diff --git a/CHANGES b/CHANGES
index ae30ea7f1c4b6848c667e76def4a975fc452749a..772e633677b775ac7be1b8dcd492a2523b1db3c3 100644
--- a/CHANGES
+++ b/CHANGES
@@ -33,6 +33,7 @@ OpenLDAP 2.4.17 Engineering
 		admin24 fixed example regex (ITS#6052)
 		slapd.conf(5) pidfile/argsfile description fix (ITS#5975)
 		slapd-config(5) pidfile/argsfile description fix (ITS#5975)
+		slapo-unique(5) explicitly note rootdn requirement (ITS#6108)
 
 OpenLDAP 2.4.16 Release (2009/04/05)
 	Fixed libldap GnuTLS with x509v1 CA certs (ITS#5992)
diff --git a/doc/man/man5/slapo-unique.5 b/doc/man/man5/slapo-unique.5
index 4fc35ef26ac66bf783b237905c1c7e5f3d022a20..2193029859017950eb400643ca22f0230a824c47 100644
--- a/doc/man/man5/slapo-unique.5
+++ b/doc/man/man5/slapo-unique.5
@@ -27,6 +27,10 @@ have a
 .B uid
 attribute containing the same value. If any are found, the request is
 rejected.
+.LP
+The search is performed using the rootdn of the database, to avoid issues
+with ACLs preventing the overlay from seeing all of the relevant data. As
+such, the database must have a rootdn configured.
 .SH CONFIGURATION
 These
 .B slapd.conf