doc/guide/admin/appendix-contrib.sdf

+# $OpenLDAP$
+# Copyright 2007 The OpenLDAP Foundation, All Rights Reserved.
+# COPYING RESTRICTIONS APPLY, see COPYRIGHT.
+
+H1: OpenLDAP Software Contributions
+
+The following sections attempt to summarize the various contributions in OpenLDAP
+software, as found in {{F:openldap_src/contrib}}
+
+H2: Client APIs
+
+Intro and discuss
+
+H3: ldapc++
+
+Intro and discuss
+
+H3: ldaptcl
+
+Intro and discuss
+
+H2: Overlays
+
+Intro and complete/expand correct names for below:
+
+H3: acl
+H3: addpartial
+H3: allop
+H3: comp_match
+H3: denyop
+H3: dsaschema
+H3: lastmod
+H3: passwd
+H3: proxyOld
+H3: smbk5pwd
+H3: trace
+
+
+H2: Tools
+
+Intro and discuss
+
+H3: Statistic Logging
+
+statslog
+
+H2: SLAPI Plugins
+
+Intro and discuss
+
+H3: addrdnvalues
+
+More

doc/guide/images/src/README.fonts → doc/guide/admin/appendix-deployments.sdf

 # $OpenLDAP$
 # Copyright 2007 The OpenLDAP Foundation, All Rights Reserved.
 # COPYING RESTRICTIONS APPLY, see COPYRIGHT.
-#
-# README.fonts 
-#
 
