I have two issues.

1. Multi-master replication does not seem to work reliably for me, changes on master1 often do not get replicated to master2 or vice versa.

One thing I think is a bit weird is that I have to use "mirrormode on" but reading the documentation mirrormode is not really multi-master, its master w/ failover basically.  All writes should go to one master but I want true multi-master where writes can go to either master at any time.

If I remove mirrormode on I get "unwilling to perