fix client tool man page

doc/man/man1/ldapcompare.1

@@ -148,30 +148,30 @@ Specify the LDAP protocol version to use.
 .TP
 .BR \-E \ [ ! ] \fIext\fP [ =\fIextparam\fP ]
 
-Specify general extensions with \fB\-e\fP and search extensions with \fB\-E\fP.
+Specify general extensions with \fB\-e\fP and compare extensions with \fB\-E\fP.
 \'\fB!\fP\' indicates criticality.
 
 General extensions:
 .nf
-  [!]assert=<filter>   (an RFC 4515 Filter)
-  [!]authzid=<authzid> ("dn:<dn>" or "u:<user>")
+  [!]assert=<filter>    (an RFC 4515 Filter)
+  !authzid=<authzid>    ("dn:<dn>" or "u:<user>")
+  [!]bauthzid           (RFC 3829 authzid control)
+  [!]chaining[=<resolve>[/<cont>]]
   [!]manageDSAit
   [!]noop
   ppolicy
-  [!]postread[=<attrs>]        (a comma-separated attribute list)
-  [!]preread[=<attrs>] (a comma-separated attribute list)
-  abandon, cancel (SIGINT sends abandon/cancel; not really controls)
+  [!]postread[=<attrs>] (a comma-separated attribute list)
+  [!]preread[=<attrs>]  (a comma-separated attribute list)
+  [!]relax
+  sessiontracking
+  abandon,cancel,ignore (SIGINT sends abandon/cancel,
+  or ignores response; if critical, doesn't wait for SIGINT.
+  not really controls)
 .fi
 
-Search extensions:
+Compare extensions:
 .nf
-  [!]domainScope                               (domain scope)
-  [!]mv=<filter>                               (matched values filter)
-  [!]pr=<size>[/prompt|noprompt]       (paged results/prompt)
-  [!]sss=[\-]<attr[:OID]>[/[\-]<attr[:OID]>...]  (server side sorting)
-  [!]subentries[=true|false]           (subentries)
-  [!]sync=ro[/<cookie>]                        (LDAP Sync refreshOnly)
-          rp[/<cookie>][/<slimit>]     (LDAP Sync refreshAndPersist)
+  !dontUseCopy
 .fi
 .TP
 .BI \-O \ security-properties

doc/man/man1/ldapdelete.1

@@ -143,30 +143,30 @@ Specify the LDAP protocol version to use.
 .TP
 .BR \-E \ [ ! ] \fIext\fP [ =\fIextparam\fP ]
 
-Specify general extensions with \fB\-e\fP and search extensions with \fB\-E\fP.
+Specify general extensions with \fB\-e\fP and delete extensions with \fB\-E\fP.
 \'\fB!\fP\' indicates criticality.
 
 General extensions:
 .nf
-  [!]assert=<filter>   (an RFC 4515 Filter)
-  [!]authzid=<authzid> ("dn:<dn>" or "u:<user>")
+  [!]assert=<filter>    (an RFC 4515 Filter)
+  !authzid=<authzid>    ("dn:<dn>" or "u:<user>")
+  [!]bauthzid           (RFC 3829 authzid control)
+  [!]chaining[=<resolve>[/<cont>]]
   [!]manageDSAit
   [!]noop
   ppolicy
-  [!]postread[=<attrs>]        (a comma-separated attribute list)
-  [!]preread[=<attrs>] (a comma-separated attribute list)
-  abandon, cancel (SIGINT sends abandon/cancel; not really controls)
+  [!]postread[=<attrs>] (a comma-separated attribute list)
+  [!]preread[=<attrs>]  (a comma-separated attribute list)
+  [!]relax
+  sessiontracking
+  abandon,cancel,ignore (SIGINT sends abandon/cancel,
+  or ignores response; if critical, doesn't wait for SIGINT.
+  not really controls)
 .fi
 
-Search extensions:
+Delete extensions:
 .nf
-  [!]domainScope                               (domain scope)
-  [!]mv=<filter>                               (matched values filter)
-  [!]pr=<size>[/prompt|noprompt]       (paged results/prompt)
-  [!]sss=[\-]<attr[:OID]>[/[\-]<attr[:OID]>...]  (server side sorting)
-  [!]subentries[=true|false]           (subentries)
-  [!]sync=ro[/<cookie>]                        (LDAP Sync refreshOnly)
-          rp[/<cookie>][/<slimit>]     (LDAP Sync refreshAndPersist)
+  (none)
 .fi
 .TP
 .B \-r

doc/man/man1/ldapexop.1

@@ -130,18 +130,18 @@ Use the Distinguished Name \fIbinddn\fP to bind to the LDAP directory.
 .BR \-e \ [ ! ] \fIext\fP [ =\fIextparam\fP ]
 Specify general extensions.  \'!\' indicates criticality.
 .nf
-  [!]assert=<filter>     (RFC 4528; a RFC 4515 Filter string)
-  [!]authzid=<authzid>   (RFC 4370; "dn:<dn>" or "u:<user>")
-  [!]chaining[=<resolveBehavior>[/<continuationBehavior>]]
-     one of "chainingPreferred", "chainingRequired",
-     "referralsPreferred", "referralsRequired"
-  [!]manageDSAit         (RFC 3296)
+  [!]assert=<filter>    (an RFC 4515 Filter)
+  !authzid=<authzid>    ("dn:<dn>" or "u:<user>")
+  [!]bauthzid           (RFC 3829 authzid control)
+  [!]chaining[=<resolve>[/<cont>]]
+  [!]manageDSAit
   [!]noop
   ppolicy
-  [!]postread[=<attrs>]  (RFC 4527; comma-separated attr list)
-  [!]preread[=<attrs>]   (RFC 4527; comma-separated attr list)
+  [!]postread[=<attrs>] (a comma-separated attribute list)
+  [!]preread[=<attrs>]  (a comma-separated attribute list)
   [!]relax
-  abandon, cancel, ignore (SIGINT sends abandon/cancel,
+  sessiontracking
+  abandon,cancel,ignore (SIGINT sends abandon/cancel,
   or ignores response; if critical, doesn't wait for SIGINT.
   not really controls)
 .fi

doc/man/man1/ldapmodify.1

@@ -210,30 +210,30 @@ Specify SASL security properties.
 .TP
 .BR \-E \ [ ! ] \fIext\fP [ =\fIextparam\fP ]
 
-Specify general extensions with \fB\-e\fP and search extensions with \fB\-E\fP.
+Specify general extensions with \fB\-e\fP and modify extensions with \fB\-E\fP.
 \'\fB!\fP\' indicates criticality.
 
 General extensions:
 .nf
-  [!]assert=<filter>   (an RFC 4515 Filter)
-  [!]authzid=<authzid> ("dn:<dn>" or "u:<user>")
+  [!]assert=<filter>    (an RFC 4515 Filter)
+  !authzid=<authzid>    ("dn:<dn>" or "u:<user>")
+  [!]bauthzid           (RFC 3829 authzid control)
+  [!]chaining[=<resolve>[/<cont>]]
   [!]manageDSAit
   [!]noop
   ppolicy
-  [!]postread[=<attrs>]        (a comma-separated attribute list)
-  [!]preread[=<attrs>] (a comma-separated attribute list)
-  abandon, cancel (SIGINT sends abandon/cancel; not really controls)
+  [!]postread[=<attrs>] (a comma-separated attribute list)
+  [!]preread[=<attrs>]  (a comma-separated attribute list)
+  [!]relax
+  sessiontracking
+  abandon,cancel,ignore (SIGINT sends abandon/cancel,
+  or ignores response; if critical, doesn't wait for SIGINT.
+  not really controls)
 .fi
 
-Search extensions:
+Modify extensions:
 .nf
-  [!]domainScope                               (domain scope)
-  [!]mv=<filter>                               (matched values filter)
-  [!]pr=<size>[/prompt|noprompt]       (paged results/prompt)
-  [!]sss=[\-]<attr[:OID]>[/[\-]<attr[:OID]>...]  (server side sorting)
-  [!]subentries[=true|false]           (subentries)
-  [!]sync=ro[/<cookie>]                        (LDAP Sync refreshOnly)
-          rp[/<cookie>][/<slimit>]     (LDAP Sync refreshAndPersist)
+  [!]txn[=abort|commit]
 .fi
 .TP
 .B \-I

doc/man/man1/ldapmodrdn.1

@@ -152,30 +152,30 @@ Specify SASL security properties.
 .TP
 .BR \-E \ [ ! ] \fIext\fP [ =\fIextparam\fP ]
 
-Specify general extensions with \fB\-e\fP and search extensions with \fB\-E\fP.
+Specify general extensions with \fB\-e\fP and modrdn extensions with \fB\-E\fP.
 \'\fB!\fP\' indicates criticality.
 
