[Date Prev][Date Next]
Syncrepl and rootdn
This question has to do with syncrepl and the use of the rootdn option
My understanding is that on a provider server (where writes are
possible), it is not necessary to use the rootdn option in slapd.conf.
Instead it is enough to have an account that only exists in the
directory, with ACLs that give it the same unrestricted access. This
works fine for me.
On syncrepl consumers a rootdn in the local slapd.conf is apparently
required (according to the man page for slapd.conf). Why is this, and
does it make a difference what the name of the account is? For
example, should it be the same as the binddn for syncrepl? For that
matter, should rootpw also be set, and should it then be the same as
the credentials value used for syncrepl?
PS -- I'm using OpenLDAP 2.4.11-1 on Debian lenny.