ITS#8544 - Grammar and escaping fixes

doc/man/man1/ldapurl.1

@@ -28,7 +28,7 @@ ldapurl \- LDAP URL formatting tool
 .BI \-S \ scheme\fR]
 .SH DESCRIPTION
 .I ldapurl
-is a command that allows to either compose or decompose LDAP URIs.
+is a command that allows one to either compose or decompose LDAP URIs.
 .LP
 When invoked with the \fB\-H\fP option,
 .B ldapurl

doc/man/man3/lber-encode.3

@@ -64,7 +64,7 @@ applications that need more control than
 .BR ber_printf ()
 provides.  In
 general, these routines return the length of the element encoded, or
--1 if an error occurred.
+\-1 if an error occurred.
 .LP
 The
 .BR ber_alloc_t ()

doc/man/man5/ldap.conf.5

@@ -338,9 +338,9 @@ token name first, followed by a colon:
 .nf
 	TLS_CERT my hardware device:Certificate for Sam Carter
 .fi
-Use certutil -L to list the certificates by name:
+Use certutil \-L to list the certificates by name:
 .nf
-	certutil -d /path/to/certdbdir -L
+	certutil \-d /path/to/certdbdir \-L
 .fi
 .TP
 .B TLS_KEY <filename>
@@ -358,7 +358,7 @@ database.  For example, if TLS_CACERTDIR specifies /home/scarter/.moznss as
 the location of the cert/key database, use modutil to change the password
 to the empty string:
 .nf
-	modutil -dbdir ~/.moznss -changepw 'NSS Certificate DB'
+	modutil \-dbdir ~/.moznss \-changepw 'NSS Certificate DB'
 .fi
 You must have the old password, if any.  Ignore the WARNING about the running
 browser.  Press 'Enter' for the new password.

doc/man/man5/slapd-asyncmeta.5

@@ -109,7 +109,7 @@ directive.
 
 .TP
 .B onerr {CONTINUE|report|stop}
-This directive allows to select the behavior in case an error is returned
+This directive allows one to select the behavior in case an error is returned
 by one target during a search.
 The default, \fBcontinue\fP, consists in continuing the operation,
 trying to return as much data as possible.
@@ -263,7 +263,7 @@ overridden by any per-target directive.
 
 .TP
 .B client\-pr {accept-unsolicited|DISABLE|<size>}
-This feature allows to use RFC 2696 Paged Results control when performing
+This feature allows one to use RFC 2696 Paged Results control when performing
 search operations with a specific target,
 irrespective of the client's request. See
 .B slapd\-meta(5)
@@ -322,7 +322,7 @@ for details on the syntax of this field.
 .B [tls_cipher_suite=<ciphers>]
 .B [tls_protocol_min=<major>[.<minor>]]
 .B [tls_crlcheck=none|peer|all]
-Allows to define the parameters of the authentication method that is
+Allows one to define the parameters of the authentication method that is
 internally used by the proxy to authorize connections that are
 authenticated by other databases. See
 .B slapd\-meta(5)
@@ -403,7 +403,7 @@ section of
 
 .TP
 .B subtree\-{exclude|include} "<rule>"
-This directive allows to indicate what subtrees are actually served
+This directive allows one to indicate what subtrees are actually served
 by a target. See
 .B slapd\-meta(5)
 for details.
@@ -427,7 +427,7 @@ overridden by any per-target directive.
 
 .TP
 .B timeout [<op>=]<val> [...]
-This directive allows to set per-operation timeouts.
+This directive allows one to set per-operation timeouts.
 Operations can be
 
