Formating

[openldap] / doc / guide / admin / slapdconfig.sdf

diff --git a/doc/guide/admin/slapdconfig.sdf b/doc/guide/admin/slapdconfig.sdf
index 53cd3477e964515c31fc66627e5bb6cac0020d50..1a7595f68c7a4ca0b2f69fac1a1683fc41d6ad9b 100644 (file)
--- a/doc/guide/admin/slapdconfig.sdf
+++ b/doc/guide/admin/slapdconfig.sdf
@@ -307,11 +307,11 @@ given, the standard LDAP port number (389 or 636) is used.
 URI such as {{EX:ldap://slave.example.com:389}} or
 {{EX:ldaps://slave.example.com:636}}.
 
-The {{EX:binddn=}} parameter gives the DN to bind as for updates to
-the slave slapd. It should be a DN which has read/write
-access to the slave slapd's database, typically given as a
-{{EX:rootdn}} in the slave's config file. It must also match the
-{{EX:updatedn}} directive in the slave slapd's config file. Since DNs are
+The {{EX:binddn=}} parameter gives the DN to bind as for updates
+to the slave slapd. It should be a DN which has read/write access
+to the slave slapd's database.  It must also match the {{EX:updatedn}}
+directive in the slave slapd's config file.  Generally, this DN
+{{should not}} be the same as the {{EX:rootdn}}.  Since DNs are
 likely to contain embedded spaces, the entire {{EX:"binddn=<DN>"}}
 string should be enclosed in double quotes.
 
@@ -500,13 +500,12 @@ schema conformance. The default is off.
 
 The {{EX:updatedn}} parameter specifies the DN in the consumer site
 which is allowed to make changes to the replica. This DN is used
-locally by the syncrepl engine when updating the replica with
-the entries received from the provider site by using the
-internal operation mechanism. The update of the replica content
-is subject to the access control privileges of the DN.
-The DN should have read/write access to the replica database.
-It is typically given as a {{EX:rootdn}} in the consumer site's
-config file.
+locally by the syncrepl engine when updating the replica with the
+entries received from the provider site by using the internal
+operation mechanism. The update of the replica content is subject
+to the access control privileges of the DN.  The DN should have
+read/write access to the replica database.  Generally, this DN
+{{should not}} be the same as {{EX:rootdn}}.
 
 The {{EX:binddn}} parameter gives the DN to bind as for the
 syncrepl searches to the provider slapd. It should be a DN
@@ -759,9 +758,9 @@ and attributes to which the access control applies.  Entries are
 commonly selected in two ways: by DN and by filter.  The following
 qualifiers select entries by DN:
 
->      by *
->      by dn[.<basic-style>]=<regex>
->      by dn.<scope-style>=<DN>
+>      to *
+>      to dn[.<basic-style>]=<regex>
+>      to dn.<scope-style>=<DN>
 
 The first form is used to select all entries.  The second form may
 be used to select entries by matching a regular expression against
@@ -796,17 +795,17 @@ For example, if the directory contained entries named:
 
 Entries may also be selected using a filter:
 
->      by filter=<ldap filter>
+>      to filter=<ldap filter>
 
 where <ldap filter> is a string representation of an LDAP
 search filter, as described in {{REF:RFC2254}}.  For example:
 
->      by filter=(objectClass=person)
+>      to filter=(objectClass=person)
 
 Note that entries may be selected by both DN and filter by
 including both qualifiers in the <what> clause.
 
->      by dn.one="ou=people,o=suffix" filter=(objectClass=person)
+>      to dn.one="ou=people,o=suffix" filter=(objectClass=person)
 
 Attributes within an entry are selected by including a comma-separated
 list of attribute names in the <what> selector: