search for: slapd_sentinel_file

...uot;<DN-TO-WITH-READ-ACCESS>" >> ??? by users read >> ??? by * none >> >> /etc/default/slapd: >> >> SLAPD_USER="openldap" >> SLAPD_GROUP="openldap" >> SLAPD_PIDFILE= >> SLAPD_SERVICES="ldaps:///" >> SLAPD_SENTINEL_FILE=/etc/ldap/noslapd >> SLAPD_OPTIONS="" >> >> I am using this for LDAP queries from my DMZ. It needs just one open >> port (tcp/636) and limits ldap-queries to permissions setup in >> slapd.conf (read on dn-subtree). That prevents unwanted open ports >&gt...

Der Rowland, We share that concerns actually and of course if there is a way to avoid it, it is always better. Another fellow suggested us an LDAP-Proxy instead (personally have never setup one). What we actually need in our case scenario, is only that service and not the rest of bells and whistles of an RODC. I just was wondering if someone had experience with what happens if one does