diff --git a/CHANGES b/CHANGES
index 50aac39e74ead2d8e5ad6f6317ecc03476d2d017..da1a9b8f7d1d66894bcd1ad7f39e691928cedfb8 100644
--- a/CHANGES
+++ b/CHANGES
@@ -69,7 +69,9 @@ OpenLDAP 2.4.24 Engineering
 		Removed antiquated SunOS LWP support (ITS#6669)
 	Documentation
 		admin24 guide typo fixes (ITS#6609)
+		admin24 guide refint rootdn requirement (ITS#6364)
 		ldap_open(3) document ldap_set_urllist_proc (ITS#6601)
+		slapo-refint(5) rootdn requirement (ITS#6364)
 
 OpenLDAP 2.4.23 Release (2010/06/30)
 	Fixed libldap to return server's error code (ITS#6569)
diff --git a/doc/guide/admin/overlays.sdf b/doc/guide/admin/overlays.sdf
index 3c29daabe2999701b70c6a5924020cf7e33a1554..9cdf2759fdb16453b18707c46b86e748acfe6cbc 100644
--- a/doc/guide/admin/overlays.sdf
+++ b/doc/guide/admin/overlays.sdf
@@ -1009,6 +1009,8 @@ If we removed all users from the directory who are a member of this group, then
 would be a single member in the group: {{F:cn=admin,dc=example,dc=com}}. This is the
 {{F:refint_nothing}} parameter kicking into action so that the schema is not violated.
 
+The {{rootdn}} must be set for the database as refint runs as the {{rootdn}} to gain access to
+make its updates.  The {{rootpw}} does not need to be set.
 
 H3: Further Information
 
diff --git a/doc/man/man5/slapo-refint.5 b/doc/man/man5/slapo-refint.5
index 6da66dcea1c1a92c7df03d97d594bec25a7dcefe..9609b316e0d54e66ddc6092dc8e1943f62bf7ef6 100644
--- a/doc/man/man5/slapo-refint.5
+++ b/doc/man/man5/slapo-refint.5
@@ -31,6 +31,12 @@ attribute containing that DN.
 Entries matching that search would have their
 .B manager
 attribute deleted and replaced by the new DN.
+.LP
+.B rootdn
+must be set for the database.  refint runs as the rootdn
+to gain access to make its updates.
+.B rootpw
+is not needed.
 .SH CONFIGURATION
 These
 .B slapd.conf