In man slapd.conf you can read: -- rootdn <dn> Specify the distinguished name that is not subject to access control or administrative limit restrictions for operations on this database. [...] Note that the rootdn is always needed when using syncrepl. --
In this Conexitor forum[1] about replication configuration a particular DN is used with permissions granted via ACIs, it seems that cn=replicator is not the rootdn. Could you clarify about the real necessity of rootdn (and its usage) for syncrepl? Regards, maykel [1] http://www.connexitor.com/forums/viewtopic.php?t=3
