Aaron Richton writes:
I've had it with explaining that the suffix is the root of the database which is not the rootdn which is not the Unix user "root".
[...]
IMO this renaming/aliasing will lead to even more confusion on the mailing
I'd note that the namespace pollution is nearly impossible to avoid in any reasonable manner. *ix users might be confused that it's rootdn/rootpw.
Note that people _also_ confuse rootdn with the suffix, since the suffix is the root of the backend's tree (and is described as that some places, though I don't remember where at the moment).
Maybe it'd help to instead describe is at the "top" of the database's LDAP tree.
But when we make admindn/adminpw Windows users might be confused that they're not related to Windows Administrator privileges. Perhaps we could call it systemdn and confuse VMS users.
ldapadmin-dn, ldapadmin-pw?
Almost anything short of "rootdnThatAppliesOnlyToThisBackendAndNotToAnythingElseInYourOS" is going to require a bit of interpretation in the documentation, and it's intuitively obvious (if not always properly understood) that slapd configuration configures slapd, not *ix nor the universe at large.
That's far from obvious to a number of LDAP beginner who just wants to set up LDAP and get it to work. The learning curve is fairy steep, so many seem to skim the doc a bit too fast.
A couple doc patches to reinforce that "rootdn" only applies to backends and not to any client OS would probably be better in this case.
I'll do something about that.