From 49e4159420274b37e31bb7d2754348f89411e22b Mon Sep 17 00:00:00 2001
From: Kurt Zeilenga <kurt@openldap.org>
Date: Wed, 20 Jan 1999 00:07:29 +0000
Subject: [PATCH] Import manuals from -devel.  Edit away the -P option.

---
 doc/man/man1/ldapdelete.1 |  54 +++++++++-----
 doc/man/man1/ldapmodify.1 |  96 ++++++++++++++++---------
 doc/man/man1/ldapmodrdn.1 |  44 ++++++++----
 doc/man/man1/ldappasswd.1 | 147 ++++++++++++++++++++++++++++++++++++++
 doc/man/man1/ldapsearch.1 | 123 +++++++++++++++++++------------
 doc/man/man1/ud.1         |  18 ++---
 6 files changed, 365 insertions(+), 117 deletions(-)
 create mode 100644 doc/man/man1/ldappasswd.1

diff --git a/doc/man/man1/ldapdelete.1 b/doc/man/man1/ldapdelete.1
index efc15b3ca7..4b5d216014 100644
--- a/doc/man/man1/ldapdelete.1
+++ b/doc/man/man1/ldapdelete.1
@@ -3,18 +3,32 @@
 ldapdelete \- ldap delete entry tool
 .SH SYNOPSIS
 .B ldapdelete
-.B [\-n]
-.B [\-v]
-.B [\-k]
-.B [\-K]
-.B [\-c]
-.B [\-d debuglevel]
-.B [\-f file]
-.B [\-D binddn]
-.B [\-w passwd]
-.B [\-h ldaphost]
-.B [\-p ldapport]
-.B [dn]...
+[\c
+.BR \-n ]
+[\c
+.BR \-v ]
+[\c
+.BR \-k ]
+[\c
+.BR \-K ]
+[\c
+.BR \-c ]
+[\c
+.BI \-d \ debuglevel\fR]
+[\c
+.BI \-f \ file\fR]
+[\c
+.BI \-D \ binddn\fR]
+[\c
+.BR \-W ]
+[\c
+.BI \-w \ passwd\fR]
+[\c
+.BI \-h \ ldaphost\fR]
+[\c
+.BI \-p \ ldapport\fR]
+[\c
+.IR dn ]...
 .SH DESCRIPTION
 .I ldapdelete
 is a shell-accessible interface to the
@@ -55,28 +69,32 @@ Continuous operation mode.  Errors  are  reported,  but
 will  continue  with  deletions.   The default is to exit after
 reporting an error.
 .TP
-.B \-d debuglevel
+.BI \-d \ debuglevel
 Set the LDAP debugging level to \fIdebuglevel\fP.
 .B ldapdelete
 must be compiled with LDAP_DEBUG defined for this option to have any effect.
 .TP
-.B \-f file
+.BI \-f \ file
 Read a series of lines from \fIfile\fP, performing one LDAP search for
 each line.  In this case, the \fIfilter\fP given on the command line
 is treated as a pattern where the first occurrence of \fB%s\fP is
 replaced with a line from \fIfile\fP.
 .TP
-.B \-D binddn
+.BI \-D \ binddn
 Use \fIbinddn\fP to bind to the LDAP directory. \fIbinddn\fP should be
 a string-represented DN as defined in RFC 1779.
 .TP
-.B \-w passwd
+.B \-W
+Prompt for simple authentication.
+This is used instead of specifying the password on the command line.
+.TP
+.BI \-w \ passwd
 Use \fIpasswd\fP as the password for simple authentication.
 .TP
-.B \-h ldaphost
+.BI \-h \ ldaphost
 Specify an alternate host on which the ldap server is running.
 .TP
-.B \-p ldapport
+.BI \-p \ ldapport
 Specify an alternate TCP port where the ldap server is listening.
