ITS#1749 added maxderefdepth, suffiaxalias, TLSCACertificatePath,

ucdata-path, moduleload, modulepath. sasl-external-x509dn-convert has
been deleted from the code.

doc/man/man5/slapd.conf.5

@@ -388,6 +388,19 @@ entry parsing
 .PD
 .RE
 .RE
+.TP
+.B moduleload <filename>
+Specify the name of a dynamically loadable module to load. The filename
+may be an absolute path name or a simple filename. Non-absolute names
+are searched for in the directories specified by the
+.B modulepath
+option. This option and the
+.B modulepath
+option are only usable if slapd was compiled with --enable-modules.
+.TP
+.B modulepath <pathspec>
+Specify a list of directories to search for loadable modules. Typically
+the path is colon-separated but this depends on the operating system.
 .HP
 .B objectclass ( <oid> [NAME <name>] [DESC <description] [OBSOLETE]\
  [SUP <oids>] [{ ABSTRACT | STRUCTURAL | AUXILIARY }] [MUST <oids>]\
@@ -505,7 +518,7 @@ form
 .RS
 .RS
 .TP
-.B uid=<UID>[,cn=<REALM>][,cn=<MECH>],cn=AUTHZ
+.B uid=<username>[,cn=<realm>],cn=<mechanism>,cn=auth
 
 .RE
 This SASL name is then compared against the
@@ -519,7 +532,7 @@ regular expression that are enclosed in parenthesis, e.g.
 .RS
 .RS
 .TP
-.B uid=(.*)\\\\+realm=.*
+.B uid=(.*),cn=.*
 
 .RE
 .RE
@@ -545,10 +558,10 @@ options can be given in the configuration file to allow for multiple matching
 and replacement patterns. The matching patterns are checked in the order they 
 appear in the file, stopping at the first successful match.
 
-.B Caution:
-Because the plus sign + is a character recognized by the regular expression engine,
-and it will appear in SASL names that include a REALM, be careful to escape the
-plus sign with a backslash \\+ to remove the character's special meaning.
+.\".B Caution:
+.\"Because the plus sign + is a character recognized by the regular expression engine,
+.\"and it will appear in SASL names that include a REALM, be careful to escape the
+.\"plus sign with a backslash \\+ to remove the character's special meaning.
 .RE
 .TP
 .B sasl-secprops <properties>
@@ -665,6 +678,10 @@ Extra args can be added on the same line.
 See
 .BR limits
 for an explanation of the different flags.
+.TP
+.B ucdata-path <path>
+Specify the path to the directory containing the Unicode character
+tables. The default path is LOCALSTATEDIR/ucdata.
 .SH TLS OPTIONS
 If
 .B slapd
@@ -687,6 +704,11 @@ Authorities that
 .B slapd
 will recognize.
 .TP
+.B TLSCACertificatePath <path>
+Specifies the path of a directory that contains Certificate Authority
+certificates in separate individual files. Usually only one of this
+or the TLSCACertificateFile is used.
+.TP
 .B TLSCertificateFile <filename>
 Specifies the file that contains the
 .B slapd
@@ -792,6 +814,10 @@ will automatically maintain the
 modifiersName, modifyTimestamp, creatorsName, and 
 createTimestamp attributes for entries.  By default, lastmod is on.
 .TP
+.B maxderefdepth <depth>
+Specifies the maximum number of aliases to dereference when trying to
+resolve an entry, used to avoid inifinite alias loops. The default is 1.
+.TP
 .B readonly on | off
 This option puts the database into "read-only" mode.  Any attempts to 
 modify the database will return an "unwilling to perform" error.  By
@@ -885,6 +911,11 @@ Specify the DN suffix of queries that will be passed to this
 backend database.  Multiple suffix lines can be given and at least one is 
 required for each database definition.
 .TP
+.B suffixalias <alias> <aliased suffix>
+Specify an alternate suffix that may be used to reference an already defined
+database suffix. Operations specifying DNs residing under the alias 
+will execute as if they had specified the aliased suffix.
+.TP
 .B subordinate
 Specify that the current backend database is a subordinate of another
 backend database. A subordinate database may have only one suffix. This