,7 +170,7 @@ If set before any target specification, it affects all targets, unless
overridden by any per-target directive.
.TP
-.B pseudoroot-bind-defer {YES|no}
+.B pseudoroot\-bind\-defer {YES|no}
This directive, when set to
.BR yes ,
causes the authentication to the remote servers with the pseudo-root
@@ -196,11 +196,11 @@ This directive must appear before any target specification;
it affects all targets with the same pattern.
.TP
-.B rebind-as-user {NO|yes}
+.B rebind\-as\-user {NO|yes}
If this option is given, the client's bind credentials are remembered
for rebinds, when trying to re-establish a broken connection,
or when chasing a referral, if
-.B chase-referrals
+.B chase\-referrals
is set to
.IR yes .
@@ -218,7 +218,7 @@ overridden by any per-target directive.
Discards current cached connection when the client rebinds.
.TP
-.B use-temporary-conn {NO|yes}
+.B use\-temporary\-conn {NO|yes}
when set to
.BR yes ,
create a temporary connection whenever competing with other threads
@@ -271,54 +271,54 @@ the last URI that succeeded.
.RE
.TP
-.B acl-authcDN "<administrative DN for access control purposes>"
+.B acl\-authcDN "<administrative DN for access control purposes>"
DN which is used to query the target server for acl checking,
as in the LDAP backend; it is supposed to have read access
on the target server to attributes used on the proxy for acl checking.
There is no risk of giving away such values; they are only used to
check permissions.
-.B The acl-authcDN identity is by no means implicitly used by the proxy
+.B The acl\-authcDN identity is by no means implicitly used by the proxy
.B when the client connects anonymously.
.TP
-.B acl-passwd <password>
+.B acl\-passwd <password>
Password used with the
.B
-acl-authcDN
+acl\-authcDN
above.
.TP
-.B bind-timeout <microseconds>
+.B bind\-timeout <microseconds>
This directive defines the timeout, in microseconds, used when polling
for response after an asynchronous bind connection. The initial call
to ldap_result(3) is performed with a trade-off timeout of 100000 us;
if that results in a timeout exceeded, subsequent calls use the value
provided with
-.BR bind-timeout .
+.BR bind\-timeout .
The default value is used also for subsequent calls if
-.B bind-timeout
+.B bind\-timeout
is not specified.
If set before any target specification, it affects all targets, unless
overridden by any per-target directive.
.TP
-.B chase-referrals {YES|no}
+.B chase\-referrals {YES|no}
enable/disable automatic referral chasing, which is delegated to the
underlying libldap, with rebinding eventually performed if the
-\fBrebind-as-user\fP directive is used. The default is to chase referrals.
+\fBrebind\-as\-user\fP directive is used. The default is to chase referrals.
If set before any target specification, it affects all targets, unless
overridden by any per-target directive.
.TP
-.B default-target [<target>]
-The "default-target" directive can also be used during target specification.
+.B default\-target [<target>]
+The "default\-target" directive can also be used during target specification.
With no arguments it marks the current target as the default.
The optional number marks target <target> as the default one, starting
from 1.
Target <target> must be defined.
.TP
-.B idassert-authzFrom <authz-regexp>
+.B idassert\-authzFrom <authz-regexp>
if defined, selects what
.I local
identities are authorized to exploit the identity assertion feature.
@@ -330,12 +330,12 @@ attribute.
See
.BR slapd.conf (5),
section related to
-.BR authz-policy ,
+.BR authz\-policy ,
for details on the syntax of this field.
.HP
.hy 0
-.B idassert-bind
+.B idassert\-bind
.B bindmethod=none|simple|sasl [binddn=<simple DN>] [credentials=<simple password>]
.B [saslmech=<SASL mech>] [secprops=<properties>] [realm=<realm>]
.B [authcId=<authentication ID>] [authzId=<authorization ID>]
@@ -362,7 +362,7 @@ This requires to have
privileges on a wide set of DNs, e.g.
.BR authzTo=dn.subtree:"" ,
and the remote server to have
-.B authz-policy
+.B authz\-policy
set to
.B to
or
@@ -431,7 +431,7 @@ as the
or a SASL bind as the
.IR authcID ,
unless restricted by
-.BR idassert-authzFrom
+.BR idassert\-authzFrom
rules (see below), in which case the operation will fail;
eventually, it will assert some other identity according to
.BR <mode> .
@@ -462,7 +462,7 @@ useful when the asserted identities do not exist on the remote server.
Flags can be
-\fBoverride,[non-]prescriptive\fP
+\fBoverride,[non\-]prescriptive\fP
When the
.B override
@@ -477,13 +477,13 @@ When the
flag is used (the default), operations fail with
\fIinappropriateAuthentication\fP
for those identities whose assertion is not allowed by the
-.B idassert-authzFrom
+.B idassert\-authzFrom
patterns.
If the
-.B non-prescriptive
+.B non\-prescriptive
flag is used, operations are performed anonymously for those identities
whose assertion is not allowed by the
-.B idassert-authzFrom
+.B idassert\-authzFrom
patterns.
The TLS settings default to the same as the main slapd TLS settings,
@@ -492,12 +492,12 @@ except for
which defaults to "demand".
The identity associated to this directive is also used for privileged
-operations whenever \fBidassert-bind\fP is defined and \fBacl-bind\fP
-is not. See \fBacl-bind\fP for details.
+operations whenever \fBidassert\-bind\fP is defined and \fBacl\-bind\fP
+is not. See \fBacl\-bind\fP for details.
.RE
.TP
-.B idle-timeout <time>
+.B idle\-timeout <time>
This directive causes a cached connection to be dropped an recreated
after it has been idle for the specified time.
The value can be specified as
@@ -513,17 +513,17 @@ overridden by any per-target directive.
.B map "{attribute|objectclass} [<local name>|*] {<foreign name>|*}"
This maps object classes and attributes as in the LDAP backend.
See
-.BR slapd-ldap (5).
+.BR slapd\-ldap (5).
.TP
-.B network-timeout <time>
+.B network\-timeout <time>
Sets the network timeout value after which
.BR poll (2)/ select (2)
following a
.BR connect (2)
returns in case of no activity.
The value is in seconds, and it can be specified as for
-.BR idle-timeout .
+.BR idle\-timeout .
If set before any target specification, it affects all targets, unless
overridden by any per-target directive.
@@ -558,12 +558,12 @@ using the pseudorootdn/pseudorootpw directives is inherently unsafe.
The rewrite options are described in the "REWRITING" section.
.TP
-.B subtree-exclude "<DN>"
+.B subtree\-exclude "<DN>"
This directive instructs back-meta to ignore the current target
for operations whose requestDN is subordinate to
.BR DN .
There may be multiple occurrences of the
-.B subtree-exclude
+.B subtree\-exclude
directive for each of the targets.
.TP
@@ -580,7 +580,7 @@ massaging. See the "REWRITING" section for a detailed list
of the rewrite rules it implies.
.TP
-.B t-f-support {NO|yes|discover}
+.B t\-f\-support {NO|yes|discover}
enable if the remote server supports absolute filters
(see \fIdraft-zeilenga-ldap-t-f\fP for details).
If set to
@@ -621,12 +621,12 @@ In case the timeout is exceeded during a bind operation, the connection
is destroyed, according to RFC4511.
.TP
-.B tls {[try-]start|[try-]propagate}
+.B tls {[try\-]start|[try\-]propagate}
execute the StartTLS extended operation when the connection is initialized;
only works if the URI directive protocol scheme is not \fBldaps://\fP.
\fBpropagate\fP issues the StartTLS operation only if the original
connection did.
-The \fBtry-\fP prefix instructs the proxy to continue operations
+The \fBtry\-\fP prefix instructs the proxy to continue operations
if the StartTLS operation failed; its use is highly deprecated.
If set before any target specification, it affects all targets, unless
overridden by any per-target directive.
@@ -957,7 +957,7 @@ Each basic server operation is associated to a rewrite context;
they are divided in two main groups: client \-> server and
server \-> client rewriting.
.LP
-client -> server:
+client \-> server:
.LP
.RS
.nf
@@ -980,7 +980,7 @@ exopPasswdDN password modify extended operation DN if proxy
.fi
.RE
.LP
-server -> client:
+server \-> client:
.LP
.RS
.nf
@@ -1199,7 +1199,7 @@ operation is honored, which is performed by the frontend.
The proxy cache overlay
allows caching of LDAP search requests (queries) in a local database.
See
-.BR slapo-pcache (5)
+.BR slapo\-pcache (5)
for details.
.SH FILES
.TP
diff --git a/doc/man/man5/slapd-monitor.5 b/doc/man/man5/slapd-monitor.5
index 05b2031248..8b85610935 100644
--- a/doc/man/man5/slapd-monitor.5
+++ b/doc/man/man5/slapd-monitor.5
@@ -3,7 +3,7 @@
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.\" $OpenLDAP$
.SH NAME
-slapd-monitor \- Monitor backend to slapd
+slapd\-monitor \- Monitor backend to slapd
.SH SYNOPSIS
ETCDIR/slapd.conf
.SH DESCRIPTION
@@ -72,7 +72,7 @@ The usage is:
.LP
.RS
.nf
-configure --enable-monitor
+configure \-\-enable\-monitor
.fi
.RE
.TP
diff --git a/doc/man/man5/slapd-ndb.5 b/doc/man/man5/slapd-ndb.5
index e3d60823af..8684aaea17 100644
--- a/doc/man/man5/slapd-ndb.5
+++ b/doc/man/man5/slapd-ndb.5
@@ -3,7 +3,7 @@
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.\" $OpenLDAP$
.SH NAME
-slapd-ndb \- MySQL NDB backend to slapd
+slapd\-ndb \- MySQL NDB backend to slapd
.SH SYNOPSIS
.B ETCDIR/slapd.conf
.SH DESCRIPTION
diff --git a/doc/man/man5/slapd-null.5 b/doc/man/man5/slapd-null.5
index 3e92b40553..0489190681 100644
--- a/doc/man/man5/slapd-null.5
+++ b/doc/man/man5/slapd-null.5
@@ -3,7 +3,7 @@
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.\" $OpenLDAP$
.SH NAME
-slapd-null \- Null backend to slapd
+slapd\-null \- Null backend to slapd
.SH SYNOPSIS
ETCDIR/slapd.conf
.SH DESCRIPTION
diff --git a/doc/man/man5/slapd-passwd.5 b/doc/man/man5/slapd-passwd.5
index c5ac0e9a07..198903b354 100644
--- a/doc/man/man5/slapd-passwd.5
+++ b/doc/man/man5/slapd-passwd.5
@@ -3,7 +3,7 @@
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.\" $OpenLDAP$
.SH NAME
-slapd-passwd \- /etc/passwd backend to slapd
+slapd\-passwd \- /etc/passwd backend to slapd
.SH SYNOPSIS
ETCDIR/slapd.conf
.SH DESCRIPTION
diff --git a/doc/man/man5/slapd-perl.5 b/doc/man/man5/slapd-perl.5
index 0e3afc1f1a..7663e96500 100644
--- a/doc/man/man5/slapd-perl.5
+++ b/doc/man/man5/slapd-perl.5
@@ -1,7 +1,7 @@
.TH SLAPD-PERL 5 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
.SH NAME
-slapd-perl \- Perl backend to slapd
+slapd\-perl \- Perl backend to slapd
.SH SYNOPSIS
ETCDIR/slapd.conf
.SH DESCRIPTION
@@ -160,7 +160,7 @@ Search results are candidates that need to be filtered (with the
filter in the search request), rather than search results to be
returned directly to the client.
.SH EXAMPLE
-There is an example Perl module `SampleLDAP' in the slapd/back-perl/
+There is an example Perl module `SampleLDAP' in the slapd/back\-perl/
directory in the OpenLDAP source tree.
.SH ACCESS CONTROL
The
diff --git a/doc/man/man5/slapd-relay.5 b/doc/man/man5/slapd-relay.5
index e74a1fcf29..666d10500e 100644
--- a/doc/man/man5/slapd-relay.5
+++ b/doc/man/man5/slapd-relay.5
@@ -1,9 +1,9 @@
.TH SLAPD-RELAY 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 2004-2009 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.\" $OpenLDAP$
.SH NAME
-slapd-relay \- relay backend to slapd
+slapd\-relay \- relay backend to slapd
.SH SYNOPSIS
ETCDIR/slapd.conf
.SH DESCRIPTION
@@ -15,7 +15,7 @@ running in the same
instance into a virtual naming context, with attributeType
and objectClass manipulation, if required.
It requires the
-.BR slapo-rwm (5)
+.BR slapo\-rwm (5)
overlay.
.LP
This backend and the above mentioned overlay are experimental.
@@ -47,11 +47,11 @@ The
database does not automatically rewrite the naming context
of requests and responses.
For this purpose, the
-.BR slapo-rwm (5)
+.BR slapo\-rwm (5)
overlay must be explicitly instantiated, and configured
as appropriate.
Usually, the
-.B rwm-suffixmassage
+.B rwm\-suffixmassage
directive suffices if only naming context rewriting is required.
.SH ACCESS RULES
@@ -61,7 +61,7 @@ After massaging from the virtual to the real naming context, the
frontend sees the operation as performed by the identity in the
real naming context.
Moreover, since
-.B back-relay
+.B back\-relay
bypasses the real database frontend operations by short-circuiting
operations through the internal backend API, the original database
access rules do not apply but in selected cases, i.e. when the
@@ -103,7 +103,7 @@ that refers to a single database, use
suffix "dc=virtual,dc=naming,dc=context"
relay "dc=real,dc=naming,dc=context"
overlay rwm
- rwm-suffixmassage "dc=real,dc=naming,dc=context"
+ rwm\-suffixmassage "dc=real,dc=naming,dc=context"
.fi
.LP
To implement a plain virtual naming context mapping
@@ -113,7 +113,7 @@ that looks up the real naming context for each operation, use
database relay
suffix "dc=virtual,dc=naming,dc=context"
overlay rwm
- rwm-suffixmassage "dc=real,dc=naming,dc=context"
+ rwm\-suffixmassage "dc=real,dc=naming,dc=context"
.fi
.LP
This is useful, for instance, to relay different databases that
@@ -129,21 +129,21 @@ back from the real to the virtual naming context, use
suffix "dc=virtual,dc=naming,dc=context"
relay "dc=real,dc=naming,dc=context"
overlay rwm
- rwm-rewriteEngine on
- rwm-rewriteContext default
- rwm-rewriteRule "dc=virtual,dc=naming,dc=context"
+ rwm\-rewriteEngine on
+ rwm\-rewriteContext default
+ rwm\-rewriteRule "dc=virtual,dc=naming,dc=context"
"dc=real,dc=naming,dc=context" ":@"
- rwm-rewriteContext searchFilter
- rwm-rewriteContext searchEntryDN
- rwm-rewriteContext searchAttrDN
- rwm-rewriteContext matchedDN
+ rwm\-rewriteContext searchFilter
+ rwm\-rewriteContext searchEntryDN
+ rwm\-rewriteContext searchAttrDN
+ rwm\-rewriteContext matchedDN
.fi
.LP
Note that the
-.BR slapo-rwm (5)
+.BR slapo\-rwm (5)
overlay is instantiated, but the rewrite rules are written explicitly,
rather than automatically as with the
-.B rwm-suffixmassage
+.B rwm\-suffixmassage
statement, to map all the virtual to real naming context data flow,
but none of the real to virtual.
.LP
@@ -161,7 +161,7 @@ Access rules:
suffix "o=Example,c=US"
relay "dc=example,dc=com"
overlay rwm
- rwm-suffixmassage "dc=example,dc=com"
+ rwm\-suffixmassage "dc=example,dc=com"
# skip ...
access to dn.subtree="o=Example,c=US"
by dn.exact="cn=Supervisor,dc=example,dc=com" write
@@ -203,5 +203,5 @@ default slapd configuration file
.SH SEE ALSO
.BR slapd.conf (5),
.BR slapd\-config (5),
-.BR slapo-rwm (5),
+.BR slapo\-rwm (5),
.BR slapd (8).
diff --git a/doc/man/man5/slapd-shell.5 b/doc/man/man5/slapd-shell.5
index b350f6a5fd..9f512c76d0 100644
--- a/doc/man/man5/slapd-shell.5
+++ b/doc/man/man5/slapd-shell.5
@@ -3,7 +3,7 @@
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.\" $OpenLDAP$
.SH NAME
-slapd-shell \- Shell backend to slapd
+slapd\-shell \- Shell backend to slapd
.SH SYNOPSIS
ETCDIR/slapd.conf
.SH DESCRIPTION
@@ -78,7 +78,7 @@ dn: <DN>
<repeat {
<"add"/"delete"/"replace">: <attribute>
<repeat { <attribute>: <value> }>
- -
+ \-
}>
.fi
.TP
@@ -219,14 +219,14 @@ pseudo_attribute of the searchBase;
access to the attributes and values used in the filter is not checked.
.SH EXAMPLE
-There is an example search script in the slapd/back-shell/ directory
+There is an example search script in the slapd/back\-shell/ directory
in the OpenLDAP source tree.
.SH LIMITATIONS
The shell backend does not support threaded environments.
When using the shell backend,
.BR slapd (8)
should be built
-.IR --without-threads .
+.IR \-\-without\-threads .
.SH FILES
.TP
ETCDIR/slapd.conf
diff --git a/doc/man/man5/slapd-sock.5 b/doc/man/man5/slapd-sock.5
index 91eb77f29e..16895c63da 100644
--- a/doc/man/man5/slapd-sock.5
+++ b/doc/man/man5/slapd-sock.5
@@ -3,14 +3,14 @@
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.\" $OpenLDAP$
.SH NAME
-slapd-sock \- Socket backend to slapd
+slapd\-sock \- Socket backend to slapd
.SH SYNOPSIS
ETCDIR/slapd.conf
.SH DESCRIPTION
The Socket backend to
.BR slapd (8)
uses an external program to handle queries, similarly to
-.BR slapd-shell (5).
+.BR slapd\-shell (5).
However, in this case the external program listens on a Unix domain socket.
This makes it possible to have a pool of processes, which persist between
requests. This allows multithreaded operation and a higher level of
@@ -40,7 +40,7 @@ Gives the path to a Unix domain socket to which the commands will
be sent and from which replies are received.
.SH PROTOCOL
The protocol is essentially the same as
-.BR slapd-shell (5)
+.BR slapd\-shell (5)
with the addition of a newline to terminate the command parameters. The
following commands are sent:
.RS
@@ -96,7 +96,7 @@ dn: <DN>
<repeat {
<"add"/"delete"/"replace">: <attribute>
<repeat { <attribute>: <value> }>
- -
+ \-
}>
<blank line>
.fi
@@ -235,7 +235,7 @@ pseudo_attribute of the searchBase;
access to the attributes and values used in the filter is not checked.