 \fB<op> ::= bind, add, delete, modrdn, modify, compare, search\fP

doc/man/man5/slapd-config.5

@@ -89,7 +89,7 @@ child entries corresponding
 to any overlays configured on the database. The olcDatabase and
 olcOverlay entries may also have miscellaneous child entries for
 other settings as needed. There are two special database entries
-that are predefined - one is an entry for the config database itself,
+that are predefined \- one is an entry for the config database itself,
 and the other is for the "frontend" database. Settings in the
 frontend database are inherited by the other databases, unless
 they are explicitly overridden in a specific database.
@@ -452,7 +452,7 @@ A SIGHUP signal will only cause a 'gentle' shutdown-attempt:
 will stop listening for new connections, but will not close the
 connections to the current clients.  Future write operations return
 unwilling-to-perform, though.  Slapd terminates when all clients
-have closed their connections (if they ever do), or - as before -
+have closed their connections (if they ever do), or \- as before \-
 if it receives a SIGTERM signal.  This can be useful if you wish to
 terminate the server and start a new
 .B slapd
@@ -888,9 +888,9 @@ token name first, followed by a colon:
 .nf
 	olcTLSCertificateFile: my hardware device:Server-Cert
 .fi
-Use certutil -L to list the certificates by name:
+Use certutil \-L to list the certificates by name:
 .nf
-	certutil -d /path/to/certdbdir -L
+	certutil \-d /path/to/certdbdir \-L
 .fi
 .TP
 .B olcTLSCertificateKeyFile: <filename>
@@ -911,7 +911,7 @@ protection for the cert/key database.  For example, if olcTLSCACertificatePath
 specifes /etc/openldap/certdb as the location of the cert/key database, use
 modutil to change the password to the empty string:
 .nf
-	modutil -dbdir /etc/openldap/certdb -changepw 'NSS Certificate DB'
+	modutil \-dbdir /etc/openldap/certdb \-changepw 'NSS Certificate DB'
 .fi
 You must have the old password, if any.  Ignore the WARNING about the running
 browser.  Press 'Enter' for the new password.
@@ -1303,7 +1303,7 @@ is equivalent to
 (see above).
 The 
 .B extended
-keyword allows to indicate the OID of the specific operation
+keyword allows one to indicate the OID of the specific operation
 to be restricted.
 .TP
 .B olcSchemaDN: <dn>
@@ -1618,8 +1618,8 @@ The keyword
 indicates that no limit is applied to the pagedResults control page size.
 The syntax
 .B size.prtotal={<integer>|unlimited|disabled}
-allows to set a limit on the total number of entries that a pagedResults
-control allows to return.
+allows one to set a limit on the total number of entries that the pagedResults
+control will return.
 By default it is set to the 
 .B hard
 limit.

doc/man/man5/slapd-ldap.5

@@ -117,7 +117,7 @@ needs to be created.
 .B [tls_protocol_min=<major>[.<minor>]]
 .B [tls_crlcheck=none|peer|all]
 .RS
-Allows to define the parameters of the authentication method that is 
+Allows one to define the parameters of the authentication method that is
 internally used by the proxy to collect info related to access control,
 and whenever an operation occurs with the identity of the rootdn
 of the LDAP proxy database.
@@ -229,7 +229,7 @@ for details on the syntax of this field.
 .B [tls_protocol_min=<version>]
 .B [tls_crlcheck=none|peer|all]
 .RS
-Allows to define the parameters of the authentication method that is 
+Allows one to define the parameters of the authentication method that is
 internally used by the proxy to authorize connections that are 
 authenticated by other databases.
 Direct binds are always proxied without any idassert handling.
@@ -471,7 +471,7 @@ which corresponds to the empty result set.
 
 .TP
 .B onerr {CONTINUE|stop}
-This directive allows to select the behavior in case an error is returned
+This directive allows one to select the behavior in case an error is returned
 by the remote server during a search.
 The default, \fBcontinue\fP, consists in returning success.
 If the value is set to \fBstop\fP, the error is returned to the client.
@@ -542,7 +542,7 @@ support is detected by reading the remote server's root DSE.
 
 .TP
 .B timeout [<op>=]<val> [...]
-This directive allows to set per-operation timeouts.
+This directive allows one to set per-operation timeouts.
 Operations can be
 
 \fB<op> ::= bind, add, delete, modrdn, modify, compare, search\fP

doc/man/man5/slapd-meta.5

@@ -125,7 +125,7 @@ directive.
 
 .TP
 .B onerr {CONTINUE|report|stop}
-This directive allows to select the behavior in case an error is returned
+This directive allows one to select the behavior in case an error is returned
 by one target during a search.
 The default, \fBcontinue\fP, consists in continuing the operation, 
 trying to return as much data as possible.
@@ -313,7 +313,7 @@ overridden by any per-target directive.
 
 .TP
 .B client\-pr {accept-unsolicited|DISABLE|<size>}
-This feature allows to use RFC 2696 Paged Results control when performing
+This feature allows one to use RFC 2696 Paged Results control when performing
 search operations with a specific target,
 irrespective of the client's request.
 When set to a numeric value, Paged Results control is always
@@ -384,7 +384,7 @@ for details on the syntax of this field.
 .B [tls_protocol_min=<major>[.<minor>]]
 .B [tls_crlcheck=none|peer|all]
 .RS
-Allows to define the parameters of the authentication method that is 
+Allows one to define the parameters of the authentication method that is
 internally used by the proxy to authorize connections that are 
 authenticated by other databases.
 The identity defined by this directive, according to the properties
@@ -612,7 +612,7 @@ The rewrite options are described in the "REWRITING" section.
 
 .TP
 .B subtree\-{exclude|include} "<rule>"
-This directive allows to indicate what subtrees are actually served
+This directive allows one to indicate what subtrees are actually served
 by a target.
 The syntax of the supported rules is
 
@@ -689,7 +689,7 @@ overridden by any per-target directive.
 
