Make a few OPERATIONAL REQUIREMENT clarifications

Clean up formating

doc/man/man5/slapd.access.5

@@ -474,87 +474,98 @@ which grants everybody search and compare privileges, and adds read
 privileges to authenticated clients.
 .SH OPERATION REQUIREMENTS
 Operations require different privileges on different portions of entries.
-.TP
+The following summary applies to primary database backends such as
+the LDBM, BDB, and HDB backends.   Requirements for other backends may
+(and often do) differ.
+.LP
 The
 .B add
-operation requires 
-.B write
-privileges on the meta-attribute 
+operation requires
+.B write (=w)
+privileges on the pseudo-attribute 
 .B entry
 of the entry being added, and 
-.B write 
-privileges on the meta-attribute
+.B write (=w)
+privileges on the pseudo-attribute
 .B children
 of the entry's parent.
-.TP
+.LP
 The 
 .B bind
 operation, when credentials are stored in the directory, requires 
-.B auth
+.B auth (=x)
 privileges on the attribute the credentials are stored in (usually
 .BR userPassword ).
-.TP
+.LP
 The
 .B compare
 operation requires 
-.B compare
+.B compare (=c)
 privileges on the attribute that is being compared.
-.B FIXME: should it require also compare privileges on the entry's meta-attribute?
-.TP
+.LP
 The
 .B delete
 operation requires
-.B write
-privileges on the meta-attribute
+.B write (=w)
+privileges on the pseudo-attribute
 .B entry 
 of the entry being deleted, and
-.B write
+.B write (=w)
 privileges on the
 .B children
-meta-attribute of the entry's parent.
-.TP
+pseudo-attribute of the entry's parent.
+.LP
 The
 .B modify
 operation requires 
-.B write
+.B write (=w)
 privileges on the attibutes being modified.
-.TP
+.LP
 The
 .B modrdn
 operation requires
-.B write
-privileges on the meta-attribute
+.B write (=w)
+privileges on the pseudo-attribute
 .B entry
 of the entry whose relative DN is being modified,
-.B write
-privileges on the meta-attribute
+.B write (=w)
+privileges on the pseudo-attribute
 .B children
 of the old and new entry's parents, and
-.B write
+.B write (=w)
 privileges on the attributes that are present in the new relative DN.
-.B Write
+.B Write (=w)
 privileges are also required on the attributes that are present 
 in the old relative DN if 
 .B deleteoldrdn
 is set to 1.
-.TP
+.LP
 The
 .B search
 operation, for each entry, requires
-.B search
+.B search (=s)
 privileges on the attributes that are defined in the filter.
 Then, the resulting entries are tested for 
-.B read
-privileges on the meta-attribute
+.B read (=r)
+privileges on the pseudo-attribute
 .B entry
+(for read access to the entry itself)
 and for
-.B read
+.B read (=r)
 access on each value of each attribute that is requested.
-.B Referrals
-are also checked for 
-.B read
-access on the meta-attribute
-.BR entry .
+Also, for each
+.B referral
+object used in generating continuation references, the operation requires
+.B read (=r)
+access on the pseudo-attribute
+.B entry
+(for read access to the referral object itself),
+as well as
+.B read (=r)
+access to the attribute holding the referral information
+(generally the
+.B ref
+attribute).
 .SH CAVEATS
 It is strongly recommended to explicitly use the most appropriate
 DN