diff --git a/Doc/Sdi/ldap.xml b/Doc/Sdi/ldap.xml
index 882e830e0109e6a1f3c059415c48dbec30c5c1a1..583c368d3b635737c9914496daf386830fb35853 100644
--- a/Doc/Sdi/ldap.xml
+++ b/Doc/Sdi/ldap.xml
@@ -667,16 +667,24 @@ modifying entry "olcDatabase={0}config,cn=config"</programlisting>
<para>Depending on your database backend choice you may have to alter
the <link
- xlink:href="http://www.zytrax.com/books/ldap/ch7/#ol-syncrepl-rap-olc">installation
- procedure</link> by replacing <quote>bdb</quote> with <quote>mdb</quote>
- accordingly both on the provider and the consumer side.</para>
+ xlink:href="https://wiki.debian.org/LDAP/OpenLDAPSetup#with_cn.3Dconfig-1">installation
+ procedure</link> by replacing <quote>hdb</quote> with <quote>mdb</quote>
+ accordingly both on the provider and the consumer side. For (yet)
+ unknown reasons the <property>olcSyncProvConfig</property>
+ <acronym>objectclass</acronym> is absent on our systems. You may safely
+ omit configuring the related parameters
+ <property>olcSyncProvConfig</property> and
+ <property>olcSyncProvConfig</property>.</para>
+
+ <para>Using Apache Directory Studio may be used in favour of
+ <command>ldapmodify</command> and friends.</para>
<para>Hints:</para>
<orderedlist>
<listitem>
- <para>Activating the syncprov overlay requires an additional
- <property>olcModuleLoad</property> value:</para>
+ <para>Activating the <code>syncprov</code> overlay requires an
+ additional <property>olcModuleLoad</property> value:</para>
<programlisting language="none">dn: cn=module{0},cn=config
objectClass: olcModuleList
@@ -687,42 +695,21 @@ olcModulePath: /usr/lib/ldap</programlisting>
</listitem>
<listitem>
- <para/>
+ <para>You may want to add the value <code>sync</code> to the
+ <property>olcLogLevel</property> attribute. This will create related
+ messages in <filename>/var/log/syslog</filename>.</para>
</listitem>
</orderedlist>
<para>Check for provider changes being propagated to the
consumer.</para>
- <para>The current configuration does have two serious security
- flaws:</para>
-
- <orderedlist>
- <listitem>
- <para>The replication is based on the provider's
- <code>cn=admin,dc=hdm-stuttgart,dc=de</code> account having maximum
- privileges. Read access is however sufficient. Thus in a
- professional environment you will have to define an appropriate
- <code>syncrepl</code> user having just enough (read)
- privileges.</para>
- </listitem>
-
- <listitem>
- <para>The credentials are being sent in clear text and are thus
- subject to network sniffing (e.g. by using <link
- xlink:href="https://www.wireshark.org">Wireshark</link>). In a
- professional setup you will have to configure <xref
- linkend="glo_TLS"/> for encrypting your communication
- channel.</para>
- </listitem>
- </orderedlist>
-
- <para>The <link
- xlink:href="https://help.ubuntu.com/lts/serverguide/openldap-server.html#openldap-provider-configuration">installation
- procedure</link> does have a security drawback: It uses the provider's
- <code>cn=admin,dc=hdm-stuttgart,dc=de</code> account. Read access is
- however sufficient. Thus define a suitable replication user for this
- purpose being endowed with just sufficient privileges:</para>
+ <para>The current configuration contains a serious security flaw: The
+ credentials are being sent in clear text and are thus subject to network
+ sniffing (e.g. by using <link
+ xlink:href="https://www.wireshark.org">.Wireshark</link>). In a
+ professional setup you will have to configure <xref linkend="glo_TLS"/>
+ for encrypting your communication channel.</para>
</section>
<section xml:id="sdiSectLdapByJava">