 General extensions:
 .nf
-  [!]assert=<filter>   (an RFC 4515 Filter)
-  [!]authzid=<authzid> ("dn:<dn>" or "u:<user>")
+  [!]assert=<filter>    (an RFC 4515 Filter)
+  !authzid=<authzid>    ("dn:<dn>" or "u:<user>")
+  [!]bauthzid           (RFC 3829 authzid control)
+  [!]chaining[=<resolve>[/<cont>]]
   [!]manageDSAit
   [!]noop
   ppolicy
-  [!]postread[=<attrs>]        (a comma-separated attribute list)
-  [!]preread[=<attrs>] (a comma-separated attribute list)
-  abandon, cancel (SIGINT sends abandon/cancel; not really controls)
+  [!]postread[=<attrs>] (a comma-separated attribute list)
+  [!]preread[=<attrs>]  (a comma-separated attribute list)
+  [!]relax
+  sessiontracking
+  abandon,cancel,ignore (SIGINT sends abandon/cancel,
+  or ignores response; if critical, doesn't wait for SIGINT.
+  not really controls)
 .fi
 
-Search extensions:
+Modrdn extensions:
 .nf
-  [!]domainScope                               (domain scope)
-  [!]mv=<filter>                               (matched values filter)
-  [!]pr=<size>[/prompt|noprompt]       (paged results/prompt)
-  [!]sss=[\-]<attr[:OID]>[/[\-]<attr[:OID]>...]  (server side sorting)
-  [!]subentries[=true|false]           (subentries)
-  [!]sync=ro[/<cookie>]                        (LDAP Sync refreshOnly)
-          rp[/<cookie>][/<slimit>]     (LDAP Sync refreshAndPersist)
+  (none)
 .fi
 .TP
 .B \-I

doc/man/man1/ldappasswd.1

@@ -145,6 +145,36 @@ simple authentication.
 .BI \-O \ security-properties
 Specify SASL security properties.
 .TP
+.BR \-e \ [ ! ] \fIext\fP [ =\fIextparam\fP ]
+.TP
+.BR \-E \ [ ! ] \fIext\fP [ =\fIextparam\fP ]
+
+Specify general extensions with \fB\-e\fP and passwd modify extensions with \fB\-E\fP.
+\'\fB!\fP\' indicates criticality.
+
+General extensions:
+.nf
+  [!]assert=<filter>    (an RFC 4515 Filter)
+  !authzid=<authzid>    ("dn:<dn>" or "u:<user>")
+  [!]bauthzid           (RFC 3829 authzid control)
+  [!]chaining[=<resolve>[/<cont>]]
+  [!]manageDSAit
+  [!]noop
+  ppolicy
+  [!]postread[=<attrs>] (a comma-separated attribute list)
+  [!]preread[=<attrs>]  (a comma-separated attribute list)
+  [!]relax
+  sessiontracking
+  abandon,cancel,ignore (SIGINT sends abandon/cancel,
+  or ignores response; if critical, doesn't wait for SIGINT.
+  not really controls)
+.fi
+
+Passwd Modify extensions:
+.nf
+  (none)
+.fi
+.TP
 .B \-I
 Enable SASL Interactive mode.  Always prompt.  Default is to prompt
 only as needed.

doc/man/man1/ldapsearch.1

@@ -262,18 +262,25 @@ Specify general extensions with \fB\-e\fP and search extensions with \fB\-E\fP.
 
 General extensions:
 .nf
-  [!]assert=<filter>   (an RFC 4515 Filter)
-  [!]authzid=<authzid> ("dn:<dn>" or "u:<user>")
+  [!]assert=<filter>    (an RFC 4515 Filter)
+  !authzid=<authzid>    ("dn:<dn>" or "u:<user>")
+  [!]bauthzid           (RFC 3829 authzid control)
+  [!]chaining[=<resolve>[/<cont>]]
   [!]manageDSAit
   [!]noop
   ppolicy
-  [!]postread[=<attrs>]        (a comma-separated attribute list)
-  [!]preread[=<attrs>] (a comma-separated attribute list)
-  abandon, cancel (SIGINT sends abandon/cancel; not really controls)
+  [!]postread[=<attrs>] (a comma-separated attribute list)
+  [!]preread[=<attrs>]  (a comma-separated attribute list)
+  [!]relax
+  sessiontracking
+  abandon,cancel,ignore (SIGINT sends abandon/cancel,
+  or ignores response; if critical, doesn't wait for SIGINT.
+  not really controls)
 .fi
 
 Search extensions:
 .nf
+  !dontUseCopy
   [!]domainScope                       (domain scope)
   [!]mv=<filter>                       (matched values filter)
   [!]pr=<size>[/prompt|noprompt]       (paged results/prompt)
@@ -282,6 +289,8 @@ Search extensions:
   [!]sync=ro[/<cookie>]                (LDAP Sync refreshOnly)
           rp[/<cookie>][/<slimit>]     (LDAP Sync refreshAndPersist)
   [!]vlv=<before>/<after>(/<offset>/<count>|:<value>)  (virtual list view)
+  [!]deref=derefAttr:attr[,attr[...]][;derefAttr:attr[,attr[...]]]
+  [!]<oid>[=<value>]
 .fi
 .TP
 .BI \-l \ timelimit

doc/man/man1/ldapurl.1

@@ -60,35 +60,32 @@ Set a comma-separated list of attribute selectors.
 Set the \fIsearchbase\fP.
 .TP
 .BR \-e \ [ ! ] \fIext\fP [ =\fIextparam\fP ]
-.TP
-.BR \-E \ [ ! ] \fIext\fP [ =\fIextparam\fP ]
 
-Specify general extensions with \fB\-e\fP and search extensions with \fB\-E\fP.
+Specify general extensions with \fB\-e\fP
 \'\fB!\fP\' indicates criticality.
 
