Pull down latest guide updates from HEAD

doc/guide/admin/appendix-ldap-result-codes.sdf

@@ -4,6 +4,262 @@
 
 H1:  LDAP Result Codes
 
-Port "Appendix A.  LDAP Result Codes" from rfc4511 and add a small explanation
-in addition to current one for ldap*/slap* tools, with the aim of fending off simple, recurring 
-questions on the lists.
+For the purposes of this guide, we have incorporated the standard LDAP result 
+codes from {{Appendix A.  LDAP Result Codes}} of rfc4511. A copy of which can 
+be found in {{F:doc/rfc}} of the OpenLDAP source code.
+
+We have expanded the description of each error in relation to the OpenLDAP 
+toolsets.
+
+H2:  Non-Error Result Codes
+
+These result codes (called "non-error" result codes) do not indicate
+an error condition:
+
+>        success (0),
+>        compareFalse (5),
+>        compareTrue (6),
+>        referral (10), and
+>        saslBindInProgress (14).
+
+The {{success}}, {{compareTrue}}, and {{compareFalse}} result codes indicate
+successful completion (and, hence, are referred to as "successful"
+result codes).
+
+The {{referral}} and {{saslBindInProgress}} result codes indicate the client
+needs to take additional action to complete the operation.
+
+H2:  Result Codes
+
+Existing LDAP result codes are described as follows:
+
+H2: {{success (0)}}
+
+Indicates the successful completion of an operation.  
+
+Note: this code is not used with the Compare operation.  See {{SECT:compareFalse (5)}} 
+and {{SECT:compareTrue (6)}}.
+
+H2: {{operationsError (1)}}
+
+Indicates that the operation is not properly sequenced with
+relation to other operations (of same or different type).
+
+For example, this code is returned if the client attempts to
+StartTLS [RFC4346] while there are other uncompleted operations
+or if a TLS layer was already installed.
+
+H2: {{protocolError (2)}}
+
+Indicates the server received data that is not well-formed.
+
+For Bind operation only, this code is also used to indicate
+that the server does not support the requested protocol
+version.
+
+For Extended operations only, this code is also used to
+indicate that the server does not support (by design or
+configuration) the Extended operation associated with the
+{{requestName}}.
+
+For request operations specifying multiple controls, this may
+be used to indicate that the server cannot ignore the order
+of the controls as specified, or that the combination of the
+specified controls is invalid or unspecified.
+
+H2: {{timeLimitExceeded (3)}}
+
+Indicates that the time limit specified by the client was
+exceeded before the operation could be completed.
+
+H2: {{sizeLimitExceeded (4)}}
+
+Indicates that the size limit specified by the client was
+exceeded before the operation could be completed.
+
+H2: {{compareFalse (5)}}
+
+Indicates that the Compare operation has successfully
+completed and the assertion has evaluated to FALSE or
+Undefined.
+
+H2: {{compareTrue (6)}}
+
+Indicates that the Compare operation has successfully
+completed and the assertion has evaluated to TRUE.
+
+H2: {{authMethodNotSupported (7)}}
+
+Indicates that the authentication method or mechanism is not
+supported.
+
+H2: {{strongerAuthRequired (8)}}
+
+Indicates the server requires strong(er) authentication in
+order to complete the operation.
+
+When used with the Notice of Disconnection operation, this
+code indicates that the server has detected that an
+established security association between the client and
+server has unexpectedly failed or been compromised.
+
+H2: {{referral (10)}}
+
+Indicates that a referral needs to be chased to complete the
+operation (see Section 4.1.10).
+
+H2: {{adminLimitExceeded (11)}}
+
+Indicates that an administrative limit has been exceeded.
+
+H2: {{unavailableCriticalExtension (12)}}
+
+Indicates a critical control is unrecognized (see Section
+4.1.11).
+
+H2: {{confidentialityRequired (13)}}
+
+Indicates that data confidentiality protections are required.
+
+H2: {{saslBindInProgress (14)}}
+