-In dia we use:
+H1: Real World OpenLDAP Deployments and Examples
 
-sans Normal 1.00 #000000
+Examples and discussions

doc/guide/admin/appendix-ldap-result-codes.sdf

+# $OpenLDAP$
+# Copyright 2007 The OpenLDAP Foundation, All Rights Reserved.
+# COPYING RESTRICTIONS APPLY, see COPYRIGHT.
+
+H1:  LDAP Result Codes
+
+For the purposes of this guide, we have incorporated the standard LDAP result 
+codes from {{Appendix A.  LDAP Result Codes}} of rfc4511. A copy of which can 
+be found in {{F:doc/rfc}} of the OpenLDAP source code.
+
+We have expanded the description of each error in relation to the OpenLDAP 
+toolsets.
+
+H2:  Non-Error Result Codes
+
+These result codes (called "non-error" result codes) do not indicate
+an error condition:
+
+>        success (0),
+>        compareFalse (5),
+>        compareTrue (6),
+>        referral (10), and
+>        saslBindInProgress (14).
+
+The {{success}}, {{compareTrue}}, and {{compareFalse}} result codes indicate
+successful completion (and, hence, are referred to as "successful"
+result codes).
+
+The {{referral}} and {{saslBindInProgress}} result codes indicate the client
+needs to take additional action to complete the operation.
+
+H2:  Result Codes
+
+Existing LDAP result codes are described as follows:
+
+H2: {{success (0)}}
+
+Indicates the successful completion of an operation.  
+
+Note: this code is not used with the Compare operation.  See {{SECT:compareFalse (5)}} 
+and {{SECT:compareTrue (6)}}.
+
+H2: {{operationsError (1)}}
+
+Indicates that the operation is not properly sequenced with
+relation to other operations (of same or different type).
+
+For example, this code is returned if the client attempts to
+StartTLS [RFC4346] while there are other uncompleted operations
+or if a TLS layer was already installed.
+
+H2: {{protocolError (2)}}
+
+Indicates the server received data that is not well-formed.
+
+For Bind operation only, this code is also used to indicate
+that the server does not support the requested protocol
+version.
+
+For Extended operations only, this code is also used to
+indicate that the server does not support (by design or
+configuration) the Extended operation associated with the
+{{requestName}}.
+
+For request operations specifying multiple controls, this may
+be used to indicate that the server cannot ignore the order
+of the controls as specified, or that the combination of the
+specified controls is invalid or unspecified.
+
+H2: {{timeLimitExceeded (3)}}
+
+Indicates that the time limit specified by the client was
+exceeded before the operation could be completed.
+
+H2: {{sizeLimitExceeded (4)}}
+
+Indicates that the size limit specified by the client was
+exceeded before the operation could be completed.
+
+H2: {{compareFalse (5)}}
+
+Indicates that the Compare operation has successfully
+completed and the assertion has evaluated to FALSE or
+Undefined.
+
+H2: {{compareTrue (6)}}
+
+Indicates that the Compare operation has successfully
+completed and the assertion has evaluated to TRUE.
+
+H2: {{authMethodNotSupported (7)}}
+
+Indicates that the authentication method or mechanism is not
+supported.
+
+H2: {{strongerAuthRequired (8)}}
+
+Indicates the server requires strong(er) authentication in
+order to complete the operation.
+
+When used with the Notice of Disconnection operation, this
+code indicates that the server has detected that an
+established security association between the client and
+server has unexpectedly failed or been compromised.
+
+H2: {{referral (10)}}
+
+Indicates that a referral needs to be chased to complete the
+operation (see Section 4.1.10).
+
+H2: {{adminLimitExceeded (11)}}
+
+Indicates that an administrative limit has been exceeded.
+
+H2: {{unavailableCriticalExtension (12)}}
+
+Indicates a critical control is unrecognized (see Section
+4.1.11).
+
+H2: {{confidentialityRequired (13)}}
+
+Indicates that data confidentiality protections are required.
+
+H2: {{saslBindInProgress (14)}}
+
+Indicates the server requires the client to send a new bind
+request, with the same SASL mechanism, to continue the
+authentication process (see Section 4.2).
+
+H2: {{noSuchAttribute (16)}}
+
+Indicates that the named entry does not contain the specified
+attribute or attribute value.
+
+H2: {{undefinedAttributeType (17)}}
+
+Indicates that a request field contains an unrecognized
+attribute description.
+
+H2: {{inappropriateMatching (18)}}
+
+Indicates that an attempt was made (e.g., in an assertion) to
+use a matching rule not defined for the attribute type
+concerned.
+
+H2: {{constraintViolation (19)}}
+
+Indicates that the client supplied an attribute value that
+does not conform to the constraints placed upon it by the
+data model.
+
+For example, this code is returned when multiple values are
+supplied to an attribute that has a SINGLE-VALUE constraint.
+
+H2: {{attributeOrValueExists (20)}}
+
+Indicates that the client supplied an attribute or value to
+be added to an entry, but the attribute or value already
+exists.
+
+H2: {{invalidAttributeSyntax (21)}}
+
+Indicates that a purported attribute value does not conform
+to the syntax of the attribute.
+
+H2: {{noSuchObject (32)}}
+
+Indicates that the object does not exist in the DIT.
+
+H2: {{aliasProblem (33)}}
+
+Indicates that an alias problem has occurred.  For example,
+the code may used to indicate an alias has been dereferenced
+that names no object.
+
+H2: {{invalidDNSyntax (34)}}
+
+Indicates that an LDAPDN or RelativeLDAPDN field (e.g., search
+base, target entry, ModifyDN newrdn, etc.) of a request does
+not conform to the required syntax or contains attribute
+values that do not conform to the syntax of the attribute's
+type.
+
+H2: {{aliasDereferencingProblem (36)}}
+
+Indicates that a problem occurred while dereferencing an
+alias.  Typically, an alias was encountered in a situation
+where it was not allowed or where access was denied.
+
+H2: {{inappropriateAuthentication (48)}}
+
+Indicates the server requires the client that had attempted
+to bind anonymously or without supplying credentials to
+provide some form of credentials.
+
+H2: {{invalidCredentials (49)}}
+
+Indicates that the provided credentials (e.g., the user's name
+and password) are invalid.
+
+H2: {{insufficientAccessRights (50)}}
+
+Indicates that the client does not have sufficient access
+rights to perform the operation.
+
+H2: {{busy (51)}}
+
+Indicates that the server is too busy to service the
+operation.
+
+H2: {{unavailable (52)}}
+
+Indicates that the server is shutting down or a subsystem
+necessary to complete the operation is offline.
+
+H2: {{unwillingToPerform (53)}}
+
+Indicates that the server is unwilling to perform the
+operation.
+
+H2: {{loopDetect (54)}}
+
+Indicates that the server has detected an internal loop (e.g.,
+while dereferencing aliases or chaining an operation).
+
+H2: {{namingViolation (64)}}
+
+Indicates that the entry's name violates naming restrictions.
+
+H2: {{objectClassViolation (65)}}
+
+Indicates that the entry violates object class restrictions.
+
+H2: {{notAllowedOnNonLeaf (66)}}
+
+Indicates that the operation is inappropriately acting upon a
+non-leaf entry.
+
+H2: {{notAllowedOnRDN (67)}}
+
+Indicates that the operation is inappropriately attempting to
+remove a value that forms the entry's relative distinguished
+name.
+
+H2: {{entryAlreadyExists (68)}}
+
+Indicates that the request cannot be fulfilled (added, moved,
+or renamed) as the target entry already exists.
+
+H2: {{objectClassModsProhibited (69)}}
+
+Indicates that an attempt to modify the object class(es) of
+an entry's 'objectClass' attribute is prohibited.
+
+For example, this code is returned when a client attempts to
+modify the structural object class of an entry.
+
+H2: {{affectsMultipleDSAs (71)}}
+
+Indicates that the operation cannot be performed as it would
+affect multiple servers (DSAs).
+
+H2: {{other (80)}}
+
+Indicates the server has encountered an internal error.

