If im doing multi master replication, what privileges does the bind DN need? i know its bad practice to use the manager DN, does the binding user need write access to anything on the remote ldap tree or just full read access? Thanks. David.