 .SH EXAMPLE
 The following command:
diff --git a/doc/man/man1/ldapmodify.1 b/doc/man/man1/ldapmodify.1
index b304b01e5a..c39ebc9c91 100644
--- a/doc/man/man1/ldapmodify.1
+++ b/doc/man/man1/ldapmodify.1
@@ -3,34 +3,62 @@
 ldapmodify, ldapadd \- ldap modify entry and ldap add entry tools
 .SH SYNOPSIS
 .B ldapmodify
-.B [\-a]
-.B [\-b]
-.B [\-c]
-.B [\-r]
-.B [\-n]
-.B [\-v]
-.B [\-k]
-.B [\-d debuglevel]
-.B [\-D binddn]
-.B [\-w passwd]
-.B [\-h ldaphost]
-.B [\-p ldapport]
-.B [\-f file]
+[\c
+.BR \-a ]
+[\c
+.BR \-b ]
+[\c
+.BR \-c ]
+[\c
+.BR \-r ]
+[\c
+.BR \-n ]
+[\c
+.BR \-v ]
+[\c
+.BR \-k ]
+[\c
+.BI \-d \ debuglevel\fR]
+[\c
+.BI \-D \ binddn\fR]
+[\c
+.BR \-W ]
+[\c
+.BI \-w \ passwd\fR]
+[\c
+.BI \-h \ ldaphost\fR]
+[\c
+.BI \-p \ ldapport\fR]
+[\c
+.BI \-f \ file\fR]
 .LP
 .B ldapadd
-.B [\-b]
-.B [\-c]
-.B [\-r]
-.B [\-n]
-.B [\-v]
-.B [\-k]
-.B [\-K]
-.B [\-d debuglevel]
-.B [\-D binddn]
-.B [\-w passwd]
-.B [\-h ldaphost]
-.B [\-p ldapport]
-.B [\-f file]
+[\c
+.BR \-b ]
+[\c
+.BR \-c ]
+[\c
+.BR \-r ]
+[\c
+.BR \-n ]
+[\c
+.BR \-v ]
+[\c
+.BR \-k ]
+[\c
+.BR \-K ]
+[\c
+.BI \-d \ debuglevel\fR]
+[\c
+.BI \-D \ binddn\fR]
+[\c
+.BI \-w \ passwd\fR]
+[\c
+.BI \-h \ ldaphost\fR]
+[\c
+.BI \-p \ ldapport\fR]
+[\c
+.BI \-f \ file\fR]
 .SH DESCRIPTION
 .B ldapmodify
 is a shell-accessible interface to the
@@ -94,26 +122,30 @@ lines that begin with
 (by default, replica: lines are compared against the LDAP server host
 and port in use to decide if a replog record should actually be applied).
 .TP
-.B \-d debuglevel
+.BI \-d \ debuglevel
 Set the LDAP debugging level to \fIdebuglevel\fP.
 .B ldapmodify
 must be compiled with LDAP_DEBUG defined for this option to have any effect.
 .TP
-.B \-f file
+.BI \-f \ file
 Read the entry modification information from \fIfile\fP instead of from
 standard input.
 .TP
-.B \-D binddn
+.BI \-D \ binddn
 Use \fIbinddn\fP to bind to the LDAP directory. \fIbinddn\fP should be
 a string-represented DN as defined in RFC 1779.
 .TP
-.B \-w passwd
+.B \-W
+Prompt for simple authentication.
+This is used instead of specifying the password on the command line.
+.TP
+.BI \-w \ passwd
 Use \fIpasswd\fP as the password for simple authentication.
 .TP
-.B \-h ldaphost
+.BI \-h \ ldaphost
 Specify an alternate host on which the ldap server is running.
 .TP
-.B \-p ldapport
+.BI \-p \ ldapport
 Specify an alternate TCP port where the ldap server is listening.
 .SH INPUT FORMAT
 The contents of \fIfile\fP (or standard input if no \-f flag is given on
diff --git a/doc/man/man1/ldapmodrdn.1 b/doc/man/man1/ldapmodrdn.1
index f2a17099e0..122dc400bd 100644
--- a/doc/man/man1/ldapmodrdn.1
+++ b/doc/man/man1/ldapmodrdn.1
@@ -3,18 +3,34 @@
 ldapmodrdn \- ldap modify entry RDN tool
 .SH SYNOPSIS
 .B ldapmodrdn
-.B [\-r]
-.B [\-n]
-.B [\-v]
-.B [\-k]
-.B [\-K]
-.B [\-c]
-.B [\-d debuglevel]
-.B [\-D binddn]
-.B [\-w passwd]
-.B [\-h ldaphost]
-.B [\-p ldapport]
-.B [\-f file] [dn rdn]
+[\c
+.BR \-r ]
+[\c
+.BR \-n ]
+[\c
+.BR \-v ]
+[\c
+.BR \-k ]
+[\c
+.BR \-K ]
+[\c
+.BR \-c ]
+[\c
+.BI \-d \ debuglevel\fR]
+[\c
+.BI \-D \ binddn\fR]
+[\c
+.BR \-W ]
+[\c
+.BI \-w \ passwd\fR]
+[\c
+.BI \-h \ ldaphost\fR]
+[\c
+.BI \-p \ ldapport\fR]
+[\c
+.BI \-f \ file\fR]
+[\c
+.I dn  rdn\fR]
 .SH DESCRIPTION
 .B ldapmodrdn
 is a shell-accessible interface to the
@@ -70,6 +86,10 @@ standard input or the command-line.
