[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Question on updatedn



At 01:48 PM 1/30/2006, Krishna Sivaramapuram wrote:
>I read that giving the updatedn the same permissions as the rootdn is not a good idea. I understand this is for ACL reasons.

Not sure exactly what text you are referring here, but what OpenLDAP
documentation commonly says is that the updatedn of a slave should
not be set to the rootdn of the master.  The reason has nothing to
do with access controls/permissions, but to ensure proper return
of update referrals when accessed by the directory manager who
has the DN of the master's rootdn.

You can certainly set the rootdn of the slave to the updatedn
of the slave as long as it differs from the rootdn of the master.
But it generally recommended that you use ACLs instead to
grant necessary access to the updatedn.

Personally, I prefer to avoid setting a rootdn on all servers,
instead opting to grant necessary access via ACLs.

Kurt