Jaap Winius jwinius@umrk.nl writes:
Hi all,
This question has to do with syncrepl and the use of the rootdn option in slapd.conf.
My understanding is that on a provider server (where writes are possible), it is not necessary to use the rootdn option in slapd.conf. Instead it is enough to have an account that only exists in the directory, with ACLs that give it the same unrestricted access. This works fine for me.
Any database requires a rootdn but not a rootpw. If no rootdn is defined in slapd.conf it defaults to cn=manager,$suffix, AFAIK. Your question should be "what is the function of rootdn?"
On syncrepl consumers a rootdn in the local slapd.conf is apparently required (according to the man page for slapd.conf). Why is this, and does it make a difference what the name of the account is? For example, should it be the same as the binddn for syncrepl? For that matter, should rootpw also be set, and should it then be the same as the credentials value used for syncrepl?
as the consumer is a database, a rootdn is required. The binddn within syncrepl has to have read access to the provider database and this should not be rootdn of the provider, rootdn of the consumer manages the consumer database only.
-Dieter