+Indicates the server requires the client to send a new bind
+request, with the same SASL mechanism, to continue the
+authentication process (see Section 4.2).
+
+H2: {{noSuchAttribute (16)}}
+
+Indicates that the named entry does not contain the specified
+attribute or attribute value.
+
+H2: {{undefinedAttributeType (17)}}
+
+Indicates that a request field contains an unrecognized
+attribute description.
+
+H2: {{inappropriateMatching (18)}}
+
+Indicates that an attempt was made (e.g., in an assertion) to
+use a matching rule not defined for the attribute type
+concerned.
+
+H2: {{constraintViolation (19)}}
+
+Indicates that the client supplied an attribute value that
+does not conform to the constraints placed upon it by the
+data model.
+
+For example, this code is returned when multiple values are
+supplied to an attribute that has a SINGLE-VALUE constraint.
+
+H2: {{attributeOrValueExists (20)}}
+
+Indicates that the client supplied an attribute or value to
+be added to an entry, but the attribute or value already
+exists.
+
+H2: {{invalidAttributeSyntax (21)}}
+
+Indicates that a purported attribute value does not conform
+to the syntax of the attribute.
+
+H2: {{noSuchObject (32)}}
+
+Indicates that the object does not exist in the DIT.
+
+H2: {{aliasProblem (33)}}
+
+Indicates that an alias problem has occurred.  For example,
+the code may used to indicate an alias has been dereferenced
+that names no object.
+
+H2: {{invalidDNSyntax (34)}}
+
+Indicates that an LDAPDN or RelativeLDAPDN field (e.g., search
+base, target entry, ModifyDN newrdn, etc.) of a request does
+not conform to the required syntax or contains attribute
+values that do not conform to the syntax of the attribute's
+type.
+
+H2: {{aliasDereferencingProblem (36)}}
+
+Indicates that a problem occurred while dereferencing an
+alias.  Typically, an alias was encountered in a situation
+where it was not allowed or where access was denied.
+
+H2: {{inappropriateAuthentication (48)}}
+
+Indicates the server requires the client that had attempted
+to bind anonymously or without supplying credentials to
+provide some form of credentials.
+
+H2: {{invalidCredentials (49)}}
+
+Indicates that the provided credentials (e.g., the user's name
+and password) are invalid.
+
+H2: {{insufficientAccessRights (50)}}
+
+Indicates that the client does not have sufficient access
+rights to perform the operation.
+
+H2: {{busy (51)}}
+
+Indicates that the server is too busy to service the
+operation.
+
+H2: {{unavailable (52)}}
+
+Indicates that the server is shutting down or a subsystem
+necessary to complete the operation is offline.
+
+H2: {{unwillingToPerform (53)}}
+
+Indicates that the server is unwilling to perform the
+operation.
+
+H2: {{loopDetect (54)}}
+
+Indicates that the server has detected an internal loop (e.g.,
+while dereferencing aliases or chaining an operation).
+
+H2: {{namingViolation (64)}}
+
+Indicates that the entry's name violates naming restrictions.
+
+H2: {{objectClassViolation (65)}}
+
+Indicates that the entry violates object class restrictions.
+
+H2: {{notAllowedOnNonLeaf (66)}}
+
+Indicates that the operation is inappropriately acting upon a
+non-leaf entry.
+
+H2: {{notAllowedOnRDN (67)}}
+
+Indicates that the operation is inappropriately attempting to
+remove a value that forms the entry's relative distinguished
+name.
+
+H2: {{entryAlreadyExists (68)}}
+
+Indicates that the request cannot be fulfilled (added, moved,
+or renamed) as the target entry already exists.
+
+H2: {{objectClassModsProhibited (69)}}
+
+Indicates that an attempt to modify the object class(es) of
+an entry's 'objectClass' attribute is prohibited.
+
+For example, this code is returned when a client attempts to
+modify the structural object class of an entry.
+
+H2: {{affectsMultipleDSAs (71)}}
+
+Indicates that the operation cannot be performed as it would
+affect multiple servers (DSAs).
+
+H2: {{other (80)}}
+
+Indicates the server has encountered an internal error.

