[Date Prev][Date Next] [Chronological] [Thread] [Top]

Question on updatedn

I read that giving the updatedn the same permissions as the rootdn is not a good idea. I understand this is for ACL reasons.

But if I specify an access control statement in the slave such that only the master's peername can write to the slave and the rest can only read based on other access control rules, then is there any reason why we cannot give rootdn permissions to updatedn in the slave? Doesn't that effectively reduce the significance of the updatedn? Of course if for any reason, the peername for the master changes, then we need to update the slapd.conf in the slave too.

Is there any other significant reason, why we should not do this kind of setup?