Re: Syncrepl and rootdn

["Dieter Kluenter" <dieter@dkluenter.de>]

Jaap Winius <jwinius@umrk.nl> writes:

> Hi all,
>
> This question has to do with syncrepl and the use of the rootdn option
> in slapd.conf.
>
> My understanding is that on a provider server (where writes are
> possible), it is not necessary to use the rootdn option in slapd.conf.
> Instead it is enough to have an account that only exists in the
> directory, with ACLs that give it the same unrestricted access. This
> works fine for me.
 
Any database requires a rootdn but not a rootpw. If no rootdn is
defined in slapd.conf it defaults to cn=manager,$suffix, AFAIK.
Your question should be "what is the function of rootdn?" 

> On syncrepl consumers a rootdn in the local slapd.conf is apparently
> required (according to the man page for slapd.conf). Why is this, and
> does it make a difference what the name of the account is? For
> example, should it be the same as the binddn for syncrepl? For that
> matter, should rootpw also be set, and should it then be the same as
> the credentials value used for syncrepl?

as the consumer is a database, a rootdn is required. The binddn within
syncrepl has to have read access to the provider database and this
should not be rootdn of the provider, rootdn of the consumer manages
the consumer database only. 

-Dieter
-- 
Dieter Klünter | Systemberatung
http://dkluenter.de
GPG Key ID:8EF7B6C6
53°37'09,95"N
10°08'02,42"E