Re: Multiple syncrepl problems

[Howard Chu <hyc@symas.com>]

Darren Gamble wrote:

> Good day,
>
> Thanks again for your reply.
>
>  
>
> > In 2.2.20 the consumer code was reorganized (to fix a variety 
> > of other 
> > bugs) and as a result of the shuffle, most operations are now 
> > performed 
> > with the rootdn alone. I suppose this must be considered a new bug in 
> > 2.2.20. However, the fact remains that even in older 
> > releases, you must 
> > have a rootdn defined on the consumer database, because it is 
> > needed for 
> > internal maintenance.
> >
> > I'm inclined to remove the multiple-consumer-context support, as it 
> > seems to be causing more hassles than it's worth. With that removed, 
> > then only a rootdn would be needed and no updatedn at all.
> >    
>
> OK, we can add the rootdn back in, then.  Last question, I think - should a
> rootdn be defined on the provider, as well?  And it's unnecessary (and
> possibly insecure) to supply a rootpw
>  
Yes, and yes. The provider also needs to perform internal maintenance 
operations, and those require a rootdn. The internal operations never 
need the rootpw.

> Could both the Admin Guide and man pages both be corrected to reflect these
> changes, please, if they will be permanent?  The slapd.conf man page still
> says "It is recommended that the rootdn only be specified when needed (such
> as when initially populating a database)", which I'm sure a large number of
> other admins have tried to follow.
>  
That comment is essentially correct - use a rootdn only when needed. The 
fact is that with syncrepl, the rootdn is always needed.

--
 -- Howard Chu
 Chief Architect, Symas Corp.       Director, Highland Sun
 http://www.symas.com               http://highlandsun.com/hyc
 Symas: Premier OpenSource Development and Support