 General extensions:
 .nf
-  [!]assert=<filter>   (an RFC 4515 Filter)
-  [!]authzid=<authzid> ("dn:<dn>" or "u:<user>")
+  [!]assert=<filter>    (an RFC 4515 Filter)
+  !authzid=<authzid>    ("dn:<dn>" or "u:<user>")
+  [!]bauthzid           (RFC 3829 authzid control)
+  [!]chaining[=<resolve>[/<cont>]]
   [!]manageDSAit
   [!]noop
   ppolicy
-  [!]postread[=<attrs>]        (a comma-separated attribute list)
-  [!]preread[=<attrs>] (a comma-separated attribute list)
-  abandon, cancel (SIGINT sends abandon/cancel; not really controls)
+  [!]postread[=<attrs>] (a comma-separated attribute list)
+  [!]preread[=<attrs>]  (a comma-separated attribute list)
+  [!]relax
+  sessiontracking
+  abandon,cancel,ignore (SIGINT sends abandon/cancel,
+  or ignores response; if critical, doesn't wait for SIGINT.
+  not really controls)
 .fi
 
-Search extensions:
-.nf
-  [!]domainScope                               (domain scope)
-  [!]mv=<filter>                               (matched values filter)
-  [!]pr=<size>[/prompt|noprompt]       (paged results/prompt)
-  [!]sss=[\-]<attr[:OID]>[/[\-]<attr[:OID]>...]  (server side sorting)
-  [!]subentries[=true|false]           (subentries)
-  [!]sync=ro[/<cookie>]                        (LDAP Sync refreshOnly)
-          rp[/<cookie>][/<slimit>]     (LDAP Sync refreshAndPersist)
-.fi
 .TP
+.BR \-E \ [ ! ] \fIext\fP [ =\fIextparam\fP ]
+Set URL extensions; incompatible with
+.BR \-H .
 .TP
 .BI \-f \ filter
 Set the URL filter.  No particular check on conformity with RFC 4515

doc/man/man1/ldapwhoami.1

@@ -110,30 +110,30 @@ Specify SASL security properties.
 .TP
 .BR \-E \ [ ! ] \fIext\fP [ =\fIextparam\fP ]
 
-Specify general extensions with \fB\-e\fP and search extensions with \fB\-E\fP.
+Specify general extensions with \fB\-e\fP and whoami extensions with \fB\-E\fP.
 \'\fB!\fP\' indicates criticality.
 
 General extensions:
 .nf
-  [!]assert=<filter>   (an RFC 4515 Filter)
-  [!]authzid=<authzid> ("dn:<dn>" or "u:<user>")
+  [!]assert=<filter>    (an RFC 4515 Filter)
+  !authzid=<authzid>    ("dn:<dn>" or "u:<user>")
+  [!]bauthzid           (RFC 3829 authzid control)
+  [!]chaining[=<resolve>[/<cont>]]
   [!]manageDSAit
   [!]noop
   ppolicy
-  [!]postread[=<attrs>]        (a comma-separated attribute list)
-  [!]preread[=<attrs>] (a comma-separated attribute list)
-  abandon, cancel (SIGINT sends abandon/cancel; not really controls)
+  [!]postread[=<attrs>] (a comma-separated attribute list)
+  [!]preread[=<attrs>]  (a comma-separated attribute list)
+  [!]relax
+  sessiontracking
+  abandon,cancel,ignore (SIGINT sends abandon/cancel,
+  or ignores response; if critical, doesn't wait for SIGINT.
+  not really controls)
 .fi
 
-Search extensions:
+WhoAmI extensions:
 .nf
-  [!]domainScope                               (domain scope)
-  [!]mv=<filter>                               (matched values filter)
-  [!]pr=<size>[/prompt|noprompt]       (paged results/prompt)
-  [!]sss=[\-]<attr[:OID]>[/[\-]<attr[:OID]>...]  (server side sorting)
-  [!]subentries[=true|false]           (subentries)
-  [!]sync=ro[/<cookie>]                        (LDAP Sync refreshOnly)
-          rp[/<cookie>][/<slimit>]     (LDAP Sync refreshAndPersist)
+  (none)
 .fi
 .TP
 .B \-I