.SH EXAMPLE
-There is an example script in the slapd/back-sock/ directory
+There is an example script in the slapd/back\-sock/ directory
in the OpenLDAP source tree.
.SH FILES
.TP
diff --git a/doc/man/man5/slapd-sql.5 b/doc/man/man5/slapd-sql.5
index 59e91ca809..2444737a2b 100644
--- a/doc/man/man5/slapd-sql.5
+++ b/doc/man/man5/slapd-sql.5
@@ -1,7 +1,7 @@
.TH SLAPD-SQL 5 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
.SH NAME
-slapd-sql \- SQL backend to slapd
+slapd\-sql \- SQL backend to slapd
.SH SYNOPSIS
ETCDIR/slapd.conf
.SH DESCRIPTION
@@ -23,7 +23,7 @@ of BerkeleyDB (as the standard BDB backend does), though it can be
used as such with several limitations.
You can take a look at
.B http://www.openldap.org/faq/index.cgi?file=378
-(OpenLDAP FAQ-O-Matic/General LDAP FAQ/Directories vs. conventional
+(OpenLDAP FAQ\-O\-Matic/General LDAP FAQ/Directories vs. conventional
databases) to find out more on this point.
.LP
The idea (detailed below) is to use some meta-information to translate
@@ -110,7 +110,7 @@ These options specify SQL query templates for loading schema mapping
meta-information, adding and deleting entries to ldap_entries, etc.
All these and subtree_cond should have the given default values.
For the current value it is recommended to look at the sources,
-or in the log output when slapd starts with "-d 5" or greater.
+or in the log output when slapd starts with "\-d 5" or greater.
Note that the parameter number and order must not be changed.
.TP
@@ -340,7 +340,7 @@ The API of the layers is not frozen yet, so it is unpublished.
.LP
Almost everything mentioned later is illustrated in examples located
in the
-.B servers/slapd/back-sql/rdbms_depend/
+.B servers/slapd/back\-sql/rdbms_depend/
directory in the OpenLDAP source tree, and contains scripts for
generating sample database for Oracle, MS SQL Server, mySQL and more
(including PostgreSQL and IBM db2).
@@ -672,10 +672,10 @@ no matter if valid or not.
The proxy cache overlay
allows caching of LDAP search requests (queries) in a local database.
See
-.BR slapo-pcache (5)
+.BR slapo\-pcache (5)
for details.
.SH EXAMPLES
-There are example SQL modules in the slapd/back-sql/rdbms_depend/
+There are example SQL modules in the slapd/back\-sql/rdbms_depend/
directory in the OpenLDAP source tree.
.SH ACCESS CONTROL
The
diff --git a/doc/man/man5/slapd.access.5 b/doc/man/man5/slapd.access.5
index 34b2eede26..0844defd7a 100644
--- a/doc/man/man5/slapd.access.5
+++ b/doc/man/man5/slapd.access.5
@@ -196,7 +196,7 @@ as detailed in
and/or
.BR re_format (7),
matching a normalized string representation of the entry's DN.
-The regex form of the pattern does not (yet) support UTF\-8.
+The regex form of the pattern does not (yet) support UTF-8.
.LP
The statement
.B filter=<ldapfilter>
@@ -722,7 +722,7 @@ Its component are defined as
.LP
.nf
<level> ::= none|disclose|auth|compare|search|read|{write|add|delete}|manage
- <priv> ::= {=|+|-}{0|d|x|c|s|r|{w|a|z}|m}+
+ <priv> ::= {=|+|\-}{0|d|x|c|s|r|{w|a|z}|m}+
.fi
.LP
The modifier
@@ -798,7 +798,7 @@ access privileges will be only those defined by the clause.
The
.B +
and
-.B -
+.B \-
signs add/remove access privileges to the existing ones.
The privileges are
.B m
@@ -927,7 +927,7 @@ Add content ACL checking has been configured on
the database (see the
.BR slapd.conf (5)
or
-.BR slapd-config (5)
+.BR slapd\-config (5)
manual page),
.B add (=a)
will be required on all of the attributes being added.
@@ -1067,12 +1067,12 @@ Access control to search entries is checked by the frontend,
so it is fully honored by all backends; for all other operations
and for the discovery phase of the search operation,
full ACL semantics is only supported by the primary backends, i.e.
-.BR back-bdb (5),
+.BR back\-bdb (5),
and
-.BR back-hdb (5).
+.BR back\-hdb (5).
Some other backend, like
-.BR back-sql (5),
+.BR back\-sql (5),
may fully support them; others may only support a portion of the
described semantics, or even differ in some aspects.
The relevant details are described in the backend-specific man pages.
@@ -1155,7 +1155,7 @@ ETCDIR/slapd.conf
default slapd configuration file
.SH SEE ALSO
.BR slapd (8),
-.BR slapd-* (5),
+.BR slapd\-* (5),
.BR slapacl (8),
.BR regex (7),
.BR re_format (7)
diff --git a/doc/man/man5/slapd.backends.5 b/doc/man/man5/slapd.backends.5
index d8eea02fc0..4462f100bc 100644
--- a/doc/man/man5/slapd.backends.5
+++ b/doc/man/man5/slapd.backends.5
@@ -16,7 +16,7 @@ slapd server.
Configuration options for each backend are documented separately in the
corresponding
-.BR slapd-<backend> (5)
+.BR slapd\-<backend> (5)
manual pages.
.TP
.B bdb
@@ -98,7 +98,7 @@ in the same server, based on the naming context of the request.
Its use requires the
.B rwm
overlay (see
-.BR slapo-rwm (5)
+.BR slapo\-rwm (5)
for details) to rewrite the naming context of the request.
It is primarily intended to implement virtual views on databases
that actually store data.
diff --git a/doc/man/man5/slapd.conf.5 b/doc/man/man5/slapd.conf.5
index ec888c9f4a..3b23fd688d 100644
--- a/doc/man/man5/slapd.conf.5
+++ b/doc/man/man5/slapd.conf.5
@@ -68,7 +68,7 @@ backslash character.
The specific configuration options available are discussed below in the
Global Configuration Options, General Backend Options, and General Database
Options. Backend-specific options are discussed in the
-.B slapd-<backend>(5)
+.B slapd\-<backend>(5)
manual pages. Refer to the "OpenLDAP Administrator's Guide" for more
details on the slapd configuration file.
.SH GLOBAL CONFIGURATION OPTIONS
@@ -114,26 +114,26 @@ server's command line (program name and options).
.TP
.B attributeoptions [option-name]...
Define tagging attribute options or option tag/range prefixes.
-Options must not end with `-', prefixes must end with `-'.
-The `lang-' prefix is predefined.
+Options must not end with `\-', prefixes must end with `\-'.
+The `lang\-' prefix is predefined.
If you use the
.B attributeoptions
-directive, `lang-' will no longer be defined and you must specify it
+directive, `lang\-' will no longer be defined and you must specify it
explicitly if you want it defined.
An attribute description with a tagging option is a subtype of that
attribute description without the option.
Except for that, options defined this way have no special semantics.
-Prefixes defined this way work like the `lang-' options:
+Prefixes defined this way work like the `lang\-' options:
They define a prefix for tagging options starting with the prefix.
-That is, if you define the prefix `x-foo-', you can use the option
-`x-foo-bar'.
+That is, if you define the prefix `x\-foo\-', you can use the option
+`x\-foo\-bar'.
Furthermore, in a search or compare, a prefix or range name (with
-a trailing `-') matches all options starting with that name, as well
-as the option with the range name sans the trailing `-'.
-That is, `x-foo-bar-' matches `x-foo-bar' and `x-foo-bar-baz'.
+a trailing `\-') matches all options starting with that name, as well
+as the option with the range name sans the trailing `\-'.
+That is, `x\-foo\-bar\-' matches `x\-foo\-bar' and `x\-foo\-bar\-baz'.
-RFC 4520 reserves options beginning with `x-' for private experiments.
+RFC 4520 reserves options beginning with `x\-' for private experiments.
Other options should be registered with IANA, see RFC 4520 section 3.5.
OpenLDAP also has the `binary' option built in, but this is a transfer
option, not a tagging option.
@@ -162,7 +162,7 @@ attribute syntax OID.
description.)
.RE
.TP
-.B authz-policy <policy>
+.B authz\-policy <policy>
Used to specify which rules to use for Proxy Authorization. Proxy
authorization allows a client to authenticate to the server using one
user's credentials, but specify a different identity to use for authorization
@@ -311,7 +311,7 @@ and
can impact security, users are strongly encouraged
to explicitly set the type of identity specification that is being used.
A subset of these rules can be used as third arg in the
-.B authz-regexp
+.B authz\-regexp
statement (see below); significantly, the
.IR URI ,
provided it results in exactly one entry,
@@ -320,7 +320,7 @@ and the
forms.
.RE
.TP
-.B authz-regexp <match> <replace>
+.B authz\-regexp <match> <replace>
Used by the authentication framework to convert simple user names,
such as provided by SASL subsystem, or extracted from certificates
in case of cert-based SASL EXTERNAL, or provided within the RFC 4370
@@ -381,7 +381,7 @@ Note that this search is subject to access controls. Specifically,
the authentication identity must have "auth" access in the subject.
Multiple
-.B authz-regexp
+.B authz\-regexp
options can be given in the configuration file to allow for multiple matching
and replacement patterns. The matching patterns are checked in the order they
appear in the file, stopping at the first successful match.
@@ -458,7 +458,7 @@ A SIGHUP signal will only cause a 'gentle' shutdown-attempt:
will stop listening for new connections, but will not close the
connections to the current clients. Future write operations return
unwilling-to-perform, though. Slapd terminates when all clients
-have closed their connections (if they ever do), or \- as before \-
+have closed their connections (if they ever do), or - as before -
if it receives a SIGTERM signal. This can be useful if you wish to
terminate the server and start a new
.B slapd
@@ -522,7 +522,7 @@ depend on these parameters and recreating them with
.hy 0
.B ldapsyntax "(\ <oid>\
[DESC\ <description>]\
- [X-SUBST <substitute\-syntax>]\ )"
+ [X\-SUBST <substitute-syntax>]\ )"
.RS
Specify an LDAP syntax using the LDAPv3 syntax defined in RFC 4512.
The slapd parser extends the RFC 4512 definition by allowing string
@@ -531,20 +531,20 @@ forms as well as numeric OIDs to be used for the syntax OID.
.B objectidentifier
description.)
The slapd parser also honors the
-.B X-SUBST
+.B X\-SUBST
extension (an OpenLDAP-specific extension), which allows to use the
.B ldapsyntax
statement to define a non-implemented syntax along with another syntax,
the extension value
-.IR substitute\-syntax ,
+.IR substitute-syntax ,
as its temporary replacement.
The
-.I substitute\-syntax
+.I substitute-syntax
must be defined.
This allows to define attribute types that make use of non-implemented syntaxes
using the correct syntax OID.
Unless
-.B X-SUBST
+.B X\-SUBST
is used, this configuration statement would result in an error,
since no handlers would be associated to the resulting syntax structure.
.RE
@@ -658,7 +658,7 @@ or as a list of the names that are shown between brackets, such that
are equivalent.
The keyword
.B any
-can be used as a shortcut to enable logging at all levels (equivalent to -1).
+can be used as a shortcut to enable logging at all levels (equivalent to \-1).
The keyword
.BR none ,
or the equivalent integer representation, causes those messages
@@ -680,7 +680,7 @@ are searched for in the directories specified by the
.B modulepath
option. This option and the
.B modulepath
-option are only usable if slapd was compiled with --enable-modules.
+option are only usable if slapd was compiled with \-\-enable\-modules.
.TP
.B modulepath <pathspec>
Specify a list of directories to search for loadable modules. Typically
@@ -710,7 +710,7 @@ in place of the numeric OID in objectclass and attribute definitions. The
name can also be used with a suffix of the form ":xx" in which case the
value "oid.xx" will be used.
.TP
-.B password-hash <hash> [<hash>...]
+.B password\-hash <hash> [<hash>...]
This option configures one or more hashes to be used in generation of user
passwords stored in the userPassword attribute during processing of
LDAP Password Modify Extended Operations (RFC 3062).
@@ -798,10 +798,10 @@ may be used to require no conditions (useful to clear out globally
set conditions within a particular database); it must occur first
in the list of conditions.
.TP
-.B reverse-lookup on | off
+.B reverse\-lookup on | off
Enable/disable client name unverified reverse lookup (default is
.BR off
-if compiled with --enable-rlookups).
+if compiled with \-\-enable\-rlookups).
.TP
.B rootDSE <file>
Specify the name of an LDIF(5) file containing user defined attributes
@@ -812,22 +812,22 @@ The root DSE is an entry with information about the server and its
capabilities, in operational attributes.
It has the empty DN, and can be read with e.g.:
.ti +4
-ldapsearch -x -b "" -s base "+"
+ldapsearch \-x \-b "" \-s base "+"
.br
See RFC 4512 section 5.1 for details.
.TP
-.B sasl-auxprops <plugin> [...]
+.B sasl\-auxprops <plugin> [...]
Specify which auxprop plugins to use for authentication lookups. The
default is empty, which just uses slapd's internal support. Usually
no other auxprop plugins are needed.
.TP
-.B sasl-host <fqdn>
+.B sasl\-host <fqdn>
Used to specify the fully qualified domain name used for SASL processing.
.TP
-.B sasl-realm <realm>
+.B sasl\-realm <realm>
Specify SASL realm. Default is empty.
.TP
-.B sasl-secprops <properties>
+.B sasl\-secprops <properties>
Used to specify Cyrus SASL security properties.
The
.B none
@@ -878,7 +878,7 @@ controls the entries on this server. The default is "cn=Subschema".
.B security <factors>
Specify a set of security strength factors (separated by white space)
to require (see
-.BR sasl-secprops 's
+.BR sasl\-secprops 's
.B minssf
option for a description of security strength factors).
The directive may be specified globally and/or per-database.
@@ -978,7 +978,7 @@ See
.BR limits
for an explanation of the different flags.
.TP
-.B tool-threads <integer>
+.B tool\-threads <integer>
Specify the maximum number of threads to use in tool mode.
This should not be greater than the number of CPUs in the system.
The default is 1.
@@ -1008,13 +1008,13 @@ TLSCipherSuite HIGH:MEDIUM:+SSLv2
To check what ciphers a given spec selects, use:
.nf
- openssl ciphers -v <cipher-suite-spec>
+ openssl ciphers \-v <cipher-suite-spec>
.fi
To obtain the list of ciphers in GNUtls use:
.nf
- gnutls-cli -l
+ gnutls-cli \-l
.fi
.TP
@@ -1523,7 +1523,7 @@ password can only be set if the rootdn is within the namingContext
(suffix) of the database.
This option accepts all RFC 2307 userPassword formats known to
the server (see
-.B password-hash
+.B password\-hash
description) as well as cleartext.
.BR slappasswd (8)
may be used to generate a hash of a password. Cleartext
@@ -1604,7 +1604,7 @@ in order to work over all of the glued databases. E.g.
.B [sizelimit=<limit>]
.B [timelimit=<limit>]
.B [schemachecking=on|off]
-.B [network-timeout=<seconds>]
+.B [network\-timeout=<seconds>]
.B [timeout=<seconds>]
.B [bindmethod=simple|sasl]
.B [binddn=<dn>]
@@ -1721,7 +1721,7 @@ As a consequence, schema checking should be \fBoff\fP when partial
replication is used.
The
-.B network-timeout
+.B network\-timeout
parameter sets how long the consumer will wait to establish a
network connection to the provider. Once a connection is
established, the
@@ -1757,7 +1757,7 @@ The
.B authzid
parameter may be used to specify an authorization identity.
Specific security properties (as with the
-.B sasl-secprops
+.B sasl\-secprops
keyword above) for a SASL bind can be set with the
.B secprops
option. A non default SASL realm can be set with the
@@ -1793,7 +1793,7 @@ and
parameters must be set appropriately for the log that will be used. The
.B syncdata
parameter must be set to either "accesslog" if the log conforms to the
-.BR slapo-accesslog (5)
+.BR slapo\-accesslog (5)
log format, or "changelog" if the log conforms
to the obsolete \fIchangelog\fP format. If the
.B syncdata
@@ -1833,10 +1833,10 @@ include SYSCONFDIR/schema/core.schema
pidfile LOCALSTATEDIR/run/slapd.pid
# Subtypes of "name" (e.g. "cn" and "ou") with the
-# option ";x-hidden" can be searched for/compared,
+# option ";x\-hidden" can be searched for/compared,
# but are not shown. See \fBslapd.access\fP(5).
-attributeoptions x-hidden lang-
-access to attrs=name;x-hidden by * =cs
+attributeoptions x\-hidden lang\-
+access to attrs=name;x\-hidden by * =cs
# Protect passwords. See \fBslapd.access\fP(5).
access to attrs=userPassword by * auth
@@ -1844,11 +1844,11 @@ access to attrs=userPassword by * auth
access to * by * read
database bdb
-suffix "dc=our-domain,dc=com"
+suffix "dc=our\-domain,dc=com"
# The database directory MUST exist prior to
# running slapd AND should only be accessible
# by the slapd/tools. Mode 0700 recommended.
-directory LOCALSTATEDIR/openldap-data
+directory LOCALSTATEDIR/openldap\-data
# Indices to maintain
index objectClass eq
index cn,sn,mail pres,eq,approx,sub
@@ -1857,7 +1857,7 @@ index cn,sn,mail pres,eq,approx,sub
# so handle remote lookups on their behalf.
database ldap
suffix ""
-uri ldap://ldap.some-server.com/
+uri ldap://ldap.some\-server.com/
lastmod off
.fi
.RE
diff --git a/doc/man/man5/slapd.overlays.5 b/doc/man/man5/slapd.overlays.5
index 014a9b6d03..3e7d14a6f6 100644
--- a/doc/man/man5/slapd.overlays.5
+++ b/doc/man/man5/slapd.overlays.5
@@ -16,7 +16,7 @@ may also be configured globally.
Configuration options for each overlay are documented separately in the
corresponding
-.BR slapo-<overlay> (5)
+.BR slapo\-<overlay> (5)
manual pages.
.TP
.B accesslog
@@ -61,9 +61,9 @@ This overlay allows expansion of dynamic groups and more.
Proxycache.
This overlay allows caching of LDAP search requests in a local database.
It is most often used with the
-.BR slapd-ldap (5)
+.BR slapd\-ldap (5)
or
-.BR slapd-meta (5)
+.BR slapd\-meta (5)
backends.
.TP
.B ppolicy
@@ -75,7 +75,7 @@ password resets, etc.
.B refint
Referential Integrity.
This overlay can be used with a backend database such as
-.BR slapd-bdb (5)
+.BR slapd\-bdb (5)
to maintain the cohesiveness of a schema which utilizes reference
attributes.
.TP
@@ -99,7 +99,7 @@ replication, including persistent search functionality.
.B translucent
Translucent Proxy.
This overlay can be used with a backend database such as
-.BR slapd-bdb (5)
+.BR slapd\-bdb (5)
to create a "translucent proxy".
Content of entries retrieved from a remote LDAP server can be partially
overridden by the database.
@@ -107,7 +107,7 @@ overridden by the database.
.B unique
Attribute Uniqueness.
This overlay can be used with a backend database such as
-.BR slapd-bdb (5)
+.BR slapd\-bdb (5)
to enforce the uniqueness of some or all attributes within a subtree.
.TP
.B valsort
diff --git a/doc/man/man5/slapd.plugin.5 b/doc/man/man5/slapd.plugin.5
index 8696fe634e..e6fb822fab 100644
--- a/doc/man/man5/slapd.plugin.5
+++ b/doc/man/man5/slapd.plugin.5
@@ -38,7 +38,7 @@ is as follows:
...
.fi
.LP
-If slapd is compiled with \fI--enable-slapi\fP, support for plugins
+If slapd is compiled with \fI\-\-enable\-slapi\fP, support for plugins
according to \fINetscape's Directory Server Plug-Ins\fP.
Version 4 of the API is currently implemented, with some extensions
from version 5.
diff --git a/doc/man/man5/slapo-accesslog.5 b/doc/man/man5/slapo-accesslog.5
index 954ac997a0..98a90620df 100644
--- a/doc/man/man5/slapo-accesslog.5
+++ b/doc/man/man5/slapo-accesslog.5
@@ -3,7 +3,7 @@
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.\" $OpenLDAP$
.SH NAME
-slapo-accesslog \- Access Logging overlay to slapd
+slapo\-accesslog \- Access Logging overlay to slapd
.SH SYNOPSIS
ETCDIR/slapd.conf
.SH DESCRIPTION
@@ -256,11 +256,11 @@ performed.) The values are formatted as
.RS
.PD 0
.TP
-attribute:<+|-|=|#> [ value]
+attribute:<+|\-|=|#> [ value]
.RE
.RE
.PD
-Where '+' indicates an Add of a value, '-' for Delete, '=' for Replace,
+Where '+' indicates an Add of a value, '\-' for Delete, '=' for Replace,
and '#' for Increment. In an Add operation, all of the reqMod values will
have the '+' designator.
.P
diff --git a/doc/man/man5/slapo-auditlog.5 b/doc/man/man5/slapo-auditlog.5
index d8b165ed20..9669b4adc4 100644
--- a/doc/man/man5/slapo-auditlog.5
+++ b/doc/man/man5/slapo-auditlog.5
@@ -3,7 +3,7 @@
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.\" $OpenLDAP$
.SH NAME
-slapo-auditlog \- Audit Logging overlay to slapd
+slapo\-auditlog \- Audit Logging overlay to slapd
.SH SYNOPSIS
ETCDIR/slapd.conf
.TP
@@ -57,4 +57,4 @@ ETCDIR/slapd.d
default slapd configuration directory
.SH SEE ALSO
.BR slapd.conf (5),
-.BR slapd-config(5).
+.BR slapd\-config(5).
diff --git a/doc/man/man5/slapo-chain.5 b/doc/man/man5/slapo-chain.5
index c53779dbfa..0fda588d49 100644
--- a/doc/man/man5/slapo-chain.5
+++ b/doc/man/man5/slapo-chain.5
@@ -3,7 +3,7 @@
.\" Copying restrictions apply. See the COPYRIGHT file.
.\" $OpenLDAP$
.SH NAME
-slapo-chain \- chain overlay to slapd
+slapo\-chain \- chain overlay to slapd
.SH SYNOPSIS
ETCDIR/slapd.conf
.SH DESCRIPTION
@@ -18,7 +18,7 @@ If operations are performed with an identity (i.e. after a bind),
that identity can be asserted while chasing the referrals
by means of the \fIidentity assertion\fP feature of back-ldap
(see
-.BR slapd-ldap (5)
+.BR slapd\-ldap (5)
for details), which is essentially based on the
.B proxied authorization
control [RFC 4370].
@@ -39,7 +39,7 @@ There are very few chain overlay specific directives; however, directives
related to the instances of the \fIldap\fP backend that may be implicitly
instantiated by the overlay may assume a special meaning when used
in conjunction with this overlay. They are described in
-.BR slapd-ldap (5),
+.BR slapd\-ldap (5),
and they also need to be prefixed by
.BR chain\- .
.TP
@@ -47,21 +47,21 @@ and they also need to be prefixed by
This directive adds the chain overlay to the current backend.
The chain overlay may be used with any backend, but it is mainly
intended for use with local storage backends that may return referrals.
-It is useless in conjunction with the \fIslapd-ldap\fP and \fIslapd-meta\fP
+It is useless in conjunction with the \fIslapd\-ldap\fP and \fIslapd\-meta\fP
backends because they already exploit the libldap specific referral chase
feature.
[Note: this may change in the future, as the \fBldap\fP(5) and
\fBmeta\fP(5) backends might no longer chase referrals on their own.]
.TP
-.B chain-cache-uri {FALSE|true}
+.B chain\-cache\-uri {FALSE|true}
This directive instructs the \fIchain\fP overlay to cache
connections to URIs parsed out of referrals that are not predefined,
to be reused for later chaining.
These URIs inherit the properties configured for the underlying
-\fBslapd-ldap\fP(5) before any occurrence of the \fBchain-uri\fP
+\fBslapd\-ldap\fP(5) before any occurrence of the \fBchain\-uri\fP
directive; basically, they are chained anonymously.
.TP
-.B chain-chaining [resolve=<r>] [continuation=<c>] [critical]
+.B chain\-chaining [resolve=<r>] [continuation=<c>] [critical]
This directive enables the \fIchaining\fP control
(see \fIdraft-sermersheim-ldap-chaining\fP for details)
with the desired resolve and continuation behaviors and criticality.
@@ -79,12 +79,12 @@ The values \fBr\fP and \fBc\fP can be any of
If the \fBcritical\fP flag affects the control criticality if provided.
[This control is experimental and its support may change in the future.]
.TP
-.B chain-max-depth <n>
+.B chain\-max\-depth <n>
In case a referral is returned during referral chasing, further chasing
occurs at most \fB<n>\fP levels deep. Set to \fB1\fP (the default)
to disable further referral chasing.
.TP
-.B chain-return-error {FALSE|true}
+.B chain\-return\-error {FALSE|true}
In case referral chasing fails, the real error is returned instead
of the original referral. In case multiple referral URIs are present,
only the first error is returned. This behavior may not be always
@@ -92,12 +92,12 @@ appropriate nor desirable, since failures in referral chasing might be
better resolved by the client (e.g. when caused by distributed
authentication issues).
.TP
-.B chain-uri <ldapuri>
+.B chain\-uri <ldapuri>
This directive instantiates a new underlying \fIldap\fP database
and instructs it about which URI to contact to chase referrals.
-As opposed to what stated in \fBslapd-ldap\fP(5), only one URI
-can appear after this directive; all subsequent \fBslapd-ldap\fP(5)
-directives prefixed by \fBchain-\fP refer to this specific instance
+As opposed to what stated in \fBslapd\-ldap\fP(5), only one URI
+can appear after this directive; all subsequent \fBslapd\-ldap\fP(5)
+directives prefixed by \fBchain\-\fP refer to this specific instance
of a remote server.
.LP
@@ -107,17 +107,17 @@ be required, as shown in this example:
.RS
.nf
overlay chain
-chain-rebind-as-user FALSE
+chain\-rebind\-as\-user FALSE
-chain-uri "ldap://ldap1.example.com"
-chain-rebind-as-user TRUE
-chain-idassert-bind bindmethod="simple"
+chain\-uri "ldap://ldap1.example.com"
+chain\-rebind\-as\-user TRUE
+chain\-idassert\-bind bindmethod="simple"
binddn="cn=Auth,dc=example,dc=com"
credentials="secret"
mode="self"
-chain-uri "ldap://ldap2.example.com"
-chain-idassert-bind bindmethod="simple"
+chain\-uri "ldap://ldap2.example.com"
+chain\-idassert\-bind bindmethod="simple"
binddn="cn=Auth,dc=example,dc=com"
credentials="secret"
mode="none"
@@ -126,14 +126,14 @@ chain-idassert-bind bindmethod="simple"
.RE
.LP
Any valid directives for the ldap database may be used; see
-.BR slapd-ldap (5)
+.BR slapd\-ldap (5)
for details.
-Multiple occurrences of the \fBchain-uri\fP directive may appear,
+Multiple occurrences of the \fBchain\-uri\fP directive may appear,
to define multiple "trusted" URIs where operations with
\fIidentity assertion\fP are chained.
All URIs not listed in the configuration are chained anonymously.
-All \fBslapd-ldap\fP(5) directives appearing before the first
-occurrence of \fBchain-uri\fP are inherited by all URIs,
+All \fBslapd\-ldap\fP(5) directives appearing before the first
+occurrence of \fBchain\-uri\fP are inherited by all URIs,
unless specifically overridden inside each URI configuration.
.SH FILES
.TP
diff --git a/doc/man/man5/slapo-collect.5 b/doc/man/man5/slapo-collect.5
index d38d1f1d58..8813ca3eaf 100644
--- a/doc/man/man5/slapo-collect.5
+++ b/doc/man/man5/slapo-collect.5
@@ -3,7 +3,7 @@
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.\" $OpenLDAP$
.SH NAME
-slapo-collect \- Collective attributes overlay to slapd
+slapo\-collect \- Collective attributes overlay to slapd
.SH SYNOPSIS
ETCDIR/slapd.conf
.SH DESCRIPTION
@@ -43,7 +43,7 @@ default slapd configuration file
.BR slapd.conf (5),
.BR slapd\-config (5),
The
-.BR slapo-collect (5)
+.BR slapo\-collect (5)
overlay supports dynamic configuration via
.BR back-config .
.SH ACKNOWLEDGEMENTS
diff --git a/doc/man/man5/slapo-constraint.5 b/doc/man/man5/slapo-constraint.5
index f993db3ec3..e3cce3a61c 100644
--- a/doc/man/man5/slapo-constraint.5
+++ b/doc/man/man5/slapo-constraint.5
@@ -4,7 +4,7 @@
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.\" $OpenLDAP$
.SH NAME
-slapo-constraint \- Attribute Constraint Overlay to slapd
+slapo\-constraint \- Attribute Constraint Overlay to slapd
.SH SYNOPSIS
ETCDIR/slapd.conf
.SH DESCRIPTION
diff --git a/doc/man/man5/slapo-dds.5 b/doc/man/man5/slapo-dds.5
index b7b7ea3318..5ad762456d 100644
--- a/doc/man/man5/slapo-dds.5
+++ b/doc/man/man5/slapo-dds.5
@@ -3,7 +3,7 @@
.\" Copying restrictions apply. See the COPYRIGHT file.
.\" $OpenLDAP$
.SH NAME
-slapo-dds \- Dynamic Directory Services overlay to slapd
+slapo\-dds \- Dynamic Directory Services overlay to slapd
.SH SYNOPSIS
ETCDIR/slapd.conf
.SH DESCRIPTION
@@ -131,7 +131,7 @@ run-queue size) that are used by dynamic objects.
By default, no limit is set.
.TP
-.B dds-state {TRUE|false}
+.B dds\-state {TRUE|false}
Specifies if the Dynamic Directory Services feature is enabled or not.
By default it is; however, a proxy does not need to keep track of dynamic
objects itself, it only needs to inform the frontend that support for
diff --git a/doc/man/man5/slapo-dyngroup.5 b/doc/man/man5/slapo-dyngroup.5
index e37f95b8bf..63d451cafe 100644
--- a/doc/man/man5/slapo-dyngroup.5
+++ b/doc/man/man5/slapo-dyngroup.5
@@ -3,7 +3,7 @@
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.\" $OpenLDAP$
.SH NAME
-slapo-dyngroup \- Dynamic Group overlay to slapd
+slapo\-dyngroup \- Dynamic Group overlay to slapd
.SH SYNOPSIS
ETCDIR/slapd.conf
.SH DESCRIPTION
diff --git a/doc/man/man5/slapo-dynlist.5 b/doc/man/man5/slapo-dynlist.5
index 2aa9eaf31c..c0152e64b3 100644
--- a/doc/man/man5/slapo-dynlist.5
+++ b/doc/man/man5/slapo-dynlist.5
@@ -3,7 +3,7 @@
.\" Copying restrictions apply. See the COPYRIGHT file.
.\" $OpenLDAP$
.SH NAME
-slapo-dynlist \- Dynamic List overlay to slapd
+slapo\-dynlist \- Dynamic List overlay to slapd
.SH SYNOPSIS
ETCDIR/slapd.conf
.SH DESCRIPTION
@@ -20,7 +20,7 @@ entry.
No recursion is allowed, to avoid potential infinite loops.
The resulting entry must comply with the LDAP data model, so constraints
are enforced.
-For example, if a \fISINGLE-VALUE\fP attribute is listed,
+For example, if a \fISINGLE\-VALUE\fP attribute is listed,
only the first value results in the final entry.
The above described behavior is disabled when the \fImanageDSAit\fP
control (RFC 3296) is used.
@@ -50,9 +50,9 @@ occurrences, and it must appear after the
.B overlay
directive.
.TP
-.B dynlist-attrset <group-oc> [<URI>] <URL-ad> [[<mapped-ad>:]<member-ad> ...]
+.B dynlist\-attrset <group-oc> [<URI>] <URL-ad> [[<mapped-ad>:]<member-ad> ...]
The value
-.B group-oc
+.B group\-oc
is the name of the objectClass that triggers the dynamic expansion of the
data.
@@ -141,7 +141,7 @@ entry; first of all, make sure that slapd.conf contains the directives:
# ...
overlay dynlist
- dynlist-attrset groupOfURLs memberURL
+ dynlist\-attrset groupOfURLs memberURL
.fi
.LP
and that slapd loads dynlist.la, if compiled as a run-time module;
@@ -170,7 +170,7 @@ attribute:
# ...
overlay dynlist
- dynlist-attrset groupOfURLs memberURL member
+ dynlist\-attrset groupOfURLs memberURL member
.fi
.LP
@@ -195,7 +195,7 @@ default slapd configuration file
.BR slapd\-config (5),
.BR slapd (8).
The
-.BR slapo-dynlist (5)
+.BR slapo\-dynlist (5)
overlay supports dynamic configuration via
.BR back-config .
.SH ACKNOWLEDGEMENTS
diff --git a/doc/man/man5/slapo-memberof.5 b/doc/man/man5/slapo-memberof.5
index 32e69c761d..5f3f5469b2 100644
--- a/doc/man/man5/slapo-memberof.5
+++ b/doc/man/man5/slapo-memberof.5
@@ -3,7 +3,7 @@
.\" Copying restrictions apply. See the COPYRIGHT file.
.\" $OpenLDAP$
.SH NAME
-slapo-memberof \- Reverse Group Membership overlay to slapd
+slapo\-memberof \- Reverse Group Membership overlay to slapd
.SH SYNOPSIS
ETCDIR/slapd.conf
.SH DESCRIPTION
@@ -36,7 +36,7 @@ The following
configuration options are defined for the memberofoverlay.
.TP
-.BI memberof-group-oc \ <group-oc>
+.BI memberof\-group\-oc \ <group-oc>
The value
.I <group-oc>
is the name of the objectClass that triggers the reverse group membership
@@ -44,7 +44,7 @@ update.
It defaults to \fIgroupOfNames\fP.
.TP
-.BI memberof-member-ad \ <member-ad>
+.BI memberof\-member\-ad \ <member-ad>
The value
.I <member-ad>
is the name of the attribute that contains the names of the members
@@ -52,7 +52,7 @@ in the group objects; it must be DN-valued.
It defaults to \fImember\fP.
.TP
-.BI memberof-memberof-ad \ <memberof-ad>
+.BI memberof\-memberof\-ad \ <memberof-ad>
The value
.I <memberof-ad>
is the name of the attribute that contains the names of the groups
@@ -61,7 +61,7 @@ automatically updated by the overlay.
It defaults to \fImemberOf\fP.
.TP
-.BI memberof-dn \ <dn>
+.BI memberof\-dn \ <dn>
The value
.I <dn>
contains the DN that is used as \fImodifiersName\fP for internal
@@ -69,7 +69,7 @@ modifications performed to update the reverse group membership.
It defaults to the \fIrootdn\fP of the underlying database.
.TP
-.BI "memberof-dangling {" ignore ", " drop ", " error "}"
+.BI "memberof\-dangling {" ignore ", " drop ", " error "}"
This option determines the behavior of the overlay when, during
a modification, it encounters dangling references.
The default is
@@ -84,9 +84,9 @@ which causes modifications that would result in dangling references
to fail.
.TP
-.BI memberof-dangling-error \ <error-code>
+.BI memberof\-dangling\-error \ <error-code>
If
-.BR memberof-dangling
+.BR memberof\-dangling
is set to
.IR error ,
this configuration parameter can be used to modify the response code
@@ -94,7 +94,7 @@ returned in case of violation. It defaults to "constraint violation",
but other implementations are known to return "no such object" instead.
.TP
-.BI "memberof-refint {" true "|" FALSE "}"
+.BI "memberof\-refint {" true "|" FALSE "}"
This option determines whether the overlay will try to preserve
referential integrity or not.
If set to
@@ -116,7 +116,7 @@ default slapd configuration file
.BR slapd\-config (5),
.BR slapd (8).
The
-.BR slapo-memberof (5)
+.BR slapo\-memberof (5)
overlay supports dynamic configuration via
.BR back-config .
.SH ACKNOWLEDGEMENTS
diff --git a/doc/man/man5/slapo-pcache.5 b/doc/man/man5/slapo-pcache.5
index 403f22cdda..e7f8e706ef 100644
--- a/doc/man/man5/slapo-pcache.5
+++ b/doc/man/man5/slapo-pcache.5
@@ -4,7 +4,7 @@
.\" Copyright 2001, Pierangelo Masarati, All rights reserved. <ando@sys-net.it>
.\" $OpenLDAP$
.SH NAME
-slapo-pcache \- proxycache overlay to slapd
+slapo\-pcache \- proxycache overlay to slapd
.SH SYNOPSIS
ETCDIR/slapd.conf
.SH DESCRIPTION
@@ -71,7 +71,7 @@ proxycache \fBbdb 10000 1 50 100\fP
.TP
.B proxyattrset <index> <attrs...>
Used to associate a set of attributes <attrs..> with an <index>. Each attribute
-set is associated with an integer from 0 to <numattrsets>-1. These indices are
+set is associated with an integer from 0 to <numattrsets>\-1. These indices are
used by the \fBproxytemplate\fP directive to define cacheable templates.
A set of attributes cannot be empty. A set of attributes can contain the
special attributes "*" (all user attributes), "+" (all operational attributes)
@@ -121,7 +121,7 @@ hitting a sizelimit should also be cached for the specified amount of time.
Results hitting a sizelimit are not cached by default (<limitttl> set to 0).
.TP
-.B response-callback { head | tail }
+.B response\-callback { head | tail }
Specifies whether the response callback should be placed at the
.B tail
(the default) or at the
@@ -219,11 +219,11 @@ For this reason, it is suggested that, when using
proxy caching be used in conjunction with the
.I identity assertion
feature of
-.BR slapd-ldap (5)
+.BR slapd\-ldap (5)
(see the
-.B idassert-bind
+.B idassert\-bind
and the
-.B idassert-authz
+.B idassert\-authz
statements), so that remote server interrogation occurs with a vanilla identity
that has some relatively high
.B search
diff --git a/doc/man/man5/slapo-ppolicy.5 b/doc/man/man5/slapo-ppolicy.5
index 761428ec88..28f6e40296 100644
--- a/doc/man/man5/slapo-ppolicy.5
+++ b/doc/man/man5/slapo-ppolicy.5
@@ -3,7 +3,7 @@
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.\" $OpenLDAP$
.SH NAME
-slapo-ppolicy \- Password Policy overlay to slapd
+slapo\-ppolicy \- Password Policy overlay to slapd
.SH SYNOPSIS
ETCDIR/slapd.conf
.SH DESCRIPTION
@@ -17,7 +17,7 @@ decodes and applies specific password policy controls to overall
use of a backend database, changes to user password fields, etc.
.P
The overlay provides a variety of password control mechanisms. They
-include password aging--both minimum and maximum ages, password
+include password aging -- both minimum and maximum ages, password
reuse and duplication control, account time-outs, mandatory password
resets, acceptable password content, and even grace logins.
Different groups of users may be associated with different password
@@ -159,7 +159,7 @@ modified whenever and however often is desired).
NAME 'pwdMinAge'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
- SINGLE-VALUE )
+ SINGLE\-VALUE )
.RE
.B pwdMaxAge
@@ -173,7 +173,7 @@ value is zero (0), then passwords will not expire.
NAME 'pwdMaxAge'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
- SINGLE-VALUE )
+ SINGLE\-VALUE )
.RE
.B pwdInHistory
@@ -196,7 +196,7 @@ although the password is saved in the history.
NAME 'pwdInHistory'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
- SINGLE-VALUE )
+ SINGLE\-VALUE )
.RE
.B pwdCheckQuality
@@ -217,7 +217,7 @@ error refusing the password.
NAME 'pwdCheckQuality'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
- SINGLE-VALUE )
+ SINGLE\-VALUE )
.RE
.B pwdMinLength
@@ -245,7 +245,7 @@ is two (2)).
NAME 'pwdMinLength'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
- SINGLE-VALUE )
+ SINGLE\-VALUE )
.RE
.B pwdExpireWarning
@@ -261,7 +261,7 @@ present, or if the value is zero (0), no warnings will be sent.
NAME 'pwdExpireWarning'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
- SINGLE-VALUE )
+ SINGLE\-VALUE )
.RE
.B pwdGraceAuthnLimit
@@ -277,7 +277,7 @@ directory.
NAME 'pwdGraceAuthnLimit'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
- SINGLE-VALUE )
+ SINGLE\-VALUE )
.RE
.B pwdLockout
@@ -303,7 +303,7 @@ attempts have been made.
NAME 'pwdLockout'
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
- SINGLE-VALUE )
+ SINGLE\-VALUE )
.RE
.B pwdLockoutDuration
@@ -327,7 +327,7 @@ again until it is reset by an administrator.
NAME 'pwdLockoutDuration'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
- SINGLE-VALUE )
+ SINGLE\-VALUE )
.RE
.B pwdMaxFailure
@@ -351,7 +351,7 @@ and
NAME 'pwdMaxFailure'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
- SINGLE-VALUE )
+ SINGLE\-VALUE )
.RE
.B pwdFailureCountInterval
@@ -369,7 +369,7 @@ counter will only be reset by a successful authentication.
NAME 'pwdFailureCountInterval'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
- SINGLE-VALUE )
+ SINGLE\-VALUE )
.RE
.B pwdMustChange
@@ -391,7 +391,7 @@ the administrator sets or resets the password.
NAME 'pwdMustChange'
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
- SINGLE-VALUE )
+ SINGLE\-VALUE )
.RE
.B pwdAllowUserChange
@@ -408,7 +408,7 @@ users will not be allowed to change their own passwords.
NAME 'pwdAllowUserChange'
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
- SINGLE-VALUE )
+ SINGLE\-VALUE )
.RE
.B pwdSafeModify
@@ -426,7 +426,7 @@ along with the new password.
NAME 'pwdSafeModify'
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
- SINGLE-VALUE )
+ SINGLE\-VALUE )
.RE
.B pwdCheckModule
@@ -473,7 +473,7 @@ be free()'d by slapd.
NAME 'pwdCheckModule'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
- SINGLE-VALUE )
+ SINGLE\-VALUE )
.RE
.P
Note:
@@ -546,8 +546,8 @@ policy rules will be enforced.
this object'
EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
- SINGLE-VALUE
- NO-USER-MODIFICATION
+ SINGLE\-VALUE
+ NO\-USER\-MODIFICATION
USAGE directoryOperation)
.RE
@@ -567,8 +567,8 @@ does not exist, the user's password will not expire.
SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
EQUALITY generalizedTimeMatch
ORDERING generalizedTimeOrderingMatch
- SINGLE-VALUE
- NO-USER-MODIFICATION
+ SINGLE\-VALUE
+ NO\-USER\-MODIFICATION
USAGE directoryOperation)
.RE
@@ -588,8 +588,8 @@ and may only be unlocked by an administrator.
SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
EQUALITY generalizedTimeMatch
ORDERING generalizedTimeOrderingMatch
- SINGLE-VALUE
- NO-USER-MODIFICATION
+ SINGLE\-VALUE
+ NO\-USER\-MODIFICATION
USAGE directoryOperation)
.RE
@@ -623,7 +623,7 @@ will be cleansed of entries.
SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
EQUALITY generalizedTimeMatch
ORDERING generalizedTimeOrderingMatch
- NO-USER-MODIFICATION
+ NO\-USER\-MODIFICATION
USAGE directoryOperation )
.RE
@@ -677,7 +677,7 @@ field is in GMT format.
DESC 'The history of user passwords'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
EQUALITY octetStringMatch
- NO-USER-MODIFICATION
+ NO\-USER\-MODIFICATION
USAGE directoryOperation)
.RE
@@ -701,7 +701,7 @@ attribute.
DESC 'The timestamps of the grace login once the password has expired'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
EQUALITY generalizedTimeMatch
- NO-USER-MODIFICATION
+ NO\-USER\-MODIFICATION
USAGE directoryOperation)
.RE
@@ -723,7 +723,7 @@ administrative reset.
been reset'
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
- SINGLE-VALUE
+ SINGLE\-VALUE
USAGE directoryOperation)
.RE
@@ -733,7 +733,7 @@ administrative reset.
.nf
database bdb
suffix dc=example,dc=com
-\...
+\|...
overlay ppolicy
ppolicy_default "cn=Standard,ou=Policies,dc=example,dc=com"
.fi
diff --git a/doc/man/man5/slapo-refint.5 b/doc/man/man5/slapo-refint.5
index 067735df78..f2d4bf0d96 100644
--- a/doc/man/man5/slapo-refint.5
+++ b/doc/man/man5/slapo-refint.5
@@ -3,12 +3,12 @@
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.\" $OpenLDAP$
.SH NAME
-slapo-refint \- Referential Integrity overlay to slapd
+slapo\-refint \- Referential Integrity overlay to slapd
.SH SYNOPSIS
ETCDIR/slapd.conf
.SH DESCRIPTION
The Referential Integrity overlay can be used with a backend database such as
-.BR slapd-bdb (5)
+.BR slapd\-bdb (5)
to maintain the cohesiveness of a schema which utilizes reference attributes.
.LP
Integrity is maintained by updating database records which contain the named
diff --git a/doc/man/man5/slapo-retcode.5 b/doc/man/man5/slapo-retcode.5
index 9e6730bf29..e306b3cf02 100644
--- a/doc/man/man5/slapo-retcode.5
+++ b/doc/man/man5/slapo-retcode.5
@@ -4,7 +4,7 @@
.\" Copyright 2001, Pierangelo Masarati, All rights reserved. <ando@sys-net.it>
.\" $OpenLDAP$
.SH NAME
-slapo-retcode \- return code overlay to slapd
+slapo\-retcode \- return code overlay to slapd
.SH SYNOPSIS
ETCDIR/slapd.conf
.SH DESCRIPTION
@@ -58,7 +58,7 @@ If not defined, the suffix of the database is used.
.hy 0
.B retcode\-item <RDN> <errCode> [op=<oplist>] [text=<message>]
.B [ref=<referral>] [sleeptime=<sec>] [matched=<DN>]
-.B [unsolicited=<OID>[:<data>]] [flags=[{pre|post}-]disconnect[,...]]
+.B [unsolicited=<OID>[:<data>]] [flags=[{pre|post}\-]disconnect[,...]]
.RS
A dynamically generated entry, located below \fBretcode\-parent\fP.
The \fBerrCode\fP is the number of the response code;
@@ -79,9 +79,9 @@ The \fBunsolicited\fP field can be used to cause the return
of an RFC 4511 unsolicited response message; if \fBOID\fP
is not "0", an extended response is generated, with the optional
\fBdata\fP appended.
-If \fBflags\fP contains \fBdisconnect\fP, or \fBpre-disconnect\fP,
+If \fBflags\fP contains \fBdisconnect\fP, or \fBpre\-disconnect\fP,
.BR slapd (8)
-disconnects abruptly, without notice; \fBpost-disconnect\fP
+disconnects abruptly, without notice; \fBpost\-disconnect\fP
causes disconnection right after sending response as appropriate.
.RE
.TP
@@ -89,7 +89,7 @@ causes disconnection right after sending response as appropriate.
Enables exploitation of in-directory stored errAbsObject.
May result in a lot of unnecessary overhead.
.TP
-.B retcode\-sleep [-]<n>
+.B retcode\-sleep [\-]<n>
Defines a sleep time in seconds that is spent before actually handling
any operation.
If negative, a random time between 0 and the absolute value of the argument
@@ -119,7 +119,7 @@ The error code:
EQUALITY integerMatch
ORDERING integerOrderingMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
- SINGLE-VALUE )
+ SINGLE\-VALUE )
.RE
.LP
The operations that trigger the response code:
@@ -140,7 +140,7 @@ The text message:
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
- SINGLE-VALUE )
+ SINGLE\-VALUE )
.RE
.LP
The sleep time before the response is actually returned to the client:
@@ -150,7 +150,7 @@ The sleep time before the response is actually returned to the client:
DESC 'Time to wait before returning the error'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
- SINGLE-VALUE )
+ SINGLE\-VALUE )
.RE
.LP
The matched DN returned to the client:
@@ -160,7 +160,7 @@ The matched DN returned to the client:
DESC 'Value to be returned as matched DN'
EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
- SINGLE-VALUE )
+ SINGLE\-VALUE )
.RE
.LP
The OID to be returned as extended response OID
@@ -172,7 +172,7 @@ in RFC 4511 unsolicited responses
DESC 'OID to be returned within unsolicited response'
EQUALITY objectIdentifierMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.38
- SINGLE-VALUE )
+ SINGLE\-VALUE )
.RE
.LP
The octet string to be returned as extended response data
@@ -182,7 +182,7 @@ in RFC 4511 unsolicited response:
NAME ( 'errUnsolicitedData' )
DESC 'Data to be returned within unsolicited response'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
- SINGLE-VALUE )
+ SINGLE\-VALUE )
.RE
.LP
If TRUE,
@@ -194,7 +194,7 @@ after sending response as appropriate:
NAME ( 'errDisconnect' )
DESC 'Disconnect without notice'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
- SINGLE-VALUE )
+ SINGLE\-VALUE )
.RE
.LP
The abstract class that triggers the overlay:
@@ -226,15 +226,15 @@ The auxiliary objectclass to alter the behavior of existing objects:
.RS
.nf
overlay retcode
-retcode-parent "ou=RetCodes,dc=example,dc=com"
+retcode\-parent "ou=RetCodes,dc=example,dc=com"
# retcode.conf is found in tests/data/ of the source tree
include ./retcode.conf
# Wait 10 seconds, then return success (0x00)
-retcode-item "cn=Success after 10 seconds" 0x00 sleeptime=10
+retcode\-item "cn=Success after 10 seconds" 0x00 sleeptime=10
# Wait 10 seconds, then return timelimitExceeded (0x03)
-retcode-item "cn=Timelimit after 10 seconds" 0x03 sleeptime=10
+retcode\-item "cn=Timelimit after 10 seconds" 0x03 sleeptime=10
.fi
.RE
.LP
@@ -249,7 +249,7 @@ default slapd configuration file
.BR slapd\-config (5),
.BR slapd (8).
The
-.BR slapo-retcode (5)
+.BR slapo\-retcode (5)
overlay supports dynamic configuration via
.BR back-config .
.SH ACKNOWLEDGEMENTS
diff --git a/doc/man/man5/slapo-rwm.5 b/doc/man/man5/slapo-rwm.5
index e03e8b1f00..918bb4f0c3 100644
--- a/doc/man/man5/slapo-rwm.5
+++ b/doc/man/man5/slapo-rwm.5
@@ -8,7 +8,7 @@
.\" and maybe manual pages for librewrite.
.\"
.SH NAME
-slapo-rwm \- rewrite/remap overlay to slapd
+slapo\-rwm \- rewrite/remap overlay to slapd
.SH SYNOPSIS
ETCDIR/slapd.conf
.SH DESCRIPTION
@@ -19,9 +19,9 @@ overlay to
performs basic DN/data rewrite and objectClass/attributeType mapping.
Its usage is mostly intended to provide virtual views of existing data
either remotely, in conjunction with the proxy backend described in
-.BR slapd-ldap (5),
+.BR slapd\-ldap (5),
or locally, in conjunction with the relay backend described in
-.BR slapd-relay (5).
+.BR slapd\-relay (5).
.LP
This overlay is experimental.
.SH MAPPING
@@ -30,10 +30,10 @@ An important feature of the
overlay is the capability to map objectClasses and attributeTypes
from the local set (or a subset of it) to a foreign set, and vice versa.
This is accomplished by means of the
-.B rwm-map
+.B rwm\-map
directive.
.TP
-.B rwm-map "{attribute | objectclass} [<local name> | *] {<foreign name> | *}"
+.B rwm\-map "{attribute | objectclass} [<local name> | *] {<foreign name> | *}"
Map attributeTypes and objectClasses from the foreign server to
different values on the local slapd.
The reason is that some attributes might not be part of the local
@@ -51,8 +51,8 @@ and
must be defined in the local schema; the foreign ones do not have to,
but users are encouraged to explicitly define the remote attributeTypes
and the objectClasses they intend to map. All in all, when remapping
-a remote server via back-ldap (\fBslapd-ldap\fP(5))
-or back-meta (\fBslapd-meta\fP(5))
+a remote server via back-ldap (\fBslapd\-ldap\fP(5))
+or back-meta (\fBslapd\-meta\fP(5))
their definition can be easily obtained by querying the \fIsubschemaSubentry\fP
of the remote server; the problem should not exist when remapping a local
database.
@@ -80,10 +80,10 @@ when the
overlay is used together with e.g. the
.B pcache
overlay. This normalization can be enabled by means of the
-.B rwm-normalize-mapped-attrs
+.B rwm\-normalize\-mapped\-attrs
directive.
.TP
-.B rwm-normalize-mapped-attrs {yes|no}
+.B rwm\-normalize\-mapped\-attrs {yes|no}
Set this to "yes", if the
.B rwm
overlay should try to normalize the values of attributes that are mapped from
@@ -107,14 +107,14 @@ A basic feature of the
.B rwm
overlay is the capability to perform suffix massaging between a virtual
and a real naming context by means of the
-.B rwm-suffixmassage
+.B rwm\-suffixmassage
directive.
This, in conjunction with proxy backends,
-.BR slapd-ldap (5)
+.BR slapd\-ldap (5)
and
-.BR slapd-meta (5),
+.BR slapd\-meta (5),
or with the relay backend,
-.BR slapd-relay (5),
+.BR slapd\-relay (5),
allows to create virtual views of databases.
A distinguishing feature of this overlay is that, when instantiated
before any database, it can modify the DN of requests
@@ -124,7 +124,7 @@ For this reason, rules that rewrite the empty DN ("")
or the subschemaSubentry DN (usually "cn=subschema"),
would prevent clients from reading the root DSE or the DSA's schema.
.TP
-.B rwm-suffixmassage "[<virtual naming context>]" "<real naming context>"
+.B rwm\-suffixmassage "[<virtual naming context>]" "<real naming context>"
Shortcut to implement naming context rewriting; the trailing part
of the DN is rewritten from the virtual to the real naming context
in the bindDN, searchDN, searchFilterAttrDN, compareDN, compareAttrDN,
@@ -135,14 +135,14 @@ By default no rewriting occurs for the searchFilter
and for the referralAttrDN and referralDN rewrite contexts.
If no \fI<virtual naming context>\fP is given, the first suffix of the
database is used; this requires the
-.B rwm-suffixmassage
+.B rwm\-suffixmassage
directive be defined \fIafter\fP the database
.B suffix
directive.
The
-.B rwm-suffixmassage
+.B rwm\-suffixmassage
directive automatically sets the
-.B rwm-rewriteEngine
+.B rwm\-rewriteEngine
to
.BR ON .
.LP
@@ -183,7 +183,7 @@ Each rule is executed recursively, unless altered by specific action
flags; see "Action Flags" for details.
A default limit on the recursion level is set, and can be altered
by the
-.B rwm-rewriteMaxPasses
+.B rwm\-rewriteMaxPasses
directive, as detailed in the "Additional Configuration Syntax" section.
The substitution pattern allows map resolution of substrings.
A map is a generic object that maps a substitution pattern to a value.
@@ -350,7 +350,7 @@ Each basic server operation is associated to a rewrite context;
they are divided in two main groups: client \-> server and
server \-> client rewriting.
.LP
-client -> server:
+client \-> server:
.LP
.RS
.nf
@@ -376,7 +376,7 @@ exopPasswdDN password modify extended operation DN
.fi
.RE
.LP
-server -> client:
+server \-> client:
.LP
.RS
.nf
@@ -394,20 +394,20 @@ referralDN all ops (only if applicable; defaults
.LP
.SH "Basic Configuration Syntax"
All rewrite/remap directives start with the prefix
-.BR rwm- ;
+.BR rwm\- ;
for backwards compatibility with the historical
-.BR slapd-ldap (5)
+.BR slapd\-ldap (5)
and
-.BR slapd-meta (5)
+.BR slapd\-meta (5)
builtin rewrite/remap capabilities, the prefix may be omitted,
but this practice is strongly discouraged.
.TP
-.B rwm-rewriteEngine { on | off }
+.B rwm\-rewriteEngine { on | off }
If `on', the requested rewriting is performed; if `off', no
rewriting takes place (an easy way to stop rewriting without
altering too much the configuration file).
.TP
-.B rwm-rewriteContext <context name> "[ alias <aliased context name> ]"
+.B rwm\-rewriteContext <context name> "[ alias <aliased context name> ]"
<Context name> is the name that identifies the context, i.e. the name
used by the application to refer to the set of rules it contains.
It is used also to reference sub contexts in string rewriting.
@@ -415,21 +415,21 @@ A context may alias another one.
In this case the alias context contains no rule, and any reference to
it will result in accessing the aliased one.
.TP
-.B rwm-rewriteRule "<regex match pattern>" "<substitution pattern>" "[ <flags> ]"
+.B rwm\-rewriteRule "<regex match pattern>" "<substitution pattern>" "[ <flags> ]"
Determines how a string can be rewritten if a pattern is matched.
Examples are reported below.
.SH "Additional Configuration Syntax"
.TP
-.B rwm-rewriteMap "<map type>" "<map name>" "[ <map attrs> ]"
+.B rwm\-rewriteMap "<map type>" "<map name>" "[ <map attrs> ]"
Allows to define a map that transforms substring rewriting into
something else.
The map is referenced inside the substitution pattern of a rule.
.TP
-.B rwm-rewriteParam <param name> <param value>
+.B rwm\-rewriteParam <param name> <param value>
Sets a value with global scope, that can be dereferenced by the
command `${$paramName}'.
.TP
-.B rwm-rewriteMaxPasses <number of passes> [<number of passes per rule>]
+.B rwm\-rewriteMaxPasses <number of passes> [<number of passes per rule>]
Sets the maximum number of total rewriting passes that can be
performed in a single rewrite operation (to avoid loops).
A safe default is set to 100; note that reaching this limit is still
@@ -501,51 +501,51 @@ a multi-valued attribute is used, only the first value is considered.
.SH "REWRITE CONFIGURATION EXAMPLES"
.nf
# set to `off' to disable rewriting
-rwm-rewriteEngine on
+rwm\-rewriteEngine on
# the rules the "suffixmassage" directive implies
-rwm-rewriteEngine on
+rwm\-rewriteEngine on
# all dataflow from client to server referring to DNs
-rwm-rewriteContext default
-rwm-rewriteRule "(.+,)?<virtualnamingcontext>$" "$1<realnamingcontext>" ":"
+rwm\-rewriteContext default
+rwm\-rewriteRule "(.+,)?<virtualnamingcontext>$" "$1<realnamingcontext>" ":"
# empty filter rule
-rwm-rewriteContext searchFilter
+rwm\-rewriteContext searchFilter
# all dataflow from server to client
-rwm-rewriteContext searchEntryDN
-rwm-rewriteRule "(.+,)?<realnamingcontext>$" "$1<virtualnamingcontext>" ":"
-rwm-rewriteContext searchAttrDN alias searchEntryDN
-rwm-rewriteContext matchedDN alias searchEntryDN
+rwm\-rewriteContext searchEntryDN
+rwm\-rewriteRule "(.+,)?<realnamingcontext>$" "$1<virtualnamingcontext>" ":"
+rwm\-rewriteContext searchAttrDN alias searchEntryDN
+rwm\-rewriteContext matchedDN alias searchEntryDN
# misc empty rules
-rwm-rewriteContext referralAttrDN
-rwm-rewriteContext referralDN
+rwm\-rewriteContext referralAttrDN
+rwm\-rewriteContext referralDN
# Everything defined here goes into the `default' context.
# This rule changes the naming context of anything sent
# to `dc=home,dc=net' to `dc=OpenLDAP, dc=org'
-rwm-rewriteRule "(.+,)?dc=home,[ ]?dc=net$"
+rwm\-rewriteRule "(.+,)?dc=home,[ ]?dc=net$"
"$1dc=OpenLDAP, dc=org" ":"
# since a pretty/normalized DN does not include spaces
# after rdn separators, e.g. `,', this rule suffices:
-rwm-rewriteRule "(.+,)?dc=home,dc=net$"
+rwm\-rewriteRule "(.+,)?dc=home,dc=net$"
"$1dc=OpenLDAP,dc=org" ":"
# Start a new context (ends input of the previous one).
# This rule adds blanks between DN parts if not present.
-rwm-rewriteContext addBlanks
-rwm-rewriteRule "(.*),([^ ].*)" "$1, $2"
+rwm\-rewriteContext addBlanks
+rwm\-rewriteRule "(.*),([^ ].*)" "$1, $2"
# This one eats blanks
-rwm-rewriteContext eatBlanks
-rwm-rewriteRule "(.*), (.*)" "$1,$2"
+rwm\-rewriteContext eatBlanks
+rwm\-rewriteRule "(.*), (.*)" "$1,$2"
# Here control goes back to the default rewrite
# context; rules are appended to the existing ones.
# anything that gets here is piped into rule `addBlanks'
-rwm-rewriteContext default
-rwm-rewriteRule ".*" "${>addBlanks($0)}" ":"
+rwm\-rewriteContext default
+rwm\-rewriteRule ".*" "${>addBlanks($0)}" ":"
.\" # Anything with `uid=username' is looked up in
.\" # /etc/passwd for gecos (I know it's nearly useless,
@@ -554,29 +554,29 @@ rwm-rewriteRule ".*" "${>addBlanks($0)}" ":"
.\" # Note the `I' flag that leaves `uid=username' in place
.\" # if `username' does not have a valid account, and the
.\" # `:' that forces the rule to be processed exactly once.
-.\" rwm-rewriteContext uid2Gecos
-.\" rwm-rewriteRule "(.*)uid=([a-z0-9]+),(.+)"
+.\" rwm\-rewriteContext uid2Gecos
+.\" rwm\-rewriteRule "(.*)uid=([a\-z0\-9]+),(.+)"
.\" "$1cn=$2{xpasswd},$3" "I:"
.\"
.\" # Finally, in a bind, if one uses a `uid=username' DN,
.\" # it is rewritten in `cn=name surname' if possible.
-.\" rwm-rewriteContext bindDN
-.\" rwm-rewriteRule ".*" "${>addBlanks(${>uid2Gecos($0)})}" ":"
+.\" rwm\-rewriteContext bindDN
+.\" rwm\-rewriteRule ".*" "${>addBlanks(${>uid2Gecos($0)})}" ":"
.\"
# Rewrite the search base according to `default' rules.
-rwm-rewriteContext searchDN alias default
+rwm\-rewriteContext searchDN alias default
# Search results with OpenLDAP DN are rewritten back with
# `dc=home,dc=net' naming context, with spaces eaten.
-rwm-rewriteContext searchEntryDN
-rwm-rewriteRule "(.*[^ ],)?[ ]?dc=OpenLDAP,[ ]?dc=org$"
+rwm\-rewriteContext searchEntryDN
+rwm\-rewriteRule "(.*[^ ],)?[ ]?dc=OpenLDAP,[ ]?dc=org$"
"${>eatBlanks($1)}dc=home,dc=net" ":"
# Bind with email instead of full DN: we first need
# an ldap map that turns attributes into a DN (the
# argument used when invoking the map is appended to
# the URI and acts as the filter portion)
-rwm-rewriteMap ldap attr2dn "ldap://host/dc=my,dc=org?dn?sub"
+rwm\-rewriteMap ldap attr2dn "ldap://host/dc=my,dc=org?dn?sub"
# Then we need to detect DN made up of a single email,
# e.g. `mail=someone@example.com'; note that the rule
@@ -585,8 +585,8 @@ rwm-rewriteMap ldap attr2dn "ldap://host/dc=my,dc=org?dn?sub"
# to real naming contexts, we also need to rewrite
# regular DNs, because the definition of a bindDN
# rewrite context overrides the default definition.
-rwm-rewriteContext bindDN
-rwm-rewriteRule "^mail=[^,]+@[^,]+$" "${attr2dn($0)}" ":@I"
+rwm\-rewriteContext bindDN
+rwm\-rewriteRule "^mail=[^,]+@[^,]+$" "${attr2dn($0)}" ":@I"
# This is a rather sophisticated example. It massages a
# search filter in case who performs the search has
@@ -594,8 +594,8 @@ rwm-rewriteRule "^mail=[^,]+@[^,]+$" "${attr2dn($0)}" ":@I"
# track of the bind DN of the incoming request, which is
# stored in a variable called `binddn' with session scope,
# and left in place to allow regular binding:
-rwm-rewriteContext bindDN
-rwm-rewriteRule ".+" "${&&binddn($0)}$0" ":"
+rwm\-rewriteContext bindDN
+rwm\-rewriteRule ".+" "${&&binddn($0)}$0" ":"
# A search filter containing `uid=' is rewritten only
# if an appropriate DN is bound.
@@ -610,13 +610,13 @@ rwm-rewriteRule ".+" "${&&binddn($0)}$0" ":"
# module to authenticate users with both `uid' and
# `cn', but only if the request comes from a possible
# `cn=Web auth,ou=admin,dc=home,dc=net' user.
-rwm-rewriteContext searchFilter
-rwm-rewriteRule "(.*\e\e()uid=([a-z0-9_]+)(\e\e).*)"
+rwm\-rewriteContext searchFilter
+rwm\-rewriteRule "(.*\e\e()uid=([a\-z0\-9_]+)(\e\e).*)"
"${**binddn}<>${&prefix($1)}${&arg($2)}${&suffix($3)}"
":I"
-rwm-rewriteRule "^[^,]+,ou=admin,dc=home,dc=net$"
+rwm\-rewriteRule "^[^,]+,ou=admin,dc=home,dc=net$"
"${*prefix}|(uid=${*arg})(cn=${*arg})${*suffix}" ":@I"
-rwm-rewriteRule ".*<>$" "${*prefix}uid=${*arg}${*suffix}" ":"
+rwm\-rewriteRule ".*<>$" "${*prefix}uid=${*arg}${*suffix}" ":"
# This example shows how to strip unwanted DN-valued
# attribute values from a search result; the first rule
@@ -624,9 +624,9 @@ rwm-rewriteRule ".*<>$" "${*prefix}uid=${*arg}${*suffix}" ":"
# in case of match the rewriting exits successfully.
# The second rule matches everything else and causes
# the value to be rejected.
-rwm-rewriteContext searchEntryDN
-rwm-rewriteRule ".+,ou=People,dc=example,dc=com$" "$0" ":@"
-rwm-rewriteRule ".*" "" "#"
+rwm\-rewriteContext searchEntryDN
+rwm\-rewriteRule ".+,ou=People,dc=example,dc=com$" "$0" ":@"
+rwm\-rewriteRule ".*" "" "#"
.fi
.SH "MAPPING EXAMPLES"
The following directives map the object class `groupOfNames' to
diff --git a/doc/man/man5/slapo-syncprov.5 b/doc/man/man5/slapo-syncprov.5
index 28becd4a0f..f6a097c001 100644
--- a/doc/man/man5/slapo-syncprov.5
+++ b/doc/man/man5/slapo-syncprov.5
@@ -3,7 +3,7 @@
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.\" $OpenLDAP$
.SH NAME
-slapo-syncprov \- Sync Provider overlay to slapd
+slapo\-syncprov \- Sync Provider overlay to slapd
.SH SYNOPSIS
ETCDIR/slapd.conf
.SH DESCRIPTION
@@ -31,7 +31,7 @@ They should appear after the
.B overlay
directive.
.TP
-.B syncprov-checkpoint <ops> <minutes>
+.B syncprov\-checkpoint <ops> <minutes>
After a write operation has succeeded, write the contextCSN to the underlying
database if
.B <ops>
@@ -40,7 +40,7 @@ write operations or more than
time have passed
since the last checkpoint. Checkpointing is disabled by default.
.TP
-.B syncprov-sessionlog <ops>
+.B syncprov\-sessionlog <ops>
Configures an in-memory session log for recording information about write
operations made on the database. The
.B <ops>
@@ -49,13 +49,13 @@ operations (except Adds) are recorded in the log.
When using the session log, it is helpful to set an eq index on the
entryUUID attribute in the underlying database.
.TP
-.B syncprov-nopresent TRUE | FALSE
+.B syncprov\-nopresent TRUE | FALSE
Specify that the Present phase of refreshing should be skipped. This value
should only be set TRUE for a syncprov instance on top of a log database
(such as one managed by the accesslog overlay).
The default is FALSE.
.TP
-.B syncprov-reloadhint TRUE | FALSE
+.B syncprov\-reloadhint TRUE | FALSE
Specify that the overlay should honor the reloadHint flag in the Sync
Control. In OpenLDAP releases 2.3.11 and earlier the syncrepl consumer did
not properly set this flag, so the overlay must ignore it. This option
@@ -69,7 +69,7 @@ default slapd configuration file
.SH SEE ALSO
.BR slapd.conf (5),
.BR slapd\-config (5),
-.BR slapo-accesslog (5).
+.BR slapo\-accesslog (5).
OpenLDAP Administrator's Guide.
.SH ACKNOWLEDGEMENTS
.so ../Project
diff --git a/doc/man/man5/slapo-translucent.5 b/doc/man/man5/slapo-translucent.5
index 25e8090ce9..9d96da0968 100644
--- a/doc/man/man5/slapo-translucent.5
+++ b/doc/man/man5/slapo-translucent.5
@@ -3,12 +3,12 @@
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.\" $OpenLDAP$
.SH NAME
-slapo-translucent \- Translucent Proxy overlay to slapd
+slapo\-translucent \- Translucent Proxy overlay to slapd
.SH SYNOPSIS
ETCDIR/slapd.conf
.SH DESCRIPTION
The Translucent Proxy overlay can be used with a backend database such as
-.BR slapd-bdb (5)
+.BR slapd\-bdb (5)
to create a "translucent proxy". Entries retrieved from a remote LDAP
server may have some or all attributes overridden, or new attributes
added, by entries in the local database before being presented to the
@@ -33,8 +33,8 @@ remote database.
.SH CONFIGURATION
The Translucent Proxy overlay uses a proxied database,
typically a (set of) remote LDAP server(s), which is configured with the options shown in
-.BR slapd-ldap (5),
-.BR slapd-meta (5)
+.BR slapd\-ldap (5),
+.BR slapd\-meta (5)
or similar.
These
.B slapd.conf
@@ -130,4 +130,4 @@ default slapd configuration file
.SH SEE ALSO
.BR slapd.conf (5),
.BR slapd\-config (5),
-.BR slapd-ldap (5).
+.BR slapd\-ldap (5).
diff --git a/doc/man/man5/slapo-unique.5 b/doc/man/man5/slapo-unique.5
index 2193029859..822c7a5ee9 100644
--- a/doc/man/man5/slapo-unique.5
+++ b/doc/man/man5/slapo-unique.5
@@ -3,12 +3,12 @@
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.\" $OpenLDAP$
.SH NAME
-slapo-unique \- Attribute Uniqueness overlay to slapd
+slapo\-unique \- Attribute Uniqueness overlay to slapd
.SH SYNOPSIS
ETCDIR/slapd.conf
.SH DESCRIPTION
The Attribute Uniqueness overlay can be used with a backend database such as
-.BR slapd-bdb (5)
+.BR slapd\-bdb (5)
to enforce the uniqueness of some or all attributes within a
scope. This subtree defaults to all objects within the subtree of the
database for which the Uniqueness overlay is configured.
@@ -41,11 +41,13 @@ directive.
.TP
.B unique_uri <[strict ][ignore ]URI[URI...]...>
Configure the base, attributes, scope, and filter for uniqueness
-checking. Multiple URIs may be specified within a domain, allowing complex selections of objects. Multiple
+checking. Multiple URIs may be specified within a domain,
+allowing complex selections of objects. Multiple
.B unique_uri
statements or
.B olcUniqueURI
-attributes will create independent domains, each with their own independent lists of URIs and ignore/strict settings.
+attributes will create independent domains, each with their own
+independent lists of URIs and ignore/strict settings.
The LDAP URI syntax is a subset of
.B RFC-4516,
@@ -55,7 +57,8 @@ ldap:///[base dn]?[attributes...]?scope[?filter]
The
.B base dn
-defaults to that of the back-end database. Specified base dns must be within the subtree of the back-end database.
+defaults to that of the back-end database.
+Specified base dns must be within the subtree of the back-end database.
If no
.B attributes
@@ -111,7 +114,9 @@ that only one attribute within a subtree will be allowed to have a
null value. Strictness applies to all URIs within a uniqueness
domain, but some domains may be strict while others are not.
.LP
-It is not possible to set both URIs and legacy slapo-unique configuration parameters simultaneously. In general, the legacy configuration options control pieces of a single unfiltered subtree domain.
+It is not possible to set both URIs and legacy slapo\-unique configuration
+parameters simultaneously. In general, the legacy configuration options
+control pieces of a single unfiltered subtree domain.
.TP
.B unique_base <basedn>
This legacy configuration parameter should be converted to the
diff --git a/doc/man/man5/slapo-valsort.5 b/doc/man/man5/slapo-valsort.5
index 43e5669398..1bda98138e 100644
--- a/doc/man/man5/slapo-valsort.5
+++ b/doc/man/man5/slapo-valsort.5
@@ -3,7 +3,7 @@
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.\" $OpenLDAP$
.SH NAME
-slapo-valsort \- Value Sorting overlay to slapd
+slapo\-valsort \- Value Sorting overlay to slapd
.SH SYNOPSIS
ETCDIR/slapd.conf
.SH DESCRIPTION
@@ -29,7 +29,7 @@ They should appear after the
.B overlay
directive.
.TP
-valsort-attr <\fIattribute\fP> <\fIbaseDN\fP> (<\fIsort-method\fP> | weighted [<\fIsort-method\fP>])
+valsort\-attr <\fIattribute\fP> <\fIbaseDN\fP> (<\fIsort-method\fP> | weighted [<\fIsort-method\fP>])
Configure a sorting method for the specified
.I attribute
in the subtree rooted at
@@ -37,11 +37,11 @@ in the subtree rooted at
The
.I sort-method
may be one of
-.BR alpha-ascend ,
-.BR alpha-descend ,
-.BR numeric-ascend ,
+.BR alpha\-ascend ,
+.BR alpha\-descend ,
+.BR numeric\-ascend ,
or
-.BR numeric-descend .