doc/guide/admin/aspell.en.pws

-personal_ws-1.1 en 1451 
+personal_ws-1.1 en 1483 
 nattrsets
 inappropriateAuthentication
 api
@@ -145,11 +145,14 @@ mkversion
 objectClasses
 objectclasses
 searchResultReference
+adminLimitExceeded
 fmt
 qdescrs
 olcSuffix
+objectClassModsProhibited
 supportedControl
 GHz
+unavailableCriticalExtension
 libpath
 INADDR
 compareDN
@@ -157,6 +160,7 @@ sizelimit
 unixODBC
 APIs
 blen
+notAllowedOnNonLeaf
 attrsOnly
 attrsonly
 slappasswd
@@ -168,6 +172,7 @@ syncIdSet
 olcTLSCipherSuite
 username
 sizeLimitExceeded
+aliasProblem
 subst
 idl
 chroot
@@ -178,6 +183,7 @@ ZKKuqbEKJfKSXhUbHG
 reqRespControls
 TLSCertificateKeyFile
 olcAccess
+aliasDereferencingProblem
 proxyTemplates
 neverDerefaliases
 RootDN
@@ -199,8 +205,10 @@ dataflow
 subentries
 attrpair
 balancer
+entryAlreadyExists
 BerkeleyDB's
 singleLevel
+notAllowedOnRDN
 entryDN
 dSAOperation
 includedir
@@ -296,6 +304,7 @@ newPasswdFile
 ucdata
 LLL
 confdir
+invalidCredentials
 BerValues
 olcDbLinearIndex
 Elfrink
@@ -484,12 +493,14 @@ searchAttrDN
 cctrls
 tcp
 kadmin
+undefinedAttributeType
 strlen
 spellcheck
 ludpp
 typedef
 olcDbIDLcacheSize
 ostring
+toolsets
 mwrscdx
 SMD
 UCD
@@ -517,6 +528,7 @@ src
 lastName
 ufn
 cron
+RelativeLDAPDN
 sql
 pwdPolicyChecker
 uid
@@ -574,6 +586,7 @@ pwdPolicy
 slapd
 sasl
 slapauth
+affectsMultipleDSAs
 MANCOMPRESS
 octetStringOrderingStringMatch
 updatedn
@@ -607,6 +620,7 @@ freemods
 initgroups
 auditCompare
 GDBM
+DSAs
 DSA's
 dsaschema
 compareFalse
@@ -651,6 +665,7 @@ de
 reqAuthzID
 backend's
 backends
+requestName
 cn
 lcrypto
 infodir
@@ -709,9 +724,11 @@ syslogged
 mk
 ng
 oc
+invalidAttributeSyntax
 errOp
 pwdMaxAge
 truelies
+insufficientAccessRights
 NL
 mr
 reindex
@@ -735,6 +752,7 @@ slapover
 RL
 sockname
 MANCOMPRESSSUFFIX
+noSuchAttribute
 makeinfo
 coltags
 ro
@@ -764,9 +782,10 @@ xf
 param
 MChAODQ
 caseExactIA
-Vu
 Za
+Vu
 idlecachesize
+objectClassViolation
 ws
 errSleepTime
 INSTALLFLAGS
@@ -1049,6 +1068,7 @@ kbyte
 modifiersName
 keytbl
 olcHdbConfig
+constraintViolation
 README
 memcalloc
 inet
@@ -1076,6 +1096,7 @@ Locators
 bvalues
 reqResult
 impl
+strongerAuthRequired
 outvalue
 returnCode
 returncode
@@ -1085,6 +1106,7 @@ dnssrv
 ciphersuite
 auditlog
 reqControls
+protocolError
 notypes
 myAttributeType
 stringbv
@@ -1153,6 +1175,7 @@ http
 uppercased
 Poobah
 libldap
+invalidDNSyntax
 ldap
 ldbm
 ursula
@@ -1192,7 +1215,9 @@ bvfree
 sleeptime
 pwdCheckQuality
 msgidp
+confidentialityRequired
 pwdAttribute
+authMethodNotSupported
 chown
 PRNGD
 LDAPRDN
@@ -1259,6 +1284,7 @@ databasetype
 woid
 numericStringOrderingMatch
 clientctrls
+inappropriateMatching
 RetCodes
 ldapc
 pwdAccountLockedTime
@@ -1297,10 +1323,12 @@ olcObjectIdentifier
 endblock
 proxyAuthz
 pagedResults
+saslBindInProgress
 bitstring
 ACLs
 berptr
 olcModuleLoad
+namingViolation
 attributetype
 attributeType
 auditModRDN
@@ -1357,6 +1385,7 @@ bindDn
 bindDN
 binddn
 methodp
+timeLimitExceeded
 timelimitExceeded
 pwdInHistory
 LTSTATIC
@@ -1373,6 +1402,7 @@ GnuTLS
 postread
 timeval
 DHAVE
+loopDetect
 caseIgnoreSubstringsMatch
 monitorIsShadow
 syncdata
@@ -1397,6 +1427,7 @@ RANDFILE
 attrlist
 aci
 directoryOperation
+compareTrue
 selfwrite
 pwdReset
 acl
@@ -1416,6 +1447,7 @@ userid
 Kumar
 AES
 bdb
+attributeOrValueExists
 manageDSAit
 ManageDsaIT
 bindpw