 Use \fIbinddn\fP to bind to the LDAP directory. \fIbinddn\fP should be
 a string-represented DN as defined in RFC 1779.
 .TP
+.B \-W
+Prompt for simple authentication.
+This is used instead of specifying the password on the command line.
+.TP
 .B \-w passwd
 Use \fIpasswd\fP as the password for simple authentication.
 .TP
diff --git a/doc/man/man1/ldappasswd.1 b/doc/man/man1/ldappasswd.1
new file mode 100644
index 0000000000..b56399fa1e
--- /dev/null
+++ b/doc/man/man1/ldappasswd.1
@@ -0,0 +1,147 @@
+.TH LDAPPASSWD 1 "5 December 1998" "LDAPPasswd"
+.SH NAME
+ldappasswd \- change the password of an LDAP entry
+.SH SYNOPSIS
+.B ldappasswd
+[\c
+.BI \-a \ passwdattribute\fR]
+[\c
+.BI \-b \ searchbase\fR]
+[\c
+.BI \-D \ binddn\fR]
+[\c
+.BI \-d \ debuglevel\fR]
+[\c
+.BR \-E ]
+[\c
+.BI \-e \ passwd\fR] 
+[\c
+.BI \-g \ pwlen\fR]
+[\c
+.BI \-H \ none\fR\||\|\fIcrypt\fR\||\|\fImd5\fR\||\|\fIsmd5\fR\||\|\fIsha\fR\||\|\fIssha]
+[\c
+.BI \-h \ ldaphost\fR]
+[\c
+.BR \-K ]
+[\c
+.BR \-k ]
+[\c
+.BI \-l \ searchtime\fR]
+[\c
+.BR \-n ]
+[\c
+.BI \-p \ ldapport\fR]
+[\c
+.BI \-s \ base\fR\||\|\fIone\fR\||\|\fIsub\fR]
+[\c
+.BI \-t \ targetdn\fR]
+[\c
+.BR \-v ]
+[\c
+.BR \-W ]
+[\c
+.BI \-w \ passwd\fR]
+[\c
+.BI \-z \ searchsize\fR]
+[\fIfilter\fR]
+.SH DESCRIPTION
+.B ldappasswd
+is a tool to modify the password of one or more LDAP entries.
+Multiple entries can be specified using a search filter.
+It is neither designed nor intended to be a replacement for
+.BR passwd (1)
+and should not be installed as such.
+.LP
+.B ldappasswd
+works by specifying a single target dn or by using a search filter.
+Matching entries will be modified with the new password.
+If the new password is not specified on the command line, the user
+will be prompted to enter it.
+The new password will be hashed using
+.I crypt
+or any other supported hashing algorithm.
+For hashing algorithms other than
+.I crypt
+or
+.IR none ,
+the stored password will be base64 encoded.
+Salts are only generated for crypt and are based on the least
+significant bits of the current time and other psuedo randomness.
+.SH OPTIONS
+.TP
+.BI \-a \ passwdattribute
+Specify the LDAP attribute to change. The default is "userPassword".
+.TP
+.BI \-b \ searchbase
+Use \fIsearchbase\fP as the starting point for the search instead of
+the default.
+.TP
+.B \-c \fInone\fR\||\|\fIcrypt\fR\||\|\fImd5\fR\||\|\fIsmd5\fR\||\|\fIsha\fR\||\|\fIssha
+Specify the hashing algorithm used to store the password. The default is
+.IR crypt .
+.TP
+.BI \-D \ binddn
+Use \fIbinddn\fP to bind to the X.500 directory. \fIbinddn\fP should be
+a string-represented DN as defined in RFC 1779.
+.TP
+.BI \-d \ debuglevel
+Set the LDAP debugging level to \fIdebuglevel\fP.
+.B ldappasswd
+must be compiled with LDAP_DEBUG defined for this option to have any effect.
+.TP
+.BI \-g \ pwlen
+Auto-generate passwords of length \fIpwlen\fR.
+Passwords will be displayed when using verbose,
+.BR -vvv .
+.TP
+.BI \-h \ ldaphost
+Specify an alternate host on which the ldap server is running.
+.TP
+.B \-K
+Same as -k, but only does step 1 of the kerberos bind.
+This is useful when connecting to a slapd and there is no x500dsa.hostname principal registered with your kerberos servers.
+.TP
+.B \-k
+Use Kerberos authentication instead of simple authentication.
+It is assumed that you already have a valid ticket granting ticket.
+.B ldappasswd
+must be compiled with KERBEROS defined for this option to have any effect.
