ITS#9639 - Document chroot requirements for slapd.

Thanks to dpa-openldap@aegee.org

doc/man/man8/slapd.8

@@ -251,7 +251,13 @@ used as a security mechanism, it should be used in conjunction with
 .B \-u
 and
 .B \-g
-options.
+options.  The chroot environment must contain the Cyrus SASL plugins, the
+TLS certificates, and dev/urandom.  For Kerberos V: the keytab and the
+/var/tmp directory, unless the value of the variable KRB5RCACHEDIR is
+changed. For the systemd service with type=notify the file
+/run/systemd/notify within the chroot must be bind-mounted to
+/run/systemd/notify outside the chroot. The file can be mounted on
+ExecStartPre= and unmounted in ExecStartPost=.
 .TP
 .BI \-u \ user
 .B slapd