[Date Prev][Date Next] [Chronological] [Thread] [Top]

Syncrepl and rootdn

Hi all,

This question has to do with syncrepl and the use of the rootdn option in slapd.conf.

My understanding is that on a provider server (where writes are possible), it is not necessary to use the rootdn option in slapd.conf. Instead it is enough to have an account that only exists in the directory, with ACLs that give it the same unrestricted access. This works fine for me.

On syncrepl consumers a rootdn in the local slapd.conf is apparently required (according to the man page for slapd.conf). Why is this, and does it make a difference what the name of the account is? For example, should it be the same as the binddn for syncrepl? For that matter, should rootpw also be set, and should it then be the same as the credentials value used for syncrepl?



PS -- I'm using OpenLDAP 2.4.11-1 on Debian lenny.