rootdn for syncrepl?

In man slapd.conf you can read:

-- rootdn <dn> Specify the distinguished name that is not subject to access control or administrative limit restrictions for operations on this database. [...] Note that the rootdn is always needed when using syncrepl. --

In this Conexitor forum[1] about replication configuration a particular DN is used with permissions granted via ACIs, it seems that cn=replicator is not the rootdn.

Could you clarify about the real necessity of rootdn (and its usage) for syncrepl?

Regards, maykel

[1] http://www.connexitor.com/forums/viewtopic.php?t=3