doc/guide/admin/appendix-recommended-versions.sdf

+# $OpenLDAP$
+# Copyright 1999-2007 The OpenLDAP Foundation, All Rights Reserved.
+# COPYING RESTRICTIONS APPLY, see COPYRIGHT.
+
+H1: Recommended OpenLDAP Software Dependency Versions
+
+This appendix details the recommended versions of the software 
+that OpenLDAP depends on. 
+
+Please read the {{SECT:Prerequisite software}} section for more 
+information on the following software dependencies.
+
+H2: Dependency Versions
+
+!block table; align=Center; coltags="N,EX,EX"; title="Table 8.5: OpenLDAP Software Dependency Versions"
+Feature|Software|Version
+{{TERM[expand]TLS}}:
+|{{PRD:OpenSSL}}|0.9.7+
+|{{PRD:GnuTLS}}|2.0.1
+{{TERM[expand]SASL}}|{{PRD:Cyrus SASL}}|2.1.21+
+{{TERM[expand]Kerberos}}:
+|{{PRD:Heimdal}}|Version
+|{{PRD:MIT Kerberos}}|Version
+Database Software|{{PRD:Berkeley DB}}:|
+||4.2
+||4.4
+||4.5
+||4.6
+||Note: It is highly recommended to apply the patches from for a given release.
+Threads:
+|POSIX {{pthreads}}|Version
+|Mach {{CThreads}}|Version
+TCP Wrappers|Name|Version
+!endblock
+

doc/guide/admin/aspell.en.pws

-personal_ws-1.1 en 1406 
+personal_ws-1.1 en 1491 
 nattrsets
 inappropriateAuthentication
 api
@@ -144,10 +144,13 @@ dbcache
 mkversion
 objectClasses
 objectclasses
+adminLimitExceeded
 searchResultReference
 fmt
 qdescrs
 olcSuffix
+objectClassModsProhibited
+unavailableCriticalExtension
 supportedControl
 GHz
 libpath
@@ -155,6 +158,7 @@ INADDR
 compareDN
 sizelimit
 unixODBC
+notAllowedOnNonLeaf
 APIs
 blen
 attrsOnly
@@ -167,6 +171,7 @@ wBDARESEhgVG
 syncIdSet
 olcTLSCipherSuite
 username
+aliasProblem
 sizeLimitExceeded
 subst
 idl
@@ -178,6 +183,7 @@ ZKKuqbEKJfKSXhUbHG
 reqRespControls
 TLSCertificateKeyFile
 olcAccess
+aliasDereferencingProblem
 proxyTemplates
 neverDerefaliases
 RootDN
@@ -190,7 +196,7 @@ RELEASEDATE
 baseDN
 basedn
 argv
-GSS
+gss
 schemachecking
 whoami
 WhoAmI
@@ -198,7 +204,10 @@ syslogd
 dataflow
 subentries
 attrpair
+balancer
+entryAlreadyExists
 BerkeleyDB's
+notAllowedOnRDN
 singleLevel
 entryDN
 dSAOperation
@@ -206,6 +215,7 @@ includedir
 inplace
 LDAPAPIFeatureInfo
 logbase
+ldapmaster
 ing
 moduleload
 IPC
@@ -230,6 +240,7 @@ reqMod
 ldb
 srcdir
 pwdExpireWarning
+ldd
 localstatedir
 sockbuf
 PENs
@@ -249,6 +260,7 @@ whitespaces
 ISP
 ldp
 monitorInfo
+PDUs
 bjensen
 newPasswd
 irresponsive
@@ -256,6 +268,7 @@ len
 perl
 dynlist
 browseable
+posixGroup
 attrvalue
 pers
 retcode
@@ -292,6 +305,7 @@ newPasswdFile
 ucdata
 LLL
 confdir
+invalidCredentials
 BerValues
 olcDbLinearIndex
 Elfrink
@@ -305,10 +319,13 @@ desc
 LTCOMPILE
 bindmethod
 olcDbCheckpoint
+addprinc
 modme
 refreshOnly
 PIII
 pwdPolicySubentry
+supportedSASLmechanism
+supportedSASLMechanism
 FIXME
 realanonymous
 caseExactMatch
@@ -345,6 +362,7 @@ strdup
 gsMatch
 adamson
 UniqueName
+LVL
 ppErrStr
 DESTDIR
 oid
@@ -376,6 +394,7 @@ sharedstatedir
 OLP
 LDFLAGS
 dereferencing
+allop
 errcodep
 xeXBkeFxlZ
 accessor's
@@ -394,6 +413,7 @@ libdir
 unindexed
 ObjectClassDescription
 attrdesc
+jsmith
 efgh
 exopPasswdDN
 ranlib
@@ -409,6 +429,7 @@ OSI
 subschemaSubentry
 cond
 conf
+rfc
 bvec
 rdn
 ECHOPROMPT
@@ -435,6 +456,7 @@ olcReadonly
 olcReadOnly
 pwdChangedTime
 mySQL
+DITs
 sdf
 suffixmassage
 referralDN
@@ -451,6 +473,7 @@ telephonenumber
 telephoneNumber
 DLDAP
 peernamestyle
+Sep
 SHA
 filename
 rpath
@@ -471,17 +494,21 @@ subdir
 searchAttrDN
 cctrls
 tcp
+kadmin
+undefinedAttributeType
 strlen
 spellcheck
 ludpp
 typedef
 olcDbIDLcacheSize
 ostring
+toolsets
 mwrscdx
 SMD
 UCD
 cancelled
 crit
+organizationalUnit
 lucyB
 slp
 rdns
@@ -503,6 +530,7 @@ src
 lastName
 ufn
 cron
+RelativeLDAPDN
 sql
 pwdPolicyChecker
 uid
@@ -558,6 +586,7 @@ oldPasswd
 sys
 pwdPolicy
 slapd
+affectsMultipleDSAs
 sasl
 slapauth
 MANCOMPRESS
@@ -593,7 +622,9 @@ freemods
 initgroups
 auditCompare
 GDBM
+DSAs
 DSA's
+dsaschema
 compareFalse
 resultCode
 resultcode
@@ -620,6 +651,7 @@ extparam
 auditWriteObject
 colaligns
 Diffie
+offsite
 attributevalue
 AttributeValue
 SIGTERM
@@ -635,6 +667,7 @@ de
 reqAuthzID
 backend's
 backends
+requestName
 cn
 lcrypto
 infodir
@@ -650,7 +683,9 @@ fd
 LDAPSync
 olcReplicationInterval
 fG
+gidNumber
 fi
+Instanstantiation
 eq
 FIPS
 dx
@@ -692,8 +727,10 @@ syslogged
 mk
 ng
 oc
+invalidAttributeSyntax
 errOp
 pwdMaxAge
+insufficientAccessRights
 truelies
 NL
 mr
@@ -717,6 +754,7 @@ NOSYNC
 slapover
 RL
 sockname
+noSuchAttribute
 MANCOMPRESSSUFFIX
 makeinfo
 coltags
@@ -747,14 +785,18 @@ xf
 param
 MChAODQ
 caseExactIA
-Vu
 Za
+Vu
 idlecachesize
+objectClassViolation
+allusers
 ws
 errSleepTime
 INSTALLFLAGS
 pthread
 pwdHistory
+x's
+Debian
 slen
 errUnsolicitedOID
 dyngroup
@@ -782,6 +824,7 @@ sbindir
 apache's
 noidlen
