From 4b5ffab2a8dc81616c0f5e0630ff697cd553ab04 Mon Sep 17 00:00:00 2001
From: Quanah Gibson-Mount <quanah@openldap.org>
Date: Tue, 4 Jan 2011 00:51:06 +0000
Subject: [PATCH] ITS#6364

---
 CHANGES                      | 2 ++
 doc/guide/admin/overlays.sdf | 2 ++
 doc/man/man5/slapo-refint.5  | 6 ++++++
 3 files changed, 10 insertions(+)

diff --git a/CHANGES b/CHANGES
index 50aac39e74..da1a9b8f7d 100644
--- a/CHANGES
+++ b/CHANGES
@@ -69,7 +69,9 @@ OpenLDAP 2.4.24 Engineering
 		Removed antiquated SunOS LWP support (ITS#6669)
 	Documentation
 		admin24 guide typo fixes (ITS#6609)
+		admin24 guide refint rootdn requirement (ITS#6364)
 		ldap_open(3) document ldap_set_urllist_proc (ITS#6601)
+		slapo-refint(5) rootdn requirement (ITS#6364)
 
 OpenLDAP 2.4.23 Release (2010/06/30)
 	Fixed libldap to return server's error code (ITS#6569)
diff --git a/doc/guide/admin/overlays.sdf b/doc/guide/admin/overlays.sdf
index 3c29daabe2..9cdf2759fd 100644
--- a/doc/guide/admin/overlays.sdf
+++ b/doc/guide/admin/overlays.sdf
@@ -1009,6 +1009,8 @@ If we removed all users from the directory who are a member of this group, then
 would be a single member in the group: {{F:cn=admin,dc=example,dc=com}}. This is the
 {{F:refint_nothing}} parameter kicking into action so that the schema is not violated.
 
+The {{rootdn}} must be set for the database as refint runs as the {{rootdn}} to gain access to
+make its updates.  The {{rootpw}} does not need to be set.
 
 H3: Further Information
 
diff --git a/doc/man/man5/slapo-refint.5 b/doc/man/man5/slapo-refint.5
index 6da66dcea1..9609b316e0 100644
--- a/doc/man/man5/slapo-refint.5
+++ b/doc/man/man5/slapo-refint.5
@@ -31,6 +31,12 @@ attribute containing that DN.
 Entries matching that search would have their
 .B manager
 attribute deleted and replaced by the new DN.
+.LP
+.B rootdn
+must be set for the database.  refint runs as the rootdn
+to gain access to make its updates.
+.B rootpw
+is not needed.
 .SH CONFIGURATION
 These
 .B slapd.conf
-- 
GitLab