+.BR numeric\-descend .
If the special
.B weighted
method is specified, a secondary
@@ -60,7 +60,7 @@ for an attribute with a syntax other than Integer or NumericString.
suffix dc=example,dc=com
...
overlay valsort
- valsort-attr member ou=groups,dc=example,dc=com alpha-ascend
+ valsort\-attr member ou=groups,dc=example,dc=com alpha\-ascend
.fi
.SH FILES
diff --git a/doc/man/man8/slapacl.8 b/doc/man/man8/slapacl.8
index d78a27f489..a359d3fcb1 100644
--- a/doc/man/man8/slapacl.8
+++ b/doc/man/man8/slapacl.8
@@ -6,16 +6,27 @@
slapacl \- Check access to a list of attributes.
.SH SYNOPSIS
.B SBINDIR/slapacl
-.B \-b DN
-.B [\-d level]
-.B [\-D authcDN | \-U authcID]
-.B [\-f slapd.conf]
-.B [\-F confdir]
-.B [\-o name[=value]]
-.B [\-u]
-.B [\-v]
-.B [\-X authzID | \-o authzDN=DN]
-.B [attr[/access][:value]] [...]
+.BI \-b \ DN
+[\c
+.BI \-d \ debug-level\fR]
+[\c
+.BI \-D \ authcDN\ \fR|
+.BI \-U \ authcID\fR]
+[\c
+.BI \-f \ slapd.conf\fR]
+[\c
+.BI \-F \ confdir\fR]
+[\c
+.BI \-o \ option\fR[ = value\fR]]
+[\c
+.BR \-u ]
+[\c
+.BR \-v ]
+[\c
+.BI \-X \ authzID\ \fR|
+.BI "\-o \ authzDN=" DN\fR]
+[\c
+.IR attr [\fB/\fI access ][\fB:\fI value ]]\fR\ [...]
.LP
.SH DESCRIPTION
.LP
@@ -28,9 +39,9 @@ directives defined in its configuration.
It opens the
.BR slapd.conf (5)
configuration file or the
-.BR slapd-config (5)
+.BR slapd\-config (5)
backend, reads in the
-.B access/olcAccess
+.BR access / olcAccess
directives, and then parses the
.B attr
list given on the command-line; if none is given, access to the
@@ -39,39 +50,41 @@ pseudo-attribute is tested.
.LP
.SH OPTIONS
.TP
-.BI \-b " DN"
+.BI \-b \ DN
specify the
-.B DN
+.I DN
which access is requested to; the corresponding entry is fetched
from the database, and thus it must exist.
-The DN is also used to determine what rules apply; thus, it must be
+The
+.I DN
+is also used to determine what rules apply; thus, it must be
in the naming context of a configured database. See also
.BR \-u .
.TP
-.BI \-d " level"
+.BI \-d \ debug-level
enable debugging messages as defined by the specified
-.IR level ;
+.IR debug-level ;
see
.BR slapd (8)
for details.
.TP
-.BI \-D " authcDN"
+.BI \-D \ authcDN
specify a DN to be used as identity through the test session
when selecting appropriate
.B <by>
clauses in access lists.
.TP
-.BI \-f " slapd.conf"
+.BI \-f \ slapd.conf
specify an alternative
.BR slapd.conf (5)
file.
.TP
-.BI \-F " confdir"
+.BI \-F \ confdir
specify a config directory.
If both
-.B -f
+.B \-f
and
-.B -F
+.B \-F
are specified, the config file will be read and converted to
config directory format and written to the specified directory.
If neither option is specified, an attempt to read the
@@ -79,17 +92,17 @@ default config directory will be made before trying to use the default
config file. If a valid config directory exists then the
default config file is ignored.
.TP
-.BI \-o " option[=value]"
+.BI \-o \ option\fR[ = value\fR]
Specify an
-.BR option
+.I option
with a(n optional)
-.BR value .
+.IR value .
Possible generic options/values are:
.LP
.nf
syslog=<subsystems> (see `\-s' in slapd(8))
- syslog-level=<level> (see `\-S' in slapd(8))
- syslog-user=<user> (see `\-l' in slapd(8))
+ syslog\-level=<level> (see `\-S' in slapd(8))
+ syslog\-user=<user> (see `\-l' in slapd(8))
.fi
.RS
@@ -118,26 +131,29 @@ for details.
.TP
.BI \-u
do not fetch the entry from the database.
-In this case, if the entry does not exist, a fake entry with the DN
+In this case, if the entry does not exist, a fake entry with the
+.I DN
given with the
.B \-b
option is used, with no attributes.
As a consequence, those rules that depend on the contents
of the target object will not behave as with the real object.
-The DN given with the
+The
+.I DN
+given with the
.B \-b
option is still used to select what rules apply; thus, it must be
in the naming context of a configured database.
See also
.BR \-b .
.TP
-.BI \-U " authcID"
+.BI \-U \ authcID
specify an ID to be mapped to a
.B DN
as by means of
-.B authz-regexp
+.B authz\-regexp
or
-.B authz-rewrite
+.B authz\-rewrite
rules (see
.BR slapd.conf (5)
for details); mutually exclusive with
@@ -146,23 +162,23 @@ for details); mutually exclusive with
.B \-v
enable verbose mode.
.TP
-.BI \-X " authzID"
+.BI \-X \ authzID
specify an authorization ID to be mapped to a
.B DN
as by means of
-.B authz-regexp
+.B authz\-regexp
or
-.B authz-rewrite
+.B authz\-rewrite
rules (see
.BR slapd.conf (5)
-for details); mutually exclusive with \fB\-o\fP \fIauthzDN=DN\fP.
+for details); mutually exclusive with \fB\-o\fP \fBauthzDN=\fIDN\fR.
.SH EXAMPLES
The command
.LP
.nf
.ft tt
- SBINDIR/slapacl -f ETCDIR/slapd.conf -v \\
- -U bjorn -b "o=University of Michigan,c=US" \\
+ SBINDIR/slapacl \-f ETCDIR/slapd.conf \-v \\
+ \-U bjorn \-b "o=University of Michigan,c=US" \\
"o/read:University of Michigan"
.ft
@@ -178,8 +194,8 @@ at
level.
.SH "SEE ALSO"
.BR ldap (3),
-.BR slapd (8)
-.BR slaptest (8)
+.BR slapd (8),
+.BR slaptest (8),
.BR slapauth (8)
.LP
"OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)
diff --git a/doc/man/man8/slapadd.8 b/doc/man/man8/slapadd.8
index 8f1c47fdbb..f92cdf9d97 100644
--- a/doc/man/man8/slapadd.8
+++ b/doc/man/man8/slapadd.8
@@ -6,22 +6,38 @@
slapadd \- Add entries to a SLAPD database
.SH SYNOPSIS
.B SBINDIR/slapadd
-.B [\-b suffix]
-.B [\-c]
-.B [\-d level]
-.B [\-f slapd.conf]
-.B [\-F confdir]
-.B [\-g]
-.B [\-j lineno]
-.B [\-l ldif-file]
-.B [\-n dbnum]
-.B [\-o name[=value]]
-.B [\-q]
-.B [\-s]
-.B [\-S SID]
-.B [\-u]
-.B [\-v]
-.B [\-w]
+[\c
+.BI \-b \ suffix\fR]
+[\c
+.BR \-c ]
+[\c
+.BI \-d \ debug-level\fR]
+[\c
+.BI \-f \ slapd.conf\fR]
+[\c
+.BI \-F \ confdir\fR]
+[\c
+.BR \-g ]
+[\c
+.BI \-j \ lineno\fR]
+[\c
+.BI \-l \ ldif-file\fR]
+[\c
+.BI \-n \ dbnum\fR]
+[\c
+.BI \-o \ option\fR[ = value\fR]]
+[\c
+.BR \-q ]
+[\c
+.BR \-s ]
+[\c
+.BI \-S \ SID\fR]
+[\c
+.BR \-u ]
+[\c
+.BR \-v ]
+[\c
+.BR \-w ]
.SH DESCRIPTION
.LP
.B Slapadd
@@ -34,7 +50,7 @@ suffix and adds entries corresponding to the provided LDIF to
the database.
Databases configured as
.B subordinate
-of this one are also updated, unless \fB-g\fP is specified.
+of this one are also updated, unless \fB\-g\fP is specified.
The LDIF input is read from standard input or the specified file.
All files eventually created by
@@ -53,9 +69,9 @@ or change file ownership before running
.BR slapd (8).
.SH OPTIONS
.TP
-.BI \-b " suffix"
+.BI \-b \ suffix
Use the specified \fIsuffix\fR to determine which database to
-add entries to. The \-b cannot be used in conjunction
+add entries to. The \fB\-b\fP cannot be used in conjunction
with the
.B \-n
option.
@@ -63,69 +79,69 @@ option.
.B \-c
enable continue (ignore errors) mode.
.TP
-.BI \-d " level"
+.BI \-d \ debug-level
enable debugging messages as defined by the specified
-.IR level ;
+.IR debug-level ;
see
.BR slapd (8)
for details.
.TP
-.BI \-f " slapd.conf"
+.BI \-f \ slapd.conf
specify an alternative
.BR slapd.conf (5)
file.
.TP
-.BI \-F " confdir"
+.BI \-F \ confdir
specify a config directory.
If both
-.B -f
+.B \-f
and
-.B -F
+.B \-F
are specified, the config file will be read and converted to
config directory format and written to the specified directory.
If neither option is specified, an attempt to read the
default config directory will be made before trying to use the default
config file. If a valid config directory exists then the
-default config file is ignored. If dryrun mode is also specified,
+default config file is ignored. If dry-run mode is also specified,
no conversion will occur.
.TP
.B \-g
disable subordinate gluing. Only the specified database will be
processed, and not its glued subordinates (if any).
.TP
-.BI \-j " lineno"
+.BI \-j \ lineno
Jump to the specified line number in the LDIF file before processing
any entries. This allows a load that was aborted due to errors in the
input LDIF to be resumed after the errors are corrected.
.TP
-.BI \-l " ldif-file"
+.BI \-l \ ldif-file
Read LDIF from the specified file instead of standard input.
.TP
-.BI \-n " dbnum"
-Add entries to the \fIdbnum\fR\-th database listed in the
+.BI \-n \ dbnum
+Add entries to the \fIdbnum\fR-th database listed in the
configuration file. The
.B \-n
cannot be used in conjunction with the
.B \-b
option.
To populate the config database
-.BR slapd-config (5),
+.BR slapd\-config (5),
use
.B \-n 0
as it is always the first database. It must physically exist
on the filesystem prior to this, however.
.TP
-.BI \-o " option[=value]"
+.BI \-o \ option\fR[ = value\fR]
Specify an
-.BR option
+.I option
with a(n optional)
-.BR value .
+.IR value .
Possible generic options/values are:
.LP
.nf
syslog=<subsystems> (see `\-s' in slapd(8))
- syslog-level=<level> (see `\-S' in slapd(8))
- syslog-user=<user> (see `\-l' in slapd(8))
+ syslog\-level=<level> (see `\-S' in slapd(8))
+ syslog\-user=<user> (see `\-l' in slapd(8))
.fi
.TP
@@ -135,15 +151,15 @@ on the input data, and no consistency checks when writing the database.
Improves the load time but if any errors or interruptions occur the resulting
database will be unusable.
.TP
-.B -s
+.B \-s
disable schema checking. This option is intended to be used when loading
databases containing special objects, such as fractional objects on a
partial replica. Loading normal objects which do not conform to
schema may result in unexpected and ill behavior.
.TP
-.B \-S " SID"
+.BI \-S \ SID
Server ID to use in generated entryCSN. Also used for contextCSN
-if `\-w' is set as well. Defaults to 0.
+if \fB\-w\fP is set as well. Defaults to \fB0\fP.
.TP
.B \-u
enable dry-run (don't write to backend) mode.
@@ -175,7 +191,7 @@ database give the command:
.LP
.nf
.ft tt
- SBINDIR/slapadd -l ldif
+ SBINDIR/slapadd \-l ldif
.ft
.fi
.SH "SEE ALSO"
diff --git a/doc/man/man8/slapauth.8 b/doc/man/man8/slapauth.8
index 6b164b161e..d4f10c2f4f 100644
--- a/doc/man/man8/slapauth.8
+++ b/doc/man/man8/slapauth.8
@@ -6,16 +6,25 @@
slapauth \- Check a list of string-represented IDs for LDAP authc/authz
.SH SYNOPSIS
.B SBINDIR/slapauth
-.B [\-d level]
-.B [\-f slapd.conf]
-.B [\-F confdir]
-.B [\-M mech]
-.B [\-o name[=value]]
-.B [\-R realm]
-.B [\-U authcID]
-.B [\-v]
-.B [\-X authzID]
-.B ID [...]
+[\c
+.BI \-d \ debug-level\fR]
+[\c
+.BI \-f \ slapd.conf\fR]
+[\c
+.BI \-F \ confdir\fR]
+[\c
+.BI \-M \ mech\fR]
+[\c
+.BI \-o \ option\fR[ = value\fR]]
+[\c
+.BI \-R \ realm\fR]
+[\c
+.BI \-U \ authcID\fR]
+[\c
+.BR \-v ]
+[\c
+.BI \-X \ authzID\fR]
+.IR ID \ [ ... ]
.LP
.SH DESCRIPTION
.LP
@@ -26,35 +35,35 @@ for authentication and authorization purposes, as specified in
It opens the
.BR slapd.conf (5)
configuration file or the
-.BR slapd-config (5)
+.BR slapd\-config (5)
backend, reads in the
-.B authz-policy/olcAuthzPolicy
+.BR authz\-policy / olcAuthzPolicy
and
-.B authz-regexp/olcAuthzRegexp
+.BR authz\-regexp / olcAuthzRegexp
directives, and then parses the
-.B ID
+.I ID
list given on the command-line.
.LP
.SH OPTIONS
.TP
-.BI \-d " level"
+.BI \-d \ debug-level
enable debugging messages as defined by the specified
-.IR level ;
+.IR debug-level ;
see
.BR slapd (8)
for details.
.TP
-.BI \-f " slapd.conf"
+.BI \-f \ slapd.conf
specify an alternative
.BR slapd.conf (5)
file.
.TP
-.BI \-F " confdir"
+.BI \-F \ confdir
specify a config directory.
If both
-.B -f
+.B \-f
and
-.B -F
+.B \-F
are specified, the config file will be read and converted to
config directory format and written to the specified directory.
If neither option is specified, an attempt to read the
@@ -62,43 +71,43 @@ default config directory will be made before trying to use the default
config file. If a valid config directory exists then the
default config file is ignored.
.TP
-.BI \-M " mech"
+.BI \-M \ mech
specify a mechanism.
.TP
-.BI \-o " option[=value]"
+.BI \-o \ option\fR[ = value\fR]
Specify an
-.BR option
+.I option
with a(n optional)
-.BR value .
+.IR value .
Possible generic options/values are:
.LP
.nf
syslog=<subsystems> (see `\-s' in slapd(8))
- syslog-level=<level> (see `\-S' in slapd(8))
- syslog-user=<user> (see `\-l' in slapd(8))
+ syslog\-level=<level> (see `\-S' in slapd(8))
+ syslog\-user=<user> (see `\-l' in slapd(8))
.fi
.TP
-.BI \-R " realm"
+.BI \-R \ realm
specify a realm.
.TP
-.BI \-U " authcID"
+.BI \-U \ authcID
specify an ID to be used as
.I authcID
throughout the test session.
If present, and if no
-.B authzID
+.I authzID
is given, the IDs in the ID list are treated as
-.BR authzID .
+.IR authzID .
.TP
-.BI \-X " authzID"
+.BI \-X \ authzID
specify an ID to be used as
.I authzID
throughout the test session.
If present, and if no
-.B authcID
+.I authcID
is given, the IDs in the ID list are treated as
-.BR authcID .
+.IR authcID .
If both
.I authcID
and
@@ -112,8 +121,8 @@ The command
.LP
.nf
.ft tt
- SBINDIR/slapauth -f /ETCDIR/slapd.conf -v \\
- -U bjorn -X u:bjensen
+ SBINDIR/slapauth \-f /ETCDIR/slapd.conf \-v \\
+ \-U bjorn \-X u:bjensen
.ft
.fi
@@ -125,8 +134,8 @@ provided the directives
.LP
.nf
.ft tt
- authz-policy from
- authz-regexp "^uid=([^,]+).*,cn=auth$"
+ authz\-policy from
+ authz\-regexp "^uid=([^,]+).*,cn=auth$"
"ldap:///dc=example,dc=net??sub?uid=$1"
.ft
@@ -135,7 +144,7 @@ are defined in
.BR slapd.conf (5).
.SH "SEE ALSO"
.BR ldap (3),
-.BR slapd (8)
+.BR slapd (8),
.BR slaptest (8)
.LP
"OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)
diff --git a/doc/man/man8/slapcat.8 b/doc/man/man8/slapcat.8
index 11bd8bdef7..14cf3b48d4 100644
--- a/doc/man/man8/slapcat.8
+++ b/doc/man/man8/slapcat.8
@@ -6,19 +6,30 @@
slapcat \- SLAPD database to LDIF utility
.SH SYNOPSIS
.B SBINDIR/slapcat
-.B [\-a filter]
-.B [\-b suffix]
-.B [\-c]
-.B [\-d level]
-.B [\-f slapd.conf]
-.B [\-F confdir]
-.B [\-g]
-.B [\-l ldif-file]
-.B [\-n dbnum]
-.B [\-o name[=value]]
-.B [\-s subtree-dn]
-.B [\-v]
-.B
+[\c
+.BI \-a filter\fR]
+[\c
+.BI \-b suffix\fR]
+[\c
+.BR \-c ]
+[\c
+.BI \-d debug-level\fR]
+[\c
+.BI \-f slapd.conf\fR]
+[\c
+.BI \-F confdir\fR]
+[\c
+.BR \-g ]
+[\c
+.BI \-l ldif-file\fR]
+[\c
+.BI \-n dbnum\fR]
+[\c
+.BI \-o option\fR[ = value\fR]]
+[\c
+.BI \-s subtree-dn\fR]
+[\c
+.BR \-v ]
.LP
.SH DESCRIPTION
.LP
@@ -32,7 +43,7 @@ suffix and writes the corresponding LDIF to standard output or
the specified file.
Databases configured as
.B subordinate
-of this one are also output, unless \fB-g\fP is specified.
+of this one are also output, unless \fB\-g\fP is specified.
.LP
The entry records are presented in database order, not superior first
order. The entry records will include all (user and operational)
@@ -49,19 +60,19 @@ into superior first order and removing no-user-modification
operational attributes.