 .TP
 .B timeout [<op>=]<val> [...]
-This directive allows to set per-operation timeouts.
+This directive allows one to set per-operation timeouts.
 Operations can be
 
 \fB<op> ::= bind, add, delete, modrdn, modify, compare, search\fP
@@ -891,7 +891,7 @@ An incoming string is matched against a set of rules.
 Rules are made of a regex match pattern, a substitution pattern
 and a set of actions, described by a set of flags.
 In case of match a string rewriting is performed according to the
-substitution pattern that allows to refer to substrings matched in the
+substitution pattern that allows one to refer to substrings matched in the
 incoming string.
 The actions, if any, are finally performed.
 The substitution pattern allows map resolution of substrings.
@@ -1111,7 +1111,7 @@ Examples are reported below.
 .SH "Additional configuration syntax:"
 .TP
 .B rewriteMap "<map type>" "<map name>" "[ <map attrs> ]"
-Allows to define a map that transforms substring rewriting into
+Allows one to define a map that transforms substring rewriting into
 something else.
 The map is referenced inside the substitution pattern of a rule.
 .TP

doc/man/man5/slapd-relay.5

@@ -84,7 +84,7 @@ database does not refer to any specific database, but the most
 appropriate one is looked-up after rewriting the request DN
 for the operation that is being handled.
 .LP
-This allows to write carefully crafted rewrite rules that
+This allows one to write carefully crafted rewrite rules that
 cause some of the requests to be directed to one database, and
 some to another; e.g., authentication can be mapped to one 
 database, and searches to another, or different target databases

doc/man/man5/slapd-sql.5

@@ -310,7 +310,7 @@ by a stored procedure.
 .br
 .B fetch_all_attrs { NO | yes }
 .RS
-The first statement allows to provide a list of attributes that
+The first statement allows one to provide a list of attributes that
 must always be fetched in addition to those requested by any specific
 operation, because they are required for the proper usage of the
 backend.  For instance, all attributes used in ACLs should be listed

doc/man/man5/slapd.conf.5

@@ -557,7 +557,7 @@ forms as well as numeric OIDs to be used for the syntax OID.
 description.) 
 The slapd parser also honors the
 .B X\-SUBST
-extension (an OpenLDAP-specific extension), which allows to use the
+extension (an OpenLDAP-specific extension), which allows one to use the
 .B ldapsyntax
 statement to define a non-implemented syntax along with another syntax,
 the extension value
@@ -566,7 +566,7 @@ as its temporary replacement.
 The
 .I substitute-syntax
 must be defined.
-This allows to define attribute types that make use of non-implemented syntaxes
+This allows one to define attribute types that make use of non-implemented syntaxes
 using the correct syntax OID.
 Unless 
 .B X\-SUBST
@@ -1123,9 +1123,9 @@ token name first, followed by a colon:
 .nf
 	TLSCertificateFile my hardware device:Server-Cert
 .fi
-Use certutil -L to list the certificates by name:
+Use certutil \-L to list the certificates by name:
 .nf
-	certutil -d /path/to/certdbdir -L
+	certutil \-d /path/to/certdbdir \-L
 .fi
 .TP
 .B TLSCertificateKeyFile <filename>
@@ -1143,7 +1143,7 @@ protection for the cert/key database.  For example, if TLSCACertificatePath
 specifes /etc/openldap/certdb as the location of the cert/key database, use
 modutil to change the password to the empty string:
 .nf
-	modutil -dbdir /etc/openldap/certdb -changepw 'NSS Certificate DB'
+	modutil \-dbdir /etc/openldap/certdb \-changepw 'NSS Certificate DB'
 .fi
 You must have the old password, if any.  Ignore the WARNING about the running
 browser.  Press 'Enter' for the new password.
@@ -1555,8 +1555,8 @@ The keyword
 indicates that no limit is applied to the pagedResults control page size.
 The syntax
 .B size.prtotal={<integer>|unlimited|disabled}
-allows to set a limit on the total number of entries that a pagedResults
-control allows to return.
+allows one to set a limit on the total number of entries that the pagedResults
+control will return.
 By default it is set to the 
 .B hard
 limit.
@@ -1648,7 +1648,7 @@ is equivalent to
 (see above).
 The 
 .B extended
-keyword allows to indicate the OID of the specific operation
+keyword allows one to indicate the OID of the specific operation
 to be restricted.
 .TP
 .B rootdn <dn>

doc/man/man5/slapo-constraint.5

@@ -56,7 +56,7 @@ to evaluate.
 The parameter following the
 .B set
 type is a string that is interpreted according to the syntax in use
-for ACL sets.  This allows to construct constraints based on the contents
+for ACL sets.  This allows one to construct constraints based on the contents
 of the entry.
 
 The 
@@ -72,7 +72,7 @@ Extra parameters can occur in any order after those described above.
 .RE
 
 .RS
-This extra parameter allows to restrict the application of the corresponding
+This extra parameter allows one to restrict the application of the corresponding
 constraint only to entries that match the
 .IR base ,
 .I scope

doc/man/man5/slapo-dds.5

@@ -16,7 +16,7 @@ The name
 .B dds
 stands for
 Dynamic Directory Services.
-It allows to define dynamic objects, characterized by the
+It allows one to define dynamic objects, characterized by the
 .B dynamicObject
 objectClass.
 
@@ -24,7 +24,7 @@ Dynamic objects have a limited lifetime, determined by a time-to-live
 (TTL) that can be refreshed by means of a specific
 .B refresh
 extended operation.
-This operation allows to set the Client Refresh Period (CRP),
+This operation allows one to set the Client Refresh Period (CRP),
 namely the period between refreshes that is required to preserve the
 dynamic object from expiration.
 The expiration time is computed by adding the requested TTL to the 
@@ -126,7 +126,7 @@ By default, tolerance is 0.
 .B dds\-max\-dynamicObjects <num>
 Specifies the maximum number of dynamic objects that can simultaneously exist
 within a naming context.
-This allows to limit the amount of resources (mostly in terms of
+This allows one to limit the amount of resources (mostly in terms of
 run-queue size) that are used by dynamic objects.
 By default, no limit is set.
 
@@ -256,7 +256,7 @@ operational attribute; however, it must not be configured in the shadow
 database.
 Currently, there is no means to remove the 
 .B dynamicObject
-class from the entry; this may be seen as a feature, since it allows to see
+class from the entry; this may be seen as a feature, since it allows one to see
 the dynamic properties of the object.
 
 .SH FILES

doc/man/man5/slapo-retcode.5

@@ -58,7 +58,7 @@ If not defined, the suffix of the database is used.
 .hy 0
 .B retcode\-item <RDN> <errCode> [op=<oplist>] [text=<message>]
 .B [ref=<referral>] [sleeptime=<sec>] [matched=<DN>]
-.B [unsolicited=<OID>[:<data>]] [flags=[{pre|post}\-]disconnect[,...]]
+.B [unsolicited=<OID>[:<data>]] [flags=[\{pre|post\}\-]disconnect[,...]]
 .RS
 A dynamically generated entry, located below \fBretcode\-parent\fP.
 The \fBerrCode\fP is the number of the response code;

doc/man/man5/slapo-rwm.5

@@ -115,7 +115,7 @@ and
 .BR slapd\-meta (5),
 or with the relay backend, 
 .BR slapd\-relay (5),
-allows to create virtual views of databases.
+allows one to create virtual views of databases.
 A distinguishing feature of this overlay is that, when instantiated
 before any database, it can modify the DN of requests
 .I before
@@ -176,7 +176,7 @@ a
 and a set of actions, described by a set of 
 .IR "optional flags" .
 In case of match, string rewriting is performed according to the
-substitution pattern that allows to refer to substrings matched in the
+substitution pattern that allows one to refer to substrings matched in the
 incoming string.
 The actions, if any, are finally performed.
 Each rule is executed recursively, unless altered by specific action 
@@ -421,7 +421,7 @@ Examples are reported below.
 .SH "Additional Configuration Syntax"
 .TP
 .B rwm\-rewriteMap "<map type>" "<map name>" "[ <map attrs> ]"
-Allows to define a map that transforms substring rewriting into
+Allows one to define a map that transforms substring rewriting into
 something else.
 The map is referenced inside the substitution pattern of a rule.
 .TP

doc/man/man5/slapo-valsort.5

@@ -81,7 +81,7 @@ The control can be sent from the command-line using the base64
 encoding of the value:
 .LP
 .nf
-	ldapsearch -E 1.3.6.1.4.1.4203.666.5.14=::MAMBAf8=
+	ldapsearch \-E 1.3.6.1.4.1.4203.666.5.14=::MAMBAf8=
 .fi
 
 .SH FILES

doc/man/man8/slapd.8

@@ -305,7 +305,7 @@ that must be an SLP attribute list definition according to the SLP standard.
 For example, \fB"slp=(tree=production),(server-type=OpenLDAP),(server\-version=2.4.15)"\fP
 registers at SLP DAs with the three SLP attributes tree, server-type and server-version
 that have the values given above.
-This allows to specifically query the SLP DAs for LDAP servers holding the
+This allows one to specifically query the SLP DAs for LDAP servers holding the
 .I production
 tree in case multiple trees are available.
 .RE