[Date Prev][Date Next]
Question on updatedn
I read that giving the updatedn the same permissions as the rootdn is
not a good idea. I understand this is for ACL reasons.
But if I specify an access control statement in the slave such that only
the master's peername can write to the slave and the rest can only read
based on other access control rules, then is there any reason why we
cannot give rootdn permissions to updatedn in the slave? Doesn't that
effectively reduce the significance of the updatedn? Of course if for
any reason, the peername for the master changes, then we need to update
the slapd.conf in the slave too.
Is there any other significant reason, why we should not do this kind of