authmeth-16 notes

[Howard Chu <hyc@highlandsun.com>]

Section 3.1.5 is definitely better. A couple of minor points:
  rule #3, "leftmost RDN" is probably a bad choice. "least significant 
RDN" might be better.

X.500 never specified a left/right display order for DNs, it only 
defines them as a sequence in descending order from the root down. It 
was common practice with X.500 tools to display DNs in left-to-right 
order, like a filesystem: /rootrdn/nextrdn.../lastrdn and it was common 
for packages like (older versions of) OpenSSL to use this order as well 
when displaying DNs in X.509 certificates. While LDAP specifies a 
right-to-left order for DNs, people working with these older certificate 
management tools may still be presented with X.500-style DNs. This 
ordering ambiguity still causes a lot of confusion for users and 
administrators. I wonder if it would be worthwhile to add an explanatory 
note about this point to Appendix A.

More minor stuff:

3.1.5.2 is missing a word in the last sentence. Probably should be "A 
match occurs *if* the reference ..."

There are other missing articles/infinitives as well; I haven't finished 
reading yet.
--
  -- Howard Chu
  Chief Architect, Symas Corp.  http://www.symas.com
  Director, Highland Sun        http://highlandsun.com/hyc
  OpenLDAP Core Team            http://www.openldap.org/project/