[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: rootdn for syncrepl?

--On Monday, October 08, 2007 5:07 PM -0700 Quanah Gibson-Mount <quanah@zimbra.com> wrote:

--On Monday, October 08, 2007 7:06 PM -0400 Maykel Moya
<moya-lists@infomed.sld.cu> wrote:

In man slapd.conf you can read:

rootdn <dn>
  Specify the distinguished name that is not subject to access control
  or administrative limit restrictions for operations on this
  Note that the rootdn is always needed when using syncrepl.

In this Conexitor forum[1] about replication configuration a particular
DN is used with permissions granted via ACIs, it seems that
cn=replicator is not the rootdn.

The rootdn is not required for syncrepl in OpenLDAP 2.3. It may have been for OpenLDAP 2.2. Sounds like a bit of cruft remaining in slapd.conf.

Actually to correct that --

The syncrepl client LDAP Directory needs a rootdn directive in its slapd.conf. It does not need to talk to the *master* using a rootdn. This is so the syncrepl client can internally update its own database using the rootdn specified.



Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
Zimbra ::  the leader in open source messaging and collaboration