Most of my organization's data is kept in LDAP, along with groups and affiliations and titles and positions and everything else. We've got a simple single-master, multi-slave setup, built back in the OpenLDAP 2.0 days.
We also have a provisioning service, which essentially monitors LDAP, and as new people arrive, change position, or what have you, it runs off and provisions accounts, mailboxes, services and permissions as needed for the person, all automatically.
Currently, this monitoring - trying to keep it as "live" as possible - is done by essentially making the provisioning server an LDAP replicant, using slurpd. It works "well enough", though it has some problems.
But slurpd is going away, and I'm trying to kill it off in our structure. The provisioning server is one of the last holdouts.
So my question is this: Is it possible for me to write some code, using perl or C or whatever is needed, that will connect as a syncrepl consumer, and "refresh and persist"? Are there docs for how the synchronization protocol works? Is it just an odd LDAP query?