+.TP
+.BI \-l \ searchtime
+Specify a maximum query time in seconds.
+.TP
+.B \-n
+Make no modifications. (Can be useful when used in conjunction with
+.BR \-v \ or
+.BR \-d )
+.TP
+.BI \-p \ ldapport
+Specify an alternate port on which the ldap server is running.
+.TP
+.BI \-s \ base\fR\||\|\fIone\fR\||\|\fIsub\fR
+Specify the scope of the search. The default is
+.IR base .
+.TP
+.B \-t \fR[\fItargetdn\fR]
+Specify the target dn to modify.
+If an argument is not given, the target dn will be the binddn.
+.TP
+.B \-v
+The more v's the more verbose.
+.TP
+.BI \-W
+Prompt for simple authentication.
+This is used instead of specifying the password on the command line.
+.TP
+.BI \-w \ passwd
+Use \fIpasswd\fP as the password for simple authentication.
+.TP
+.BI \-z \ searchsize
+Specify a maximum query size.
+.SH AUTHOR
+David E. Storey <dave@tamos.net>
+.SH "SEE ALSO"
+.BR ldapadd (1),
+.BR ldapdelete (1),
+.BR ldapmodrdn (1),
+.BR ldapsearch (1)
diff --git a/doc/man/man1/ldapsearch.1 b/doc/man/man1/ldapsearch.1
index 1453f073d5..60f4032b6b 100644
--- a/doc/man/man1/ldapsearch.1
+++ b/doc/man/man1/ldapsearch.1
@@ -3,30 +3,55 @@
 ldapsearch \- ldap search tool
 .SH SYNOPSIS
 .B ldapsearch
-.B [\-n]
-.B [\-u]
-.B [\-v]
-.B [\-k]
-.B [\-K]
-.B [\-t]
-.B [\-A]
-.B [\-B]
-.B [\-L]
-.B [\-R]
-.B [\-d debuglevel]
-.B [\-F sep]
-.B [\-f file]
-.B [\-D binddn]
-.B [\-w bindpasswd]
-.B [\-h ldaphost]
-.B [\-p ldapport]
-.B [\-b searchbase]
-.B [\-s scope ]
-.B [\-a deref]
-.B [\-l time limit]
-.B [\-z size limit]
-.B filter
-.B [attrs....]
+[\c
+.BR \-n ]
+[\c
+.BR \-u ]
+[\c
+.BR \-v ]
+[\c
+.BR \-k ]
+[\c
+.BR \-K ]
+[\c
+.BR \-t ]
+[\c
+.BR \-A ]
+[\c
+.BR \-B ]
+[\c
+.BR \-L ]
+[\c
+.BR \-R ]
+[\c
+.BI \-d \ debuglevel\fR]
+[\c
+.BI \-F \ sep\fR]
+[\c
+.BI \-f \ file\fR]
+[\c
+.BI \-D \ binddn\fR]
+[\c
+.BR \-W ]
+[\c
+.BI \-w \ bindpasswd\fR]
+[\c
+.BI \-h \ ldaphost\fR]
+[\c
+.BI \-p \ ldapport\fR]
+[\c
+.BI \-b \ searchbase\fR]
+[\c
+.BI \-s \ base\fR\||\|\fIone\fR\||\|\fIsub\fR]
+[\c
+.BI \-a \ never\fR\||\|\fIalways\fR\||\|\fIsearch\fR\||\|\fIfind\fR]
+[\c
+.BI \-l \ timelimit\fR]
+[\c
+.BI \-z \ sizelimit\fR]
+.I filter
+[\c
+.IR attrs... ]
 .SH DESCRIPTION
 .I ldapsearch
 is a shell-accessible interface to the
@@ -93,12 +118,12 @@ Do not automatically follow referrals returned while searching.
 must be compiled with LDAP_REFERRALS defined for referrals to be
 automatically followed by default, and for this option to have any effect.
 .TP
-.B \-F sep
+.BI \-F \ sep
 Use \fIsep\fP as the field separator between attribute names and values.
 The default separator is `=', unless the -L flag has been specified, in
 which case this option is ignored.
 .TP
-.B \-S attribute
+.BI \-S \ attribute
 Sort the entries returned based on \fIattribute\fP. The default is not
 to sort entries returned.  If \fIattribute\fP is a zero-length string (""),
 the entries are sorted by the components of their Distingished Name.  See
@@ -110,60 +135,64 @@ normally prints out entries as it receives them. The use of the
 option defeats this behavior, causing all entries to be retrieved,
 then sorted, then printed.
