[Date Prev][Date Next] [Chronological] [Thread] [Top]

Question on updatedn

To: openldap-software@OpenLDAP.org
Subject: Question on updatedn
From: Krishna Sivaramapuram <krishna@everyone.net>
Date: Mon, 30 Jan 2006 13:48:17 -0800
In-reply-to: <43DE80EF.9040804@symas.com>
References: <01LYDPB0BXFU8WWS4B@psulias.psu.edu> <43DE80EF.9040804@symas.com>
User-agent: Mozilla Thunderbird 1.0.7 (Windows/20050923)

I read that giving the updatedn the same permissions as the rootdn is not a good idea. I understand this is for ACL reasons.

But if I specify an access control statement in the slave such that only the master's peername can write to the slave and the rest can only read based on other access control rules, then is there any reason why we cannot give rootdn permissions to updatedn in the slave? Doesn't that effectively reduce the significance of the updatedn? Of course if for any reason, the peername for the master changes, then we need to update the slapd.conf in the slave too.

Is there any other significant reason, why we should not do this kind of setup?

Krish

Follow-Ups:
- Re: Question on updatedn
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

References:
- slapd-perl: Segmentation Fault w/ perl backend
  - From: "J.Lance Wilkinson, 814-865-1818" <JLW@psulias.psu.edu>
- Re: slapd-perl: Segmentation Fault w/ perl backend
  - From: Howard Chu <hyc@symas.com>

Prev by Date: Re: Problems importing data from 2.2 to 2.3
Next by Date: Re: Question on updatedn
Index(es):
- Chronological
- Thread