.SH OPTIONS
.TP
-.BI \-a " filter"
+.BI \-a \ filter
Only dump entries matching the asserted filter.
For example
-slapcat -a \\
+slapcat \-a \\
"(!(entryDN:dnSubtreeMatch:=ou=People,dc=example,dc=com))"
will dump all but the "ou=People,dc=example,dc=com" subtree
of the "dc=example,dc=com" database.
.TP
-.BI \-b " suffix"
+.BI \-b \ suffix
Use the specified \fIsuffix\fR to determine which database to
-generate output for. The \-b cannot be used in conjunction
+generate output for. The \fB\-b\fP cannot be used in conjunction
with the
.B \-n
option.
@@ -69,24 +80,24 @@ option.
.B \-c
Enable continue (ignore errors) mode.
.TP
-.BI \-d " level"
+.BI \-d \ debug-level
Enable debugging messages as defined by the specified
-.IR level ;
+.IR debug-level ;
see
.BR slapd (8)
for details.
.TP
-.BI \-f " slapd.conf"
+.BI \-f \ slapd.conf
Specify an alternative
.BR slapd.conf (5)
file.
.TP
-.BI \-F " confdir"
+.BI \-F \ confdir
specify a config directory.
If both
-.B -f
+.B \-f
and
-.B -F
+.B \-F
are specified, the config file will be read and converted to
config directory format and written to the specified directory.
If neither option is specified, an attempt to read the
@@ -98,13 +109,13 @@ default config file is ignored.
disable subordinate gluing. Only the specified database will be
processed, and not its glued subordinates (if any).
.TP
-.BI \-l " ldif-file"
+.BI \-l \ ldif-file
Write LDIF to specified file instead of standard output.
.TP
-.BI \-n " dbnum"
-Generate output for the \fIdbnum\fR\-th database listed in the
+.BI \-n \ dbnum
+Generate output for the \fIdbnum\fR-th database listed in the
configuration file. The config database
-.BR slapd-config (5),
+.BR slapd\-config (5),
is always the first database, so use
.B \-n 0
@@ -114,23 +125,23 @@ cannot be used in conjunction with the
.B \-b
option.
.TP
-.BI \-o " option[=value]"
+.BI \-o \ option\fR[ = value\fR]
Specify an
-.BR option
+.I option
with a(n optional)
-.BR value .
+.IR value .
Possible generic options/values are:
.LP
.nf
syslog=<subsystems> (see `\-s' in slapd(8))
- syslog-level=<level> (see `\-S' in slapd(8))
- syslog-user=<user> (see `\-l' in slapd(8))
+ syslog\-level=<level> (see `\-S' in slapd(8))
+ syslog\-user=<user> (see `\-l' in slapd(8))
.fi
.TP
-.BI \-s " subtree-dn"
+.BI \-s \ subtree-dn
Only dump entries in the subtree specified by this DN.
-Implies `-b subtree-dn' if no
+Implies \fB\-b\fP \fIsubtree-dn\fP if no
.B \-b
or
.B \-n
@@ -146,10 +157,10 @@ mode) when you do this to ensure consistency of the database. It is
always safe to run
.B slapcat
with the
-.BR slapd-bdb (5),
-.BR slapd-hdb (5),
+.BR slapd\-bdb (5),
+.BR slapd\-hdb (5),
and
-.BR slapd-null (5)
+.BR slapd\-null (5)
backends.
.SH EXAMPLES
To make a text backup of your SLAPD database and put it in a file called
@@ -158,7 +169,7 @@ give the command:
.LP
.nf
.ft tt
- SBINDIR/slapcat -l ldif
+ SBINDIR/slapcat \-l ldif
.ft
.fi
.SH "SEE ALSO"
diff --git a/doc/man/man8/slapd.8 b/doc/man/man8/slapd.8
index 1e2c555a0c..e51b45a6a6 100644
--- a/doc/man/man8/slapd.8
+++ b/doc/man/man8/slapd.8
@@ -6,22 +6,40 @@
slapd \- Stand-alone LDAP Daemon
.SH SYNOPSIS
.B LIBEXECDIR/slapd
-.B [\-[4|6]]
-.B [\-T {acl|add|auth|cat|dn|index|passwd|test}]
-.B [\-d debug\-level]
-.B [\-f slapd\-config\-file]
-.B [\-F slapd\-config\-directory]
-.B [\-h URLs]
-.B [\-n service\-name] [\-s syslog\-level] [\-l syslog\-local\-user]
-.B [\-o option[=value]]
-.B [\-r directory]
-.B [\-u user] [\-g group]
-.B [\-c cookie]
+[\c
+.BR \-4 | \-6 ]
+[\c
+.BR \-T \ { acl \||\| a [ dd ]\||\| auth \||\| c [ at ]\||\|
+.BR d [ n ]\||\| i [ ndex ]\||\| p [ asswd ]\||\| s [ chema ]\||\| t [ est ]}]
+[\c
+.BI \-d \ debug-level\fR]
+[\c
+.BI \-f \ slapd-config-file\fR]
+[\c
+.BI \-F \ slapd-config-directory\fR]
+[\c
+.BI \-h \ URLs\fR]
+[\c
+.BI \-n \ service-name\fR]
+[\c
+.BI \-s \ syslog-level\fR]
+[\c
+.BI \-l \ syslog-local-user\fR]
+[\c
+.BI \-o \ option\fR[ = value\fR]]
+[\c
+.BI \-r \ directory\fR]
+[\c
+.BI \-u \ user\fR]
+[\c
+.BI \-g \ group\fR]
+[\c
+.BI \-c \ cookie\fR]
.SH DESCRIPTION
.LP
.B Slapd
is the stand-alone LDAP daemon. It listens for LDAP connections on
-any number of ports (default 389), responding
+any number of ports (default \fB389\fP), responding
to the LDAP operations it receives over these connections.
.B slapd
is typically invoked at boot time, usually out of
@@ -56,56 +74,66 @@ Listen on IPv4 addresses only.
.B \-6
Listen on IPv6 addresses only.
.TP
-.B \-T {a|c|d|i|p|t|acl|auth}
-Run in Tool mode. The additional argument selects whether to run as
-slapadd, slapcat, slapdn, slapindex, slappasswd, or slaptest
-(slapacl and slapauth need the entire "\fIacl\fP" and "\fIauth\fP"
-option value to be spelled out, as "\fIa\fP" is reserved to
-.BR slapadd ).
+.BI \-T \ tool
+Run in Tool mode. The \fItool\fP argument selects whether to run as
+.IR slapadd ,
+.IR slapcat ,
+.IR slapdn ,
+.IR slapindex ,
+.IR slappasswd ,
+.IR slapschema ,
+or
+.I slaptest
+(\fIslapacl\fP and \fIslapauth\fP need the entire \fBacl\fP and \fBauth\fP
+option value to be spelled out, as \fBa\fP is reserved to
+.IR slapadd ).
This option should be the first option specified when it is used;
any remaining options will be interpreted by the corresponding
slap tool program, according to the respective man pages.
-Note that these tool programs will usually be symbolic links to slapd.
+Note that these tool programs will usually be symbolic links to
+.BR slapd .
This option is provided for situations where symbolic links
are not provided or not usable.
.TP
-.BI \-d " debug\-level"
+.BI \-d \ debug-level
Turn on debugging as defined by
-.IR debug\-level .
+.IR debug-level .
If this option is specified, even with a zero argument,
.B slapd
will not fork or disassociate from the invoking terminal. Some general
-operation and status messages are printed for any value of \fIdebug\-level\fP.
-\fIdebug\-level\fP is taken as a bit string, with each bit corresponding to a
+operation and status messages are printed for any value of \fIdebug-level\fP.
+\fIdebug-level\fP is taken as a bit string, with each bit corresponding to a
different kind of debugging information. See <ldap_log.h> for details.
Comma-separated arrays of friendly names can be specified to select
debugging output of the corresponding debugging information.
All the names recognized by the \fIloglevel\fP directive
described in \fBslapd.conf\fP(5) are supported.
-If \fIdebug\-level\fP is \fB?\fP, a list of installed levels is printed,
+If \fIdebug-level\fP is \fB?\fP, a list of installed debug-levels is printed,
and slapd exits.
Remember that if you turn on packet logging, packets containing bind passwords
will be output, so if you redirect the log to a logfile, that file should
be read-protected.
.TP
-.BI \-s " syslog\-level"
+.BI \-s \ syslog-level
This option tells
.B slapd
-at what level debugging statements should be logged to the
+at what debug-level debugging statements should be logged to the
.BR syslog (8)
facility.
-The value "syslog\-level" can be set to any value or combination
-allowed by the "-d" switch.
-Slapd logs all messages selected by "syslog\-level"
-at the syslog(3) severity level "DEBUG",
-on the unit specified with "-l".
+The value \fIsyslog-level\fP can be set to any value or combination
+allowed by the \fB\-d\fP switch.
+Slapd logs all messages selected by \fIsyslog-leveli\fP
+at the
+.BR syslog (3)
+severity debug-level \fBDEBUG\fP,
+on the unit specified with \fB\-l\fP.
.TP
-.BI \-n " service\-name"
+.BI \-n \ service-name
Specifies the service name for logging and other purposes. Defaults
to basename of argv[0], i.e.: "slapd".
.TP
-.BI \-l " syslog\-local\-user"
+.BI \-l \ syslog-local-user
Selects the local user of the
.BR syslog (8)
facility. Value can be
@@ -122,19 +150,19 @@ However, this option is only permitted on systems that support
local users with the
.BR syslog (8)
facility.
-Logging to syslog(8) occurs at the "DEBUG" severity level.
+Logging to syslog(8) occurs at the "DEBUG" severity debug-level.
.TP
-.BI \-f " slapd\-config\-file"
+.BI \-f \ slapd-config-file
Specifies the slapd configuration file. The default is
.BR ETCDIR/slapd.conf .
.TP
-.BI \-F " slapd\-config\-directory"
+.BI \-F \ slapd-config-directory
Specifies the slapd configuration directory. The default is
.BR ETCDIR/slapd.d .
If both
-.B -f
+.B \-f
and
-.B -F
+.B \-F
are specified, the config file will be read and converted to
config directory format and written to the specified directory.
If neither option is specified, slapd will attempt to read the
@@ -143,12 +171,12 @@ config file. If a valid config directory exists then the
default config file is ignored. All of the slap tools that
use the config options observe this same behavior.
.TP
-.BI \-h " URLlist"
+.BI \-h \ URLlist
.B slapd
will by default serve
.B ldap:///
(LDAP over TCP on all interfaces on default LDAP port). That is,
-it will bind using INADDR_ANY and port 389.
+it will bind using INADDR_ANY and port \fB389\fP.
The
.B \-h
option may be used to specify LDAP (and other scheme) URLs to serve.
@@ -162,26 +190,26 @@ the LDAP, LDAPS, or LDAPI schemes, and generally
without a DN or other optional parameters (excepting as discussed below).
Support for the latter two schemes depends on selected configuration
options. Hosts may be specified by name or IPv4 and IPv6 address formats.
-Ports, if specified, must be numeric. The default ldap:// port is 389
-and the default ldaps:// port is 636.
+Ports, if specified, must be numeric. The default ldap:// port is \fB389\fP
+and the default ldaps:// port is \fB636\fP.
The listener permissions are indicated by
-"x-mod=-rwxrwxrwx", "x-mod=0777" or "x-mod=777", where any
-of the "rwx" can be "-" to suppress the related permission, while any
+"x\-mod=\-rwxrwxrwx", "x\-mod=0777" or "x\-mod=777", where any
+of the "rwx" can be "\-" to suppress the related permission, while any
of the "7" can be any legal octal digit, according to chmod(1).
-The listeners can take advantage of the "x-mod"
+The listeners can take advantage of the "x\-mod"
extension to apply rough limitations to operations, e.g. allow read operations
("r", which applies to search and compare), write operations ("w",
which applies to add, delete, modify and modrdn), and execute operations
("x", which means bind is required).
"User" permissions apply to authenticated users, while "other" apply
to anonymous users; "group" permissions are ignored.
-For example, "ldap:///????x-mod=-rw-------" means that read and write is only allowed
+For example, "ldap:///????x\-mod=\-rw\-\-\-\-\-\-\-" means that read and write is only allowed
for authenticated connections, and bind is required for all operations.
This feature is experimental, and requires to be manually enabled
at configure time.
.TP
-.BI \-r " directory"
+.BI \-r \ directory
Specifies a directory to become the root directory. slapd will
change the current working directory to this directory and
then
@@ -189,31 +217,31 @@ then
to this directory. This is done after opening listeners but before
reading any configuration file or initializing any backend. When
used as a security mechanism, it should be used in conjunction with
-.B -u
+.B \-u
and
-.B -g
+.B \-g
options.
.TP
-.BI \-u " user"
+.BI \-u \ user
.B slapd
will run slapd with the specified user name or id, and that user's
supplementary group access list as set with initgroups(3). The group ID
-is also changed to this user's gid, unless the -g option is used to
+is also changed to this user's gid, unless the \fB\-g\fP option is used to
override. Note when used with
-.BR -r ,
+.BR \-r ,
slapd will use the user database in the change root environment.
Note that on some systems, running as a non-privileged user will prevent
passwd back-ends from accessing the encrypted passwords. Note also that
any shell back-ends will run as the specified non-privileged user.
.TP
-.BI \-g " group"
+.BI \-g \ group
.B slapd
will run with the specified group name or id. Note when used with
-.BR -r ,
+.BR \-r ,
slapd will use the group database in the change root environment.
.TP
-.BI \-c " cookie"
+.BI \-c \ cookie
This option provides a cookie for the syncrepl replication consumer.
The cookie is a comma separated list of \fIname=value\fP pairs.
Currently supported syncrepl cookie fields are
@@ -226,7 +254,7 @@ identifies a replication thread within the consumer server
and is used to find the syncrepl specification in
.BR slapd.conf (5)
or
-.BR slapd-config (5)
+.BR slapd\-config (5)
having the matching replication identifier in its definition. The
.B rid
must be provided in order for any other specified values to be used.
@@ -244,23 +272,21 @@ Use only the
.B rid
part to force a full reload.
.TP
-.BI \-o " option[=value]"
+.BI \-o \ option\fR[ = value\fR]
This option provides a generic means to specify options without the need to reserve
a separate letter for them.
It supports the following options:
.RS
.TP
-slp={\fBon\fP|\fBoff\fP|\fIslp\-attrs\fP}
-When SLP support is compiled into slapd, disable it (
-.B off
-), enable it by registering at SLP DAs without specific SLP attributes (
-.B on
-), or with specific SLP attributes
-.I slp\-attrs
+.BR slp= { on \||\| off \||\| \fIslp-attrs\fP }
+When SLP support is compiled into slapd, disable it (\fBoff\fP),
+ enable it by registering at SLP DAs without specific SLP attributes (\fBon\fP),
+or with specific SLP attributes
+.I slp-attrs
that must be an SLP attribute list definition according to the SLP standard.
-For example, "-o slp=(tree=production),(server-type=OpenLDAP),(server-version=2.3.20)"
+For example, \fB"slp=(tree=production),(server-type=OpenLDAP),(server\-version=2.4.15)"\fP
registers at SLP DAs with the three SLP attributes tree, server-type and server-version
that have the values given above.
This allows to specifically query the SLP DAs for LDAP servers holding the
@@ -286,7 +312,7 @@ on voluminous debugging which will be printed on standard error, type:
.LP
.nf
.ft tt
- LIBEXECDIR/slapd -f /var/tmp/slapd.conf -d 255
+ LIBEXECDIR/slapd \-f /var/tmp/slapd.conf \-d 255
.ft
.fi
.LP
@@ -294,7 +320,7 @@ To test whether the configuration file is correct or not, type:
.LP
.nf
.ft tt
- LIBEXECDIR/slapd -Tt
+ LIBEXECDIR/slapd \-Tt
.ft
.fi
.LP
@@ -310,6 +336,7 @@ To test whether the configuration file is correct or not, type:
.BR slapdn (8),
.BR slapindex (8),
.BR slappasswd (8),
+.BR slapschema (8),
.BR slaptest (8).
.LP
"OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)
diff --git a/doc/man/man8/slapdn.8 b/doc/man/man8/slapdn.8
index 97e70ab20f..3dca05ac05 100644
--- a/doc/man/man8/slapdn.8
+++ b/doc/man/man8/slapdn.8
@@ -6,13 +6,19 @@
slapdn \- Check a list of string-represented LDAP DNs based on schema syntax
.SH SYNOPSIS
.B SBINDIR/slapdn
-.B [\-d level]
-.B [\-f slapd.conf]
-.B [\-F confdir]
-.B [\-N | \-P]
-.B [\-o name[=value]]
-.B [\-v]
-.B DN [...]
+[\c
+.BI \-d \ debug-level\fR]
+[\c
+.BI \-f \ slapd.conf\fR]
+[\c
+.BI \-F \ confdir\fR]
+[\c
+.BR \-N | \-P ]
+[\c
+.BI \-o \ option\fR[ = value\fR]]
+[\c
+.BR \-v ]
+.IR DN \ [...]
.LP
.SH DESCRIPTION
.LP
@@ -24,31 +30,31 @@ and that loaded via
.BR slapd.conf (5).
It opens the
.BR slapd.conf (5)
-configuration file or the slapd-config (5) backend, reads in the schema definitions, and then
+configuration file or the slapd\-config (5) backend, reads in the schema definitions, and then
parses the
-.B DN
+.I DN
list given on the command-line.
.LP
.SH OPTIONS
.TP
-.BI \-d " level"
+.BI \-d \ debug-level
enable debugging messages as defined by the specified
-.IR level ;
+.IR debug-level ;
see
.BR slapd (8)
for details.
.TP
-.BI \-f " slapd.conf"
+.BI \-f \ slapd.conf
specify an alternative
.BR slapd.conf (5)
file.
.TP
-.BI \-F " confdir"
+.BI \-F \ confdir
specify a config directory.
If both
-.B -f
+.B \-f
and
-.B -F
+.B \-F
are specified, the config file will be read and converted to
config directory format and written to the specified directory.
If neither option is specified, an attempt to read the
@@ -57,26 +63,26 @@ config file. If a valid config directory exists then the
default config file is ignored.
.TP
.BI \-N
-only output a normalized form of the DN, suitable to be used
+only output a normalized form of the \fIDN\fP, suitable to be used
in a normalization tool; incompatible with
.BR \-P .
.TP
-.BI \-o " option[=value]"
+.BI \-o \ option\fR[ = value\fR]
Specify an
-.BR option
+.I option
with a(n optional)
-.BR value .
+.IR value .
