I was going through the Indentity Management Guide for the first time and noticed multiple typos and several other issues. I was reading it at https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/6/html-single/Identity_Management_Guide/index.html

Here is the list. The hash character starts original text.

# As said, an IPA server is a controller for a lot of associated services. While a number of those services are support, most of them are not required.
support->supported

# It is recommended that a separate DNS domain be allocated for the IPA server. While not required (clients from other domains can still be enrolled in the IPA domain), this is a convenience for overall DNS management.
Is it really "DNS domain ... for the IPA server"? Shouldn't it be "DNS domain ... for the IPA *domain*" instead?

# If the IPA server is configured to host its own DNS server, any previous existing DNS ignored.
"existing DNS" what?

# To make sure that these ports are available, try iptables to list the available ports or nc, telnet, or nmap to connect to a port or run a port scan.
Iptables won't list available ports. You can interpret iptables configuration and assume that ports are open, but it's not always easy.
The best advice is to use nc as the client and the server for both TCP and UDP.
Nmap is a good way but it seems it wouldn't scan Dogtag port by default.

# To open a port:
#
# [root@server ~]# iptables -A INPUT -p tcp --dport 389 -j ACCEPT
#
# The iptables man page has more information on opening and closing ports on a system. 
This command doesn't guarantee that the port would be "opened" in all configurations.

# If a server is being installed on a virtual machine, that server should not run an NTP server.
A short explanation would be nice here.

# To disable NTP for IPA, use the --no-ntp option. 
The --no-ntp option to what?

# if a request determines that a specific IPA user does not exist, it marks this as a negative cache
I'd suggest "it caches this as a negative response" instead. There is no such thing as a "negative cache".

# The port numbers and directory locations used by IPA are all defined automatically, as defined in Section 2.2.4.4, “System Ports” and .
"and ." what?

# These example illustrate some common options when installing the server.
example->examples

# To use DNS always requires the --setup-dns.
Maybe "To enable DNS always use the --setup-dns option."

# To user forwarders, use the --forwarder option
user->use

# DNS entries are required for required domain services:
The "are" should probably be removed.

# If the initial IPA server was created without DNS enabled, then each DNS entry, including both TCP and UPD entries for some services, should be added manually.
UPD->UDP

# [root@ipaserver ~]# yum update *
The star should be quoted, like this: "yum update '*'", or: "yum update \*".
Otherwise the shell will expand it into current directory entries.

# It is not necessary to update all servers and replicas at precisely the same
# time; the IPA servers will still work with each other and replicate data
# successfully. The older IPA servers will simply lack the new features.
This contradicts this:

"The replica must be the same version as the original master server. If the
master server is running on Red Hat Enterprise Linux 6.3, IPA version 2.2.x,
then the replica must also run on Red Hat Enterprise Linux 6.3 and use the IPA
2.2.x packages."

The reader will be left unsure whether it will work or not and will have to
seek information from other sources.

This note alleviates that slightly:

"Schema changes are replicated between servers. So once one master server is
updated, all servers and replicas will have the updated schema, even if their
packages are not yet updated. This ensures that any new entries which use the
new schema can still be replicated among all the servers in the IPA domain."

However, it is still unclear whether schema is updated or not during replica
creation.

# Configures SSSD or LDAP/KRB5, including NSS and PAM configuration files.
Configures->Configure

# Configures an OpenSSH server and client, as well as enabling the host to create DNS SSHFP records.
Should probably be: "Configure an OpenSSH server and client, enabling the host to create DNS SSHFP records."

# ipa command parentEntryName chidlEntryName --childOptions=childValues
chidlEntryName->childEntryName

# If each cluster member contains a subject alternative name which includes the names of all the other cluster members will satisfy any client connection requirements.
Maybe "If each cluster member contains a subject alternative name which includes the names of all the other cluster members, *this* will satisfy any client connection requirements."

# If an attribute does not exist in the DNS zone entry, than the dnszone-mod command adds the attribute.
than->then

# The regular expression can match any port of the string.
port->part

# Wrapping the pattern in ^ and $ means that it must be an exact match.
It doesn't mean an "exact match", it means that the whole string should match.
Such pattern could still match several strings, like this one: "^user[0-9]$".
Maybe it's better to say "Wrapping the pattern in ^ and $ means that it must match the string as a whole."