[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: rootdn for syncrepl?

To: Quanah Gibson-Mount <quanah@zimbra.com>, Maykel Moya <moya-lists@infomed.sld.cu>, openldap-software@openldap.org
Subject: Re: rootdn for syncrepl?
From: Quanah Gibson-Mount <quanah@zimbra.com>
Date: Mon, 08 Oct 2007 17:12:26 -0700
Content-disposition: inline
In-reply-to: <9CEC359D5C1A72EC33646E2B@[192.168.1.3]>
References: <1191884770.3256.59.camel@gloria.red.sld.cu> <9CEC359D5C1A72EC33646E2B@[192.168.1.3]>

--On Monday, October 08, 2007 5:07 PM -0700 Quanah Gibson-Mount <quanah@zimbra.com> wrote:

--On Monday, October 08, 2007 7:06 PM -0400 Maykel Moya
<moya-lists@infomed.sld.cu> wrote:

In man slapd.conf you can read:

--
rootdn <dn>
  Specify the distinguished name that is not subject to access control
  or administrative limit restrictions for operations on this
  database.
  [...]
  Note that the rootdn is always needed when using syncrepl.
--

In this Conexitor forum[1] about replication configuration a particular
DN is used with permissions granted via ACIs, it seems that
cn=replicator is not the rootdn.


The rootdn is not required for syncrepl in OpenLDAP 2.3.  It may have
been for OpenLDAP 2.2.   Sounds like a bit of cruft remaining in
slapd.conf.


Actually to correct that --

The syncrepl client LDAP Directory needs a rootdn directive in its slapd.conf. It does not need to talk to the *master* using a rootdn. This is so the syncrepl client can internally update its own database using the rootdn specified.

--Quanah

--

Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra ::  the leader in open source messaging and collaboration

References:
- rootdn for syncrepl?
  - From: Maykel Moya <moya-lists@infomed.sld.cu>
- Re: rootdn for syncrepl?
  - From: Quanah Gibson-Mount <quanah@zimbra.com>

Prev by Date: Re: rootdn for syncrepl?
Next by Date: Re: some questions about syncrepl
Index(es):
- Chronological
- Thread