Possible generic options/values are:
.LP
.nf
syslog=<subsystems> (see `\-s' in slapd(8))
- syslog-level=<level> (see `\-S' in slapd(8))
- syslog-user=<user> (see `\-l' in slapd(8))
+ syslog\-level=<level> (see `\-S' in slapd(8))
+ syslog\-user=<user> (see `\-l' in slapd(8))
.fi
.TP
.BI \-P
-only output a prettified form of the DN, suitable to be used
+only output a prettified form of the \fIDN\fP, suitable to be used
in a check and beautification tool; incompatible with
.BR \-N .
.TP
@@ -89,12 +95,12 @@ give the command:
.LP
.nf
.ft tt
- SBINDIR/slapdn -f /ETCDIR/slapd.conf -v DN
+ SBINDIR/slapdn \-f /ETCDIR/slapd.conf \-v DN
.ft
.fi
.SH "SEE ALSO"
.BR ldap (3),
-.BR slapd (8)
+.BR slapd (8),
.BR slaptest (8)
.LP
"OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)
diff --git a/doc/man/man8/slapindex.8 b/doc/man/man8/slapindex.8
index ff83baef44..72965d444b 100644
--- a/doc/man/man8/slapindex.8
+++ b/doc/man/man8/slapindex.8
@@ -6,18 +6,30 @@
slapindex \- Reindex entries in a SLAPD database
.SH SYNOPSIS
.B SBINDIR/slapindex
-.B [\-b suffix]
-.B [\-c]
-.B [\-d level]
-.B [\-f slapd.conf]
-.B [\-F confdir]
-.B [\-g]
-.B [\-n dbnum]
-.B [\-o name[=value]]
-.B [\-q]
-.B [\-t]
-.B [\-v]
-.B [attr] [...]
+[\c
+.BI \-b \ suffix\fR]
+[\c
+.BR \-c ]
+[\c
+.BI \-d \ debug-level\fR]
+[\c
+.BI \-f \ slapd.conf\fR]
+[\c
+.BI \-F \ confdir\fR]
+[\c
+.BR \-g ]
+[\c
+.BI \-n \ dbnum\fR]
+[\c
+.BI \-o \ option\fR[ = value\fR]]
+[\c
+.BR \-q ]
+[\c
+.BR \-t ]
+[\c
+.BR \-v ]
+[\c
+.IR attr [ ... ]]
.B
.LP
.SH DESCRIPTION
@@ -33,7 +45,7 @@ on the command line, only the indices for those attributes will
be regenerated.
Databases configured as
.B subordinate
-of this one are also re-indexed, unless \fB-g\fP is specified.
+of this one are also re-indexed, unless \fB\-g\fP is specified.
All files eventually created by
.BR slapindex
@@ -51,9 +63,9 @@ or change file ownership before running
.BR slapd (8).
.SH OPTIONS
.TP
-.BI \-b " suffix"
+.BI \-b \ suffix
Use the specified \fIsuffix\fR to determine which database to
-generate output for. The \-b cannot be used in conjunction
+generate output for. The \fB\-b\fP cannot be used in conjunction
with the
.B \-n
option.
@@ -61,24 +73,24 @@ option.
.B \-c
enable continue (ignore errors) mode.
.TP
-.BI \-d " level"
+.BI \-d \ debug-level
enable debugging messages as defined by the specified
-.IR level ;
+.IR debug-level ;
see
.BR slapd (8)
for details.
.TP
-.BI \-f " slapd.conf"
+.BI \-f \ slapd.conf
specify an alternative
.BR slapd.conf (5)
file.
.TP
-.BI \-F " confdir"
+.BI \-F \ confdir
specify a config directory.
If both
-.B -f
+.B \-f
and
-.B -F
+.B \-F
are specified, the config file will be read and converted to
config directory format and written to the specified directory.
If neither option is specified, an attempt to read the
@@ -90,10 +102,10 @@ default config file is ignored.
disable subordinate gluing. Only the specified database will be
processed, and not its glued subordinates (if any).
.TP
-.BI \-n " dbnum"
-Generate output for the \fIdbnum\fR\-th database listed in the
+.BI \-n \ dbnum
+Generate output for the \fIdbnum\fR-th database listed in the
configuration file. The config database
-.BR slapd-config (5),
+.BR slapd\-config (5),
is always the first database, so use
.B \-n 0
@@ -103,17 +115,17 @@ cannot be used in conjunction with the
.B \-b
option.
.TP
-.BI \-o " option[=value]"
+.BI \-o \ option\fR[ = value\fR]
Specify an
-.BR option
+.I option
with a(n optional)
-.BR value .
+.IR value .
Possible generic options/values are:
.LP
.nf
syslog=<subsystems> (see `\-s' in slapd(8))
- syslog-level=<level> (see `\-S' in slapd(8))
- syslog-user=<user> (see `\-l' in slapd(8))
+ syslog\-level=<level> (see `\-S' in slapd(8))
+ syslog\-user=<user> (see `\-l' in slapd(8))
.fi
.TP
diff --git a/doc/man/man8/slappasswd.8 b/doc/man/man8/slappasswd.8
index 13bc9789c6..ab205e51a2 100644
--- a/doc/man/man8/slappasswd.8
+++ b/doc/man/man8/slappasswd.8
@@ -6,12 +6,18 @@
slappasswd \- OpenLDAP password utility
.SH SYNOPSIS
.B SBINDIR/slappasswd
-.B [\-v]
-.B [\-u]
-.B [\-g|\-s secret|\-T file]
-.B [\-h hash]
-.B [\-c salt-format]
-.B [\-n]
+[\c
+.BR \-v ]
+[\c
+.BR \-u ]
+[\c
+.BR \-g \||\| \-s \ \fIsecret\fR \||\| \fB\-T \ \fIfile\fR]
+[\c
+.BI \-h \ hash\fR]
+[\c
+.BI \-c \ salt-format\fR]
+[\c
+.BR \-n ]
.B
.LP
.SH DESCRIPTION
@@ -23,7 +29,7 @@ suitable for use with
.BR slapd.conf (5)
.I rootpw
configuration directive or the
-.BR slapd-config (5)
+.BR slapd\-config (5)
.I olcRootPW
configuration directive.
.
@@ -37,7 +43,7 @@ Generate RFC 2307 userPassword values (the default). Future
versions of this program may generate alternative syntaxes
by default. This option is provided for forward compatibility.
.TP
-.BI \-s " secret"
+.BI \-s \ secret
The secret to hash.
If this,
.B \-g
@@ -48,7 +54,7 @@ are absent, the user will be prompted for the secret to hash.
.B \-g
and
.B \-T
-and mutually exclusive flags.
+are mutually exclusive flags.
.TP
.BI \-g
Generate the secret.
@@ -61,7 +67,7 @@ are absent, the user will be prompted for the secret to hash.
.B \-g
and
.B \-T
-and mutually exclusive flags.
+are mutually exclusive flags.
If this is present,
.I {CLEARTEXT}
is used as scheme.
@@ -70,7 +76,7 @@ and
.B \-h
are mutually exclusive flags.
.TP
-.BI \-T " file"
+.BI \-T \ "file"
Hash the contents of the file.
If this,
.B \-g
@@ -83,16 +89,16 @@ and
.B \-T
and mutually exclusive flags.
.TP
-.BI \-h " scheme"
-If -h is specified, one of the following RFC 2307 schemes may
+.BI \-h \ "scheme"
+If \fB\-h\fP is specified, one of the following RFC 2307 schemes may
be specified:
-.IR {CRYPT} ,
-.IR {MD5} ,
-.IR {SMD5} ,
-.IR {SSHA} ", and"
-.IR {SHA} .
+.BR {CRYPT} ,
+.BR {MD5} ,
+.BR {SMD5} ,
+.BR {SSHA} ", and"
+.BR {SHA} .
The default is
-.IR {SSHA} .
+.BR {SSHA} .
Note that scheme names may need to be protected, due to
.B {
@@ -119,22 +125,31 @@ indicates that the new password should be added to userPassword as
clear text.
Unless
.I {CLEARTEXT}
-is used, this flag is incompatible with
+is used, this flag is incompatible with option
.BR \-g .
.TP
-.BI \-c " crypt-salt-format"
+.BI \-c \ crypt-salt-format
Specify the format of the salt passed to
.BR crypt (3)
when generating {CRYPT} passwords.
This string needs to be in
.BR sprintf (3)
-format and may include one (and only one) %s conversion.
-This conversion will be substituted with a string random
-characters from [A\-Za\-z0\-9./]. For example, '%.2s'
-provides a two character salt and '$1$%.8s' tells some
-versions of crypt(3) to use an MD5 algorithm and provides
-8 random characters of salt. The default is '%s', which
-provides 31 characters of salt.
+format and may include one (and only one)
+.B %s
+conversion.
+This conversion will be substituted with a string of random
+characters from [A\-Za\-z0\-9./]. For example,
+.RB ' %.2s '
+provides a two character salt and
+.RB ' $1$%.8s '
+tells some
+versions of
+.BR crypt (3)
+to use an MD5 algorithm and provides
+8 random characters of salt.
+The default is
+.RB ' %s ' ,
+which provides 31 characters of salt.
.TP
.BI \-n
Omit the trailing newline; useful to pipe the credentials
@@ -153,7 +168,7 @@ is platform specific.
.SH "SECURITY CONSIDERATIONS"
Use of hashed passwords does not protect passwords during
protocol transfer. TLS or other eavesdropping protections
-should be in\-place before using LDAP simple bind.
+should be in-place before using LDAP simple bind.
.LP
The hashed password values should be protected as if they
were clear text passwords.
@@ -163,8 +178,8 @@ were clear text passwords.
.BR slapd (8),
.BR slapd.conf (5),
.BR slapd\-config (5),
-.B RFC 2307
-.B RFC 4519
+.B RFC 2307\fP,
+.B RFC 4519\fP,
.B RFC 3112
.LP
"OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)
diff --git a/doc/man/man8/slapschema.8 b/doc/man/man8/slapschema.8
index 26ca7c73b7..040be52269 100644
--- a/doc/man/man8/slapschema.8
+++ b/doc/man/man8/slapschema.8
@@ -6,19 +6,30 @@
slapschema \- SLAPD in-database schema checking utility
.SH SYNOPSIS
.B SBINDIR/slapschema
-.B [\-a filter]
-.B [\-b suffix]
-.B [\-c]
-.B [\-d level]
-.B [\-f slapd.conf]
-.B [\-F confdir]
-.B [\-g]
-.B [\-l error-file]
-.B [\-n dbnum]
-.B [\-o name[=value]]
-.B [\-s subtree-dn]
-.B [\-v]
-.B
+[\c
+.BI \-a filter\fR]
+[\c
+.BI \-b suffix\fR]
+[\c
+.BR \-c ]
+[\c
+.BI \-d debug-level\fR]
+[\c
+.BI \-f slapd.conf\fR]
+[\c
+.BI \-F confdir\fR]
+[\c
+.BR \-g ]
+[\c
+.BI \-l error-file\fR]
+[\c
+.BI \-n dbnum\fR]
+[\c
+.BI \-o option\fR[ = value\FR]]
+[\c
+.BI \-s subtree-dn\fR]
+[\c
+.BR \-v ]
.LP
.SH DESCRIPTION
.LP
@@ -31,7 +42,7 @@ suffix and checks the compliance of its contents with the corresponding
schema. Errors are written to standard output or the specified file.
Databases configured as
.B subordinate
-of this one are also output, unless \fB-g\fP is specified.
+of this one are also output, unless \fB\-g\fP is specified.
.LP
Administrators may need to modify existing schema items, including
adding new required attributes to objectClasses,
@@ -41,7 +52,7 @@ or any other change that may result in making perfectly valid entries
no longer compliant with the modified schema.
The execution of the
.B slapschema tool after modifying the schema can point out
-inconsistencies that would otherwise surface only as soon as
+inconsistencies that would otherwise surface only when
inconsistent entries need to be modified.
.LP
@@ -52,19 +63,19 @@ Dynamically generated attributes (such as subschemaSubentry)
will not be considered.
.SH OPTIONS
.TP
-.BI \-a " filter"
+.BI \-a \ filter
Only check entries matching the asserted filter.
For example
-slapschema -a \\
+slapschema \-a \\
"(!(entryDN:dnSubtreeMatch:=ou=People,dc=example,dc=com))"
will check all but the "ou=People,dc=example,dc=com" subtree
of the "dc=example,dc=com" database.
.TP
-.BI \-b " suffix"
+.BI \-b \ suffix
Use the specified \fIsuffix\fR to determine which database to
-check. The \-b cannot be used in conjunction
+check. The \fB\-b\fP cannot be used in conjunction
with the
.B \-n
option.
@@ -72,24 +83,24 @@ option.
.B \-c
Enable continue (ignore errors) mode.
.TP
-.BI \-d " level"
+.BI \-d \ debug-level
Enable debugging messages as defined by the specified
-.IR level ;
+.IR debug-level ;
see
.BR slapd (8)
for details.
.TP
-.BI \-f " slapd.conf"
+.BI \-f \ slapd.conf
Specify an alternative
.BR slapd.conf (5)
file.
.TP
-.BI \-F " confdir"
+.BI \-F \ confdir
specify a config directory.
If both
-.B -f
+.B \-f
and
-.B -F
+.B \-F
are specified, the config file will be read and converted to
config directory format and written to the specified directory.
If neither option is specified, an attempt to read the
@@ -101,13 +112,13 @@ default config file is ignored.
disable subordinate gluing. Only the specified database will be
processed, and not its glued subordinates (if any).
.TP
-.BI \-l " error-file"
+.BI \-l \ error-file
Write errors to specified file instead of standard output.
.TP
-.BI \-n " dbnum"
+.BI \-n \ dbnum
Check the \fIdbnum\fR\-th database listed in the
configuration file. The config database
-.BR slapd-config (5),
+.BR slapd\-config (5),
is always the first database, so use
.B \-n 0
@@ -117,23 +128,23 @@ cannot be used in conjunction with the
.B \-b
option.
.TP
-.BI \-o " option[=value]"
+.BI \-o \ option\fR[ = value\fR]
Specify an
-.BR option
+.I option
with a(n optional)
-.BR value .
+.IR value .
Possible generic options/values are:
.LP
.nf
syslog=<subsystems> (see `\-s' in slapd(8))
- syslog-level=<level> (see `\-S' in slapd(8))
- syslog-user=<user> (see `\-l' in slapd(8))
+ syslog\-level=<level> (see `\-S' in slapd(8))
+ syslog\-user=<user> (see `\-l' in slapd(8))
.fi
.TP
-.BI \-s " subtree-dn"
+.BI \-s \ subtree-dn
Only check entries in the subtree specified by this DN.
-Implies `-b subtree-dn' if no
+Implies \fB\-b\fP \fIsubtree-dn\fP if no
.B \-b
nor
.B \-n
@@ -149,10 +160,10 @@ mode) when you do this to ensure consistency of the database. It is
always safe to run
.B slapschema
with the
-.BR slapd-bdb (5),
-.BR slapd-hdb (5),
+.BR slapd\-bdb (5),
+.BR slapd\-hdb (5),
and
-.BR slapd-null (5)
+.BR slapd\-null (5)
backends.
.SH EXAMPLES
To check the schema compliance of your SLAPD database after modifications
@@ -162,7 +173,7 @@ give the command:
.LP
.nf
.ft tt
- SBINDIR/slapcat -l errors.ldif
+ SBINDIR/slapcat \-l errors.ldif
.ft
.fi
.SH "SEE ALSO"
diff --git a/doc/man/man8/slaptest.8 b/doc/man/man8/slaptest.8
index ce31015b2f..cb6f93d9da 100644
--- a/doc/man/man8/slaptest.8
+++ b/doc/man/man8/slaptest.8
@@ -6,13 +6,20 @@
slaptest \- Check the suitability of the OpenLDAP slapd.conf file
.SH SYNOPSIS
.B SBINDIR/slaptest
-.B [\-d level]
-.B [\-f slapd.conf]
-.B [\-F confdir]
-.B [\-o name[=value]]
-.B [\-Q]
-.B [\-u]
-.B [\-v]
+[\c
+.BI \-d \ debug-level\fR]
+[\c
+.BI \-f \ slapd.conf\fR]
+[\c
+.BI \-F \ confdir\fR]
+[\c
+.BI \-o \ option\fR[ = value\fR]]
+[\c
+.BR \-Q ]
+[\c
+.BR \-u ]
+[\c
+.BR \-v ]
.LP
.SH DESCRIPTION
.LP
@@ -23,49 +30,49 @@ configuration file.
It opens the
.BR slapd.conf (5)
configuration file or the
-.BR slapd-config (5)
+.BR slapd\-config (5)
backend, and parses it according to the general and the backend-specific
rules, checking its sanity.
.LP
.SH OPTIONS
.TP
-.BI \-d " level"
+.BI \-d \ debug-level
enable debugging messages as defined by the specified
-.IR level ;
+.IR debug-level ;
see
.BR slapd (8)
for details.
.TP
-.BI \-f " slapd.conf"
+.BI \-f \ slapd.conf
specify an alternative
.BR slapd.conf (5)
file.
.TP
-.BI \-F " confdir"
+.BI \-F \ confdir
specify a config directory.
If both
-.B -f
+.B \-f
and
-.B -F
+.B \-F
are specified, the config file will be read and converted to
config directory format and written to the specified directory.
If neither option is specified, slaptest will attempt to read the
default config directory before trying to use the default
config file. If a valid config directory exists then the
-default config file is ignored. If dryrun mode is also specified,
+default config file is ignored. If dry-run mode is also specified,
no conversion will occur.
.TP
-.BI \-o " option[=value]"
+.BI \-o \ option\fR[ = value\fR]
Specify an
-.BR option
+.I option
with a(n optional)
-.BR value .
+.IR value .
Possible generic options/values are:
.LP
.nf
syslog=<subsystems> (see `\-s' in slapd(8))
- syslog-level=<level> (see `\-S' in slapd(8))
- syslog-user=<user> (see `\-l' in slapd(8))
+ syslog\-level=<level> (see `\-S' in slapd(8))
+ syslog\-user=<user> (see `\-l' in slapd(8))
.fi
.TP
@@ -73,8 +80,8 @@ Possible generic options/values are:
Be extremely quiet: only the exit code indicates success (0) or not
(any other value).
.TP
-.BI \-u
-enable dryrun mode (i.e. don't fail if databases cannot be opened,
+.B \-u
+enable dry-run mode (i.e. don't fail if databases cannot be opened,
but config is fine).
.TP
.BI \-v
@@ -86,12 +93,12 @@ give the command:
.LP
.nf
.ft tt
- SBINDIR/slaptest -f /ETCDIR/slapd.conf -v
+ SBINDIR/slaptest \-f /ETCDIR/slapd.conf \-v
.ft
.fi
.SH "SEE ALSO"
.BR ldap (3),
-.BR slapd (8)
+.BR slapd (8),
.BR slapdn (8)
.LP
"OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)
--
GitLab