 monitorContext
+testrun
 resync
 fqdn
 authPassword
@@ -822,7 +865,9 @@ pwdSafeModify
 contrib
 FQDNs
 bjorn
+myldap
 myLDAP
+peercred
 SNMP
 myObjectClass
 thru
@@ -841,9 +886,12 @@ ldapmodrdn
 ldapbis
 attributeoptions
 serverID
+memberOf
 memberof
 pseudorootpw
+allmail
 CFLAGS
+operationsError
 substr
 pwdAllowUserChange
 rewriteRule
@@ -864,6 +912,7 @@ olcRootDN
 octetString
 SampleLDAP
 expr
+allusersgroup
 PostgreSQL
 bvstr
 filesystem
@@ -880,6 +929,7 @@ SSHA
 func
 filterlist
 modifyDN
+jane
 syncuser
 Masarati
 LDAPSyntax
@@ -901,6 +951,8 @@ slapacl
 multiclassing
 monitoredInfo
 LTLINK
+addrdnvalues
+KTNAME
 ETCDIR
 reqId
 setspec
@@ -919,6 +971,7 @@ subr
 cachesize
 olcRootPW
 SSLv
+proxyOld
 domainScope
 LDAPMessage
 LTVERSION
@@ -951,13 +1004,16 @@ libtool
 servercredp
 AttributeTypeDescription
 LTFLAGS
+simplebinddn
 authcDN
 TLSCipherSuite
 supportedSASLMechanisms
+rootdse
 rootDSE
 dsaparam
 cachefree
 UMich's
+uidNumber
 schemadir
 attribute's
 extern
@@ -980,10 +1036,12 @@ Supr
 olcDatabaseConfig
 rwxrwxrwx
 aeeiib
+SUPs
 reqStart
 sasldb
 somevalue
 LIBRELEASE
+randkey
 starttls
 StartTLS
 LDAPSchemaExtensionItem
@@ -995,6 +1053,7 @@ backend
 portnumber
 subjectAltName
 errObject
+gsskrb
 valsort
 bervals
 berval's
@@ -1008,12 +1067,14 @@ dbnum
 olcLdapConfig
 sessionlog
 attrset
+organizationPerson
 entryCSN
 strcast
 kbyte
 modifiersName
 keytbl
 olcHdbConfig
+constraintViolation
 README
 memcalloc
 inet
@@ -1027,6 +1088,7 @@ memvfree
 tuple
 superset
 directoryString
+ktadd
 proxyTemplate
 proxytemplate
 wildcards
@@ -1040,6 +1102,7 @@ Locators
 bvalues
 reqResult
 impl
+strongerAuthRequired
 outvalue
 returnCode
 returncode
@@ -1049,6 +1112,7 @@ dnssrv
 ciphersuite
 auditlog
 reqControls
+protocolError
 notypes
 myAttributeType
 stringbv
@@ -1059,6 +1123,7 @@ Subbarao
 setstyle
 subdirectories
 errlist
+addpartial
 slapdn
 uncached
 ldapapiinfo
@@ -1096,6 +1161,7 @@ noprompt
 databasenumber
 hasSubordintes
 URIs
+denyop
 lang
 auditSearch
 ldapdelete
@@ -1115,11 +1181,13 @@ http
 uppercased
 Poobah
 libldap
+invalidDNSyntax
 ldap
 ldbm
 ursula
 LDAPModifying
 slapdconfig
+sysconfig
 dnSubtreeMatch
 olcSaslSecProps
 olcSaslSecprops
@@ -1133,6 +1201,7 @@ matchingRule
 matchingrule
 SmVuc
 MSSQL
+nisMailAlias
 hostnames
 ctrlp
 lltdl
@@ -1153,7 +1222,10 @@ bvfree
 sleeptime
 pwdCheckQuality
 msgidp
+confidentialityRequired
 pwdAttribute
+authMethodNotSupported
+chown
 PRNGD
 LDAPRDN
 entryUUIDs
@@ -1182,6 +1254,7 @@ dryrun
 noplain
 exattrs
 Jong
+ldaptcl
 proxied
 firstName
 accesslevel
@@ -1218,12 +1291,15 @@ databasetype
 woid
 numericStringOrderingMatch
 clientctrls
+inappropriateMatching
 RetCodes
+ldapc
 pwdAccountLockedTime
 attrtype
 LIBVERSION
 proto
 endif
+logfiles
 reqNewRDN
 ldapi
 notoc
@@ -1254,14 +1330,17 @@ olcObjectIdentifier
 endblock
 proxyAuthz
 pagedResults
+saslBindInProgress
 bitstring
 ACLs
 berptr
 olcModuleLoad
+namingViolation
 attributetype
 attributeType
 auditModRDN
 cacert
+memberUid
 freebuf
 IDSET
 pwdGraceAuthnLimit
@@ -1314,6 +1393,7 @@ bindDn
 bindDN
 binddn
 methodp
+timeLimitExceeded
 timelimitExceeded
 pwdInHistory
 LTSTATIC
@@ -1330,9 +1410,11 @@ GnuTLS
 postread
 timeval
 DHAVE
+loopDetect
 caseIgnoreSubstringsMatch
 monitorIsShadow
 syncdata
+BDB's
 olcPidFile
 hostport
 backload
@@ -1353,6 +1435,7 @@ RANDFILE
 attrlist
 aci
 directoryOperation
+compareTrue
 selfwrite
 pwdReset
 acl
@@ -1372,6 +1455,7 @@ userid
 Kumar
 AES
 bdb
+attributeOrValueExists
 manageDSAit
 ManageDsaIT
 bindpw
@@ -1384,6 +1468,7 @@ objectIdentifierMatch
 Blowfish
 mkln
 numericStringSubstringsMatch
+testgroup
 openssl
 OpenSSL
 ModName

