quanah@zimbra.com wrote:
Full_Name: Quanah Gibson-Mount Version: 2.4.12 OS: NA URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (75.111.29.239)
In looking at the admin guide sections on replication, I notice the following:
(a) The syncrepl configuration suggests using the rootdn on the consumer, which we advise people *not* to do.
http://www.openldap.org/doc/admin24/replication.html#Syncrepl
"The consumer uses the rootdn to write to its database so it always has full permissions to write all content."
The Admin Guide is correct here. We have never advised people against this.
(b) It makes no mention of using the "limits" option in slapd.conf to bypass sizelimit/timelimit restrictions on a non-rootdn user
You're confused. The above text refers to the rootdn on the consumer, not the identity the consumer uses to talk to the provider.
Note that the example at the top of the page shows the appropriate limit directives.
I think the organization of this chapter is wrong, it should not start with section 17.1 describing how to use syncrepl to replace slurpd before it describes syncrepl (section 17.2).
-
hyc@symas.com