(Answer) (Category) OpenLDAP Faq-O-Matic : (Category) OpenLDAP Software FAQ : (Category) Configuration : (Category) SLAPD Configuration : (Category) Replication : (Answer) Why can't the updatedn modify the slave?
From the slapd.conf(5) man page you might infer that the updatedn is allowed to make changes to the replica in a similar way that the rootdn can, i.e. bypassing ACLs. This is not the case; the updatedn must be granted write access to the entries that it needs to update.
It is generally not a good idea for the updatedn to be set to the same value as the rootdn (of the master slapd(8)).
A simple ACL that gives the updatedn full write permissions is 
    # give the updateDN "cn=Replica,dc=example,dc=com" auth and write access
    access to *
        by dn.exact="cn=Replica,dc=example,dc=com" =xw
        by * none break

    # other ACLs...
It MUST appear before any other access rule.
[Append to This Answer]
Previous: (Answer) Why aren't the clients chasing the update referral returned by the slave SLAPD?
Next: (Answer) How do I add slaves?
This document is: http://www.openldap.org/faq/index.cgi?file=890
[Search] [Appearance]
This is a Faq-O-Matic 2.721.test.
© Copyright 1998-2013, OpenLDAP Foundation, info@OpenLDAP.org