doc/guide/admin/dbtools.sdf

@@ -14,7 +14,7 @@ entries, depending on your requirements). This method works for
 database types which support updates.
 
 The second method of database creation is to do it off-line using
-special utilities provided with slapd. This method is best if you
+special utilities provided with {{slapd}}(8). This method is best if you
 have many thousands of entries to create, which would take an
 unacceptably long time using the LDAP method, or if you want to
 ensure the database is not accessed while it is being created. Note
@@ -187,6 +187,15 @@ format}} section).
 Specifies the slapd configuration file that tells where to create
 the indices, what indices to create, etc.
 
+>	-F <slapdconfdirectory>
+
+Specifies a config directory.  If both {{EX:-f}} and {{EX:-F}} are specified, 
+the config file will be read and converted to config  directory format and 
+written to the specified directory.  If neither option is specified, an attempt 
+to read the default config directory will be made before trying to use the 
+default config file. If a valid config directory exists then the default 
+config file is ignored. If dryrun mode is also specified, no conversion will occur.
+
 >	-d <debuglevel>
 
 Turn on debugging, as specified by {{EX:<debuglevel>}}. The debug

doc/guide/admin/guide.book

 #HTMLDOC 1.8.27
--t pdf14 -f "OpenLDAP-Admin-Guide.pdf" --book --toclevels 3 --no-numbered --toctitle "Table of Contents" --title --titleimage "../images/LDAPwww.gif" --linkstyle plain --size Universal --left 1.00in --right 0.50in --top 0.50in --bottom 0.50in --header .t. --header1 ... --footer ..1 --nup 1 --tocheader .t. --tocfooter ..i --duplex --portrait --color --no-pscommands --no-xrxcomments --compression=1 --jpeg=0 --fontsize 11.0 --fontspacing 1.2 --headingfont Helvetica --bodyfont Times --headfootsize 11.0 --headfootfont Helvetica --charset iso-8859-1 --links --embedfonts --pagemode outline --pagelayout single --firstpage p1 --pageeffect none --pageduration 10 --effectduration 1.0 --no-encryption --permissions all  --owner-password ""  --user-password "" --browserwidth 680 --no-strict --no-overflow
+-t pdf14 --book --toclevels 3 --no-numbered --toctitle "Table of Contents" --title --titleimage "../images/LDAPwww.gif" --linkstyle plain --size Universal --left 1.00in --right 0.50in --top 0.50in --bottom 0.50in --header .t. --header1 ... --footer ..1 --nup 1 --tocheader .t. --tocfooter ..i --duplex --portrait --color --no-pscommands --no-xrxcomments --compression=1 --jpeg=0 --fontsize 11.0 --fontspacing 1.2 --headingfont Helvetica --bodyfont Times --headfootsize 11.0 --headfootfont Helvetica --charset iso-8859-1 --links --embedfonts --pagemode outline --pagelayout single --firstpage p1 --pageeffect none --pageduration 10 --effectduration 1.0 --no-encryption --permissions all  --owner-password ""  --user-password "" --browserwidth 680 --no-strict --no-overflow
 admin.html

