Emmanuel Dreyfus wrote:
Can you elaborate in a reply to me? I have no braindead-automatically-attached-policy about e-mail confidentiality :-)
Sure...
I have set up something using slurpd because I understood that using replsync, the replica would need an access on the master, whereas slurpd allowed a pure push method, where the replicas have no right to connect to the master (the master can even be firewalled)
Syncrepl can operate in either direction. In the pure push/firewall case, just set up a proxy backend as the syncrepl consumer. test045 and test048 in the test suite both demonstrate how to configure this. Those tests are in OpenLDAP 2.4, but you can do something similar in 2.3. You just need to use a separate slapd instance for the consumer in 2.3.
Just because the protocol was defined a particular way (consumer initiated single master replication) doesn't mean it can't be used in other ways. OpenLDAP is far more flexible than that. We've enhanced the basic syncrepl functionality a number of different ways (delta-syncrepl, proxied syncrepl, mirrormode, and multimaster) all without altering any of the syncrepl protocol definition. All it takes is a little creativity to assemble the pieces in the proper order.