Update running with additional slapd arguments

Update slapdcofig with additional directives
Add updated graphics and othe misc changes.

doc/guide/admin/config.sdf

@@ -55,9 +55,10 @@ H2: Distributed Local Directory Service
 
 In this configuration, the local service is partitioned into smaller
 services, each which may be replicated, and {{glued}} together with
-{{superior}} and {{subordinate}} referrals.  An example of this
-configuration is shown in Figure 3.4.
+{{superior}} and {{subordinate}} referrals.
+!if 0
+An example of this configuration is shown in Figure 3.4.
 
 !import "config_dist.gif"; align="center"; title="Distributed Local Directory Services"
 FT[align="Center"] Figure 3.4: Distributed Local Directory Services
-
+!endif

doc/guide/admin/install.sdf

@@ -123,7 +123,7 @@ filters (such as those provided by a IP-level firewall) is recommended
 for servers containing non-public information.
 
 
-H2: Configuring OpenLDAP
+H2: Running configure
 
 If you haven't already done so, extra the distribution for the
 compressed archive file and change directory to the top of the

doc/guide/admin/replication.sdf

@@ -102,9 +102,13 @@ printed and slapd exits, regardless of any other options
 you give it. Current debugging levels (a subset of slapd's
 debugging levels) are
 
->	    4 heavy trace debugging
->	   64 configuration file processing
->	65535 enable all debugging
+!block table; colaligns="RL"; align=Center; \
+	title="Table 10.1: Debugging Levels"
+Level	Description
+4	heavy trace debugging
+64	configuration file processing
+65535	enable all debugging
+!endblock
 
 Debugging levels are additive. That is, if you want heavy
 trace debugging and want to watch the config file being
@@ -223,9 +227,13 @@ files located in the database {{EX:directory}} specified in
 suffix depending on the underlying database package used.
 The current possibilities are
 
-* {{EX: dbb}} Berkeley DB B-tree backend
-* {{EX: dbh}} Berkeley DB hash backend
-* {{EX: gdbm}} GNU DBM backend
+!block table; align=Center; \
+	title="Table 10.2: Database File Suffixes"
+Suffix		Database
+{{EX:dbb}}	Berkeley DB B-tree backend
+{{EX:dbh}}	Berkeley DB hash backend
+{{EX:gdbm}}	GNU DBM backend
+!endblock
 
 In general, you should copy all files found in the database
 {{EX: directory}} unless you know it not used by {{slapd}}(8).
@@ -353,7 +361,7 @@ the X.500 DSA:
 
 !import "replication.gif"; align="center"; \
 	title="Replication from slapd to an X.500 DSA"
-FT: Figure 6: Replication from slapd to an X.500 DSA
+FT: Figure 10.1: Replication from slapd to an X.500 DSA
 
 Note that the X.500 DSA must be a read-only copy. Since
 the replication is one-way, updates from {{TERM:DAP}} clients
@@ -371,7 +379,7 @@ DSA may expect these attributes to be named
 
 A solution to this attribute naming problem is to have the
 ldapd read oidtables that map {{EX:modifiersName}} to the
-objectID (OID) for the {{EX:lastModifiedBy}} attribute and
+Object Identifier ({{TERM:OID}}) for the {{EX:lastModifiedBy}} attribute and
 {{EX:modifyTimeStamp}} to the OID for the {{EX:lastModifiedTime}}
 attribute. Since attribute names are carried as OIDs over
 DAP, this should perform the appropriate translation of

doc/guide/admin/runningslapd.sdf

@@ -19,6 +19,45 @@ in manual page.  This section details a few commonly used options.
 This option specifies an alternate configuration file for slapd.
 The default is normally {{F:/usr/local/etc/openldap/slapd.conf}}.
 
+>	-h <URLs>
+
+This option specifies alternative listener configuration.  The
+default is {{EX:ldap:///}} which implies LDAP over TCP, on all
+interfaces, on the default LDAP port 389.  You can specify
+specific host-port pairs or other protocol schemes (such as
+ldaps:// or ldapi://).  For example,
+{{EX:-h "ldaps:// ldap://127.0.0.1:666"}} will create
+two listeners: one for LDAP over SSL, on all interfaces, on
+the default LDAP/SSL port 646 and one for LDAP over TCL, only
+the {{EX:localhost}} ({{loopback}}) interface, on port 666.
+Hosts may be specified using IPv4 dot-decimal form or
+using host names.  Ports values must be numeric.
+
+>	-n <service-name>
+
+This option specifies the service name used for logging and
+other purposes.  The default service name is {{EX:slapd}}.
+
+>	-l <syslog-local-user>
+
+This option specifies the local user for the {{syslog}}(8)
+facility.  Values can be {{EX:LOCAL0}}, {{EX:LOCAL1}}, {{EX:LOCAL2}}, ...,
+and {{EX:LOCAL7}}.  The default is {{EX:LOCAL4}}.  This option
+may not be supported on all systems.
+
+>	-u user -g group
+
+These options specify the user and group, respectively, to run
+as.  {{EX:user}} can be either a user name or uid.  {{EX:group}}
+can be either a group name or gid.
+
+>	-r directory
+
+This option specifies a run-time directory.  slapd will
+{{chroot}}(2) to this directory after opening listeners but
+before any reading any configuration file or initializing
+any backend.
+.
 
