Hello folks, I need to accomplish the following: Think of you and me both having an ldap tree; we agree on sharing some information, either by subtree or objectClass or even assigned attribute "shareMeWithOthers". I have thought of the sharers somehow get there shared entries to a distribution database, which does just that: distribute all of the shared entries to all sharers. 0) ldap tree and config is identical on all sites, every dn is unique (the application does that), the sharing sites (you and me) must have the decision on what to share. 1) Data gets written to ldap on one of the sharing sites, 2) Parts of the data is replicated to distribution site 3) Data from distribution site is always replicated to the sharing sites. Errors on replicating from distribution site to originating sharing site (because the dn is already there) are o.k. If it was not for the "Parts" in 2) everything would be fine. Push via slurpd from sharing sites to distribution site and push everything from distribution site to all sharing sites. But pushing via slurpd does not let me filter, as far as I understand (though slapd.conf(5) says something about "suffix" for "replica" log files with debug -1 indicate that this does not work for bdb: "/etc/slapd.conf: line 18: suffix "cn=bla" in "replica" line is not \ valid for backend (ignored)"). That's where syncrepl jumps in, which allows for filtering. This would require a secondary database on every sharing site which is syncrepl'ed from primary database at the sharing site. But yet the secondary database at the sharing site needs to be replicated to the distribution site. But when a database is defined as a replica via syncrepl and additionally a replica is defined, the replication log does not get written, as far as I have tested (could not find any docs on that, got hints?). Any ideas? I'd just love to handle this at the database- and not the application level! I'm not on the list, please include my address separatly! Thanks for reading and any advice, Max