Hi,
I wonder if it would be harmful to modify our slapd acls so that only the user used for syncrepl replication can view the contextCSN/entryCSN attributes on the master servers. We're considering this to prevent unintended partial replication (for example without password fields) in case there is a misconfiguration and the slave comes as another user/anomymous. Ideally I would block anonymous access to our database completely but we have to update a lot of services until this can be achieved. Does this idea make sense or am I missing something?
Best regards Karsten