 >	-d <level> | ?
 

doc/guide/admin/slapdconfig.sdf

@@ -5,9 +5,10 @@
 H1: The slapd Configuration File
 
 Once the software has been built and installed, you are ready
-to configure it for use at your site. The slapd runtime configuration
-is primarily accomplished through the {{I:slapd.conf}}(5) file,
-normally installed in the {{EX:/usr/local/etc/openldap}} directory.
+to configure {{slapd}}(8) for use at your site. The slapd
+runtime configuration is primarily accomplished through the
+{{I:slapd.conf}}(5) file, normally installed in the
+{{EX:/usr/local/etc/openldap}} directory.
 
 An alternate configuration file can be specified via a
 command-line option to {{slapd}}(8) or {{slurpd}}(8). This chapter
@@ -103,7 +104,6 @@ This directive defines an attribute type.
 Please see the {{SECT:Schema Specification}} chapter
 for information regarding how to use this directive.
 
-
 H4: defaultaccess { none | compare | search | read | write }
 
 This directive specifies the default access to grant requesters
@@ -121,6 +121,13 @@ directive.
 E: defaultaccess read
 
 
+H4: idletimeout <integer>
+
+Specify the number of seconds to wait before forcibly closing
+an idle client connections.  A idletimeout of 0, the default,
+disables this feature.
+
+
 H4: include <filename>
 
 This directive specifies that slapd should read additional
@@ -133,7 +140,6 @@ Note: You should be careful when using this directive - there is
 no small limit on the number of nested include directives, and no
 loop detection is done.
 
-
 H4: loglevel <integer>
 
 This directive specifies the level at which debugging statements
@@ -373,6 +379,17 @@ SASL-based Example:
 See the {{SECT:Replication}} chapter for more information on how to
 use this directive.
 
+H4: updateref <URL>
+
+This directive is only applicable in a slave slapd. It
+specifies the URL to return to clients which submit update
+requests upon the replica.
+If specified multiple times, each {{TERM:URL}} is provided.
+
+\Example:
+
+>	update	ldap://master.example.net
+
 
 H3: LDBM Backend-Specific Directives
 
@@ -404,6 +421,20 @@ modifies or when building indexes.
 >	dbcachesize 100000
 
 
+H4: dbnolocking
+
+This option, if present, disables database locking.
+Enabling this option may improve performance at the expense
+of data security.
+
+
+H4: dbnosync
+
+This option causes on-disk database contents not be immediately
+synchronized with in memory changes upon change.  Enabling this option
+may improve performance at the expense of data security.
+
+
 H4: directory <directory>
 
 This directive specifies the directory where the LDBM files
@@ -444,88 +475,19 @@ created database index files should have.
 
 
 
-H3: Shell Backend-Specific Directives
+H3: Other Backend and Databases
 
->	bind <pathname>
->	unbind <pathname>
->	search <pathname>
->	compare <pathname>
->	modify <pathname>
->	modrdn <pathname>
->	add <pathname>
->	delete <pathname>
->	abandon <pathname>
+{{slapd}}(8) supports a number of other backend database types.
 
-These directives specify the pathname of the command to
-execute in response to the given LDAP operation. The
-command given should understand and follow the input/output
-conventions described in Appendix B.
+!block table; align=Center; \
+	title="Table 5.2: Backend Database Types"
+Types	Description
+passwd	Provides read-only access to {{F:/etc/passwd}}
+shell	Shell (extern program) backend
+sql	SQL Programmable backend
+!endblock
 
-\Example:
-
->	search /usr/local/bin/search.sh
-
-Note that you need only supply those commands you want the
-backend to handle. Operations for which a command is not
-supplied will be refused with an "unwilling to perform" error.
-
-
-
-H3: Password Backend-Specific Directives
-
-Directives in this category only apply to the PASSWD backend
-database. That is, they must follow a "database passwd" line
-and come before any other "database" line.
-
-H4: file <filename>
-
-This directive specifies an alternate passwd file to use.
-
-\Default:
-
->	file /etc/passwd
-
-
-
-H3: TCL Backend-Specific Directives
-
-H4: scriptpath <pathname>
-
-This is the full path to a file containing the TCL command(s) to handle
-the LDAP operations.
-
-H4: Proc specifiers
-
->	bind <proc>
->	unbind <proc>
->	search <proc>
->	compare <proc>
->	modify <proc>
->	modrdn <proc>
->	add <proc>
->	delete <proc>
->	abandon <proc>
-
-These directives specify the name of the proc (function) in the
-TCL script specified in {{EX:scriptpath}} to execute in response to
-the given LDAP operation.
-
-\Example:
-
->	search proc_search
-
-Note that you need only supply those commands you want the
-TCL backend to handle. Operations for which a command is not
-supplied will be refused with an "unwilling to perform" error.
-
-H4: tclrealm <name>
-
-This is one of the biggest pluses of using the TCL backend.
-The realm let's you group several databases to the same interpretor.
-This basically means they share the same global variables and proc
-space. So global variables, as well as all the procs are callable
-between databases. If no {{EX:tclrealm}} is specified, it is put into the
-"default" realm.
+See {{slapd.conf}}(5) for details.
 
 
 
@@ -615,7 +577,7 @@ access. Note that access is granted to "entities" not "entries."
 The follow table summaries entity specifiers:
 
 !block table; align=Center; \
-	title="Table 5.2: Access Entity Specifiers"
+	title="Table 5.3: Access Entity Specifiers"
 Specifier	Entities
 *		All, including anonymous and authenticated users
 anonymous	Anonymous (non-authenticated) users
@@ -658,7 +620,7 @@ The kind of <access> granted can be one of the following:
 
 
 !block table; colaligns="LRL"; align=Center; \
-	title="Table 5.3: Access Levels"
+	title="Table 5.4: Access Levels"
 Level	Privledges	Description
 none			no access
 auth	=x		needed to bind