doc/guide/admin/dbtools.sdf

@@ -14,7 +14,7 @@ entries, depending on your requirements). This method works for
 database types which support updates.
 
 The second method of database creation is to do it off-line using
-special utilities provided with slapd. This method is best if you
+special utilities provided with {{slapd}}(8). This method is best if you
 have many thousands of entries to create, which would take an
 unacceptably long time using the LDAP method, or if you want to
 ensure the database is not accessed while it is being created. Note

doc/guide/admin/install.sdf

@@ -125,10 +125,15 @@ install it yourself.
 
 {{PRD:Berkeley DB}} is available from {{ORG[expand]Oracle}}'s Berkeley DB
 download page
-{{URL: http://www.oracle.com/technology/software/products/berkeley-db/index.html}}.  There are several versions available.  Generally, the most recent
-release (with published patches) is recommended.  This package is required
+{{URL: http://www.oracle.com/technology/software/products/berkeley-db/index.html}}.  
+
+There are several versions available. Generally, the most recent
+release (with published patches) is recommended. This package is required
 if you wish to use the {{TERM:BDB}} or {{TERM:HDB}} database backends.
 
+Note: Please see {{SECT:Recommended OpenLDAP Software Dependency Versions}} for
+more information.
+
 
 H3: Threads
 

doc/guide/admin/overlays.sdf

@@ -112,6 +112,9 @@ definitions:
 >                                   mode="self"
 >        chain-tls                  start
 >        chain-return-error         TRUE 
+
+Add this below your {{syncrepl}} statement:
+
 >        updateref                  "ldap://ldapmaster.example.com/"
 
 The {{B:chain-tls}} statement enables TLS from the slave to the ldap master. 

doc/guide/admin/replication.sdf

@@ -623,7 +623,8 @@ H4: Mirror Node Configuration
 This is the same as the {{SECT:Set up the provider slapd}} section, referencing
 {{SECT:delta-syncrepl replication}} if using {{delta-syncrepl}}.
 
-Here's a specific cut down example:
+Here's a specific cut down example using {{SECT:LDAP Sync Replication}} in
+{{refreshAndPersist}} mode ({{delta-syncrepl}} can be used also):
 
 MirrorMode node 1: