2009/2/8 Michael Ströder <michael(a)stroeder.com>:
Note that this is only needed if you have to ensure the integrity of
inter-related LDAP entries. So this depends on your deployment,
especially the writing LDAP client applications.
But thinking more thoroughly about this it could be also a problem if a
client application trys to modify several entries and you're switching
to read-only mode in between as preparation for a backup. Even if the
application would theoretically be capable of rolling back all the
changes it wouldn't help since the LDAP server is read-only then.
So the solution would be rather to really make sure that no
admin/provisioning application is running anymore.
I think the admin guide could clarify this.
I can't really close client applications unless I gracefully terminate
all connections on the LDAP server perhaps ?
I guess that could be one option.