 .TP
-.B \-d debuglevel
+.BI \-d \ debuglevel
 Set the LDAP debugging level to \fIdebuglevel\fP.
 .B ldapsearch
 must be compiled with LDAP_DEBUG defined for this option to have any effect.
 .TP
-.B \-f file
+.BI \-f \ file
 Read a series of lines from \fIfile\fP, performing one LDAP search for
 each line.  In this case, the \fIfilter\fP given on the command line
 is treated as a pattern where the first occurrence of \fB%s\fP is
 replaced with a line from \fIfile\fP.  If \fIfile\fP is a single \fI-\fP
 character, then the lines are read from standard input.
 .TP
-.B \-D binddn
+.BI \-D \ binddn
 Use \fIbinddn\fP to bind to the LDAP directory. \fIbinddn\fP should be
 a string-represented DN as defined in RFC 1779.
 .TP
-.B \-w bindpasswd
+.B \-W
+Prompt for simple authentication.
+This is used instead of specifying the password on the command line.
+.TP
+.BI \-w \ bindpasswd
 Use \fIbindpasswd\fP as the password for simple authentication.
 .TP
-.B \-h ldaphost
+.BI \-h \ ldaphost
 Specify an alternate host on which the ldap server is running.
 .TP
-.B \-p ldapport
+.BI \-p \ ldapport
 Specify an alternate TCP port where the ldap server is listening.
 .TP
-.B \-b searchbase
+.BI \-b \ searchbase
 Use \fIsearchbase\fP as the starting point for the search instead of
 the default.
 .TP
-.B \-s scope
-Specify the scope of the search.  \fIscope\fP should be one of
-.B base,
-.B one,
+.BI \-s \ base\fR\||\|\fIone\fR\||\|\fIsub
+Specify the scope of the search to be one of
+.IR base ,
+.IR one ,
 or
-.B sub
+.I sub
 to specify a base object, one-level, or subtree search.  The default
 is
-.BR sub .
+.IR sub .
 .TP
-.B \-a deref
-Specify how aliases dereferencing is done.  \fIderef\fP should be one of
-.B never,
-.B always,
-.B search,
+.BI \-a \ never\fR\||\|\fIalways\fR\||\|\fIsearch\fR\||\|\fIfind
+Specify how aliases dereferencing is done.  Should be one of
+.IR never ,
+.IR always ,
+.IR search ,
 or
-.B find
+.I find
 to specify that aliases are never dereferenced, always dereferenced,
 dereferenced when searching, or dereferenced only when locating the
 base object for the search.  The default is to never dereference aliases.
 .TP
-.B \-l timelimit
+.BI \-l \ timelimit
 wait at most \fItimelimit\fP seconds for a search to complete.
 .TP
-.B \-z sizelimit
+.BI \-z \ sizelimit
 retrieve at most \fIsizelimit\fP entries for a search.
 .SH OUTPUT FORMAT
 If one or more entries are found, each entry is written to standard output
diff --git a/doc/man/man1/ud.1 b/doc/man/man1/ud.1
index aeb572c612..7bd2d82a67 100644
--- a/doc/man/man1/ud.1
+++ b/doc/man/man1/ud.1
@@ -4,13 +4,15 @@
 ud \- interactive LDAP Directory Server query program
 .SH SYNOPSIS
 .B ud
-[-Dv] [-s 
+[\c
+.BR -Dv ]
+.RB [ -s 
 .IR server ]
-[-d
+.RB [ -d
 .IR debug-mask ]
-[-l
+.RB [ -l
 .IR ldap-debug-mask ]
-[-f
+.RB [ -f
 .IR file ]
 .SH DESCRIPTION
 .IR ud
@@ -18,7 +20,7 @@ is used to interogate a directory server via the Lightweight Directory
 Access Protocol (LDAP).
 .SH OPTIONS
 .TP 1i
-.B \-s
+.BI \-s \ server
 Used to specify the name of an LDAP server to which
 .B ud
 should connect.  If this
@@ -34,7 +36,7 @@ the name
 can be resolved (presumably through the use of a CNAME or A record in the DNS
 and the appropriate search path specified in the resolver config file).
 .TP 1i
-.B \-d
+.BI \-d \ debug-mask
 Sets the
 .B ud
 debug mask to the value specified.  
@@ -42,10 +44,10 @@ Values for the mask can be dumped by using the
 .IR \-D
 flag.
 .TP 1i
-.B \-f
+.BI \-f \ file
 Sets the configuration file to the name specified.
 .TP 1i
-.B \-l
+.BI \-l \ ldap-debug-mask
 Sets the LDAP debug mask to the value specified.  
 .TP 1i
 .B \-v
-- 
2.47.2