-However, as this mechanism offers no evesdropping protection (e.g.,
-the password is set in the clear), it is recommended that it be
-used only in tightly controlled systems or when the LDAP session
-is protected by other means (e.g., TLS, {{TERM:IPSEC}}). Where the
-administrator relies on TLS to protect the password, it is recommended
-that unprotected authentication be disabled. This is done by setting
-"{{EX:disallow bind_simple_unprotected}}" in {{slapd.conf}}(5).
-The {{EX:security}} directive's {{EX:simple_bind}} option provides
-fine grain control over the level of confidential protection to
-require for {{simple}} user/password authentication.
+However, as this mechanism itself offers no evesdropping protection
+(e.g., the password is set in the clear), it is recommended that
+it be used only in tightly controlled systems or when the LDAP
+session is protected by other means (e.g., TLS, {{TERM:IPSEC}}).
+Where the administrator relies on TLS to protect the password, it
+is recommended that unprotected authentication be disabled. This
+is done by setting "{{EX:disallow bind_simple_unprotected}}" in
+{{slapd.conf}}(5). The {{EX:security}} directive's {{EX:simple_bind}}
+option provides fine grain control over the level of confidential
+protection to require for {{simple}} user/password authentication.