[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Syncrepl and rootdn



Quoting Dieter Kluenter <dieter@dkluenter.de>:

Any database requires a rootdn but not a rootpw. If no rootdn is
defined in slapd.conf it defaults to cn=manager,$suffix, AFAIK.
Your question should be "what is the function of rootdn?"

Okay, what's the answer to that question?

as the consumer is a database, a rootdn is required. The binddn within
syncrepl has to have read access to the provider database and this
should not be rootdn of the provider, rootdn of the consumer manages
the consumer database only.

Let me get this straight:

  1. Every database needs a rootdn.
  2. Provider rootdn can use the default value.
  3. Consumer rootdn cannot use the default value.
  4. Consumer does not require rootpw.
  5. Syncrepl binddn should not be provider rootdn.
  6. Syncrepl binddn must have read access to provider database

Why is the third point? Would there otherwise be a naming conflict? If so, what's the best rootdn naming strategy for consumers?

Thanks!

Jaap