Misc formatting changes

doc/guide/admin/intro.sdf

@@ -43,8 +43,8 @@ contain is spread across many machines, all of which cooperate to
 provide the directory service. Typically a global service defines
 a uniform {{namespace}} which gives the same view of the data no
 matter where you are in relation to the data itself.  The Internet
-{{TERM[expand]DNS}} is an example of a globally distributed directory
-service.
+{{TERM[expand]DNS}} (DNS) is an example of a globally distributed
+directory service.
 
 
 H2: What is LDAP?
@@ -86,7 +86,7 @@ FT[align="Center"] Figure 1.1: LDAP directory tree (traditional naming)
 
 The tree may also be arranged based upon Internet domain names.
 This naming approach is becoming increasing popular as it allows
-for directory services to be locating using the {{TERM[expand]DNS}}.
+for directory services to be locating using the {{DNS}}.
 Figure 1.2 shows an example LDAP directory tree using domain-based
 naming.
 

doc/guide/admin/sasl.sdf

@@ -494,11 +494,11 @@ telling what authorizations to deny.
 
 The value(s) in the two attributes are of the same form as the
 output of the replacement pattern of a {{EX:saslRegexp}} directive:
-either a DN or an LDAP URL. For example, if a saslAuthzTo value is
-a DN, that DN is one the authenticated user can authorize to. On
-the other hand, if the {{EX:saslAuthzTo}} value is an LDAP URL,
-the URL is used as an internal search of the LDAP database, and
-the authenticated user can become ANY DN returned by the search.
+either a DN or an LDAP URL. For example, if a {{EX:saslAuthzTo}}
+value is a DN, that DN is one the authenticated user can authorize
+to. On the other hand, if the {{EX:saslAuthzTo}} value is an LDAP
+URL, the URL is used as an internal search of the LDAP database,
+and the authenticated user can become ANY DN returned by the search.
 If an LDAP entry looked like:
 
 >	dn: cn=WebUpdate,dc=example,dc=com
@@ -537,8 +537,8 @@ identity of the form "u:<username>" as an authorization rule.
 
 H4: Policy Configuration
 
-The decision of which type of rules to use, saslAuthzFrom or
-saslAuthzTo, will depend on the site's situation. For example, if
+The decision of which type of rules to use, {{EX:saslAuthzFrom}} or
+{{EX:saslAuthzTo}}, will depend on the site's situation. For example, if
 the set of people who may become a given identity can easily be
 written as a search filter, then a single destination rule could
 be written. If the set of people is not easily defined by a search
@@ -554,8 +554,8 @@ for destination rules, or {{EX:both}} for both source and destination
 rules.
 
 Destination rules are extremely powerful. If ordinary users have
-access to write the saslAuthzTo attribute in their own entries, then
+access to write the {{EX:saslAuthzTo}} attribute in their own entries, then
 they can write rules that would allow them to authorize as anyone else.
-As such, when using destination rules, the saslAuthzTo attribute
+As such, when using destination rules, the {{EX:saslAuthzTo}} attribute
 should be protected with an ACL that only allows privileged users
 to set its values.

doc/guide/admin/tls.sdf

@@ -18,9 +18,9 @@ see the {{PRD:OpenSSL}} documentation.
 H2: Server Certificates
 
 The DN of a server certificate must use the CN attribute
-to name the server, and the CN must carry the server's
+to name the server, and the {{EX:CN}} must carry the server's
 fully qualified domain name. Additional alias names and wildcards
-may be present in the subjectAltName certificate extension.
+may be present in the {{EX:subjectAltName}} certificate extension.
 More details on server certificate names are in {{REF:RFC2830}}.
 
 H2: Client Certificates