doc/guide/admin/install.sdf

@@ -125,10 +125,15 @@ install it yourself.
 
 {{PRD:Berkeley DB}} is available from {{ORG[expand]Oracle}}'s Berkeley DB
 download page
-{{URL: http://www.oracle.com/technology/software/products/berkeley-db/index.html}}.  There are several versions available.  Generally, the most recent
-release (with published patches) is recommended.  This package is required
+{{URL: http://www.oracle.com/technology/software/products/berkeley-db/index.html}}.  
+
+There are several versions available. Generally, the most recent
+release (with published patches) is recommended. This package is required
 if you wish to use the {{TERM:BDB}} or {{TERM:HDB}} database backends.
 
+Note: Please see {{SECT:Recommended OpenLDAP Software Dependency Versions}} for
+more information.
+
 
 H3: Threads
 

doc/guide/admin/intro.sdf

@@ -156,9 +156,44 @@ services.
 
 H2: When should I use LDAP?
 
+This is a very good question. In general, you should use a Directory
+server when you require data to be centrally managed, stored and accessible via
+standards based methods. 
+
+Some common examples found throughout the industry are, but not limited to:
+
+* Machine Authentication
+* User Authentication
+* User/System Groups
+* Address book
+* Organization Representation
+* Asset Tracking
+* Telephony Information Store
+* User resource management
+* E-mail address lookups
+* Application Configuration store
+* PBX Configuration store
+* etc.....
+
+There are various {{SECT:Distributed Schema Files}} that are standards based, but
+you can always create your own {{SECT:Schema Specification}}.
+
+There are always new ways to use a Directory and apply LDAP principles to address
+certain problems, therefore there is no simple answer to this question.
+
+If in doubt, join the general LDAP forum for non-commercial discussions and 
+information relating to LDAP at: 
+{{URL:http://www.umich.edu/~dirsvcs/ldap/mailinglist.html}} and ask
 
 H2: When should I not use LDAP?
 
+When you start finding yourself bending the directory to do what you require,
+maybe a redesign is needed. Or if you only require one application to use and 
+manipulate your data (for discussion of LDAP vs RDBMS, please read the 
+{{SECT:LDAP vs RDBMS}} section).
+
+It will become obvious when LDAP is the right tool for the job.
+
 
 H2: How does LDAP work?
 
@@ -238,8 +273,7 @@ sharing of data with other applications.
 
 The short answer is that use of an embedded database and custom indexing system 
 allows OpenLDAP to provide greater performance and scalability without loss of 
-reliability. OpenLDAP, since release 2.1, in its main storage-oriented backends 
-(back-bdb and, since 2.2, back-hdb) uses Berkeley DB concurrent / transactional 
+reliability. OpenLDAP uses Berkeley DB concurrent / transactional 
 database software. This is the same software used by leading commercial 
 directory software.
 
@@ -327,10 +361,6 @@ For more information on concept and limitations, see {{slapd-sql}}(5) man page,
 or the {{SECT: Backends}} section. There are also several examples for several 
 RDBMSes in {{F:back-sql/rdbms_depend/*}} subdirectories. 
 
-TO REFERENCE:
-
-http://blogs.sun.com/treydrake/entry/ldap_vs_relational_database
-http://blogs.sun.com/treydrake/entry/ldap_vs_relational_database_part
 
 H2: What is slapd and what can it do?