2009/2/8 Michael Ströder michael@stroeder.com:
Note that this is only needed if you have to ensure the integrity of inter-related LDAP entries. So this depends on your deployment, especially the writing LDAP client applications.
But thinking more thoroughly about this it could be also a problem if a client application trys to modify several entries and you're switching to read-only mode in between as preparation for a backup. Even if the application would theoretically be capable of rolling back all the changes it wouldn't help since the LDAP server is read-only then.
So the solution would be rather to really make sure that no admin/provisioning application is running anymore.
I think the admin guide could clarify this.
I can't really close client applications unless I gracefully terminate all connections on the LDAP server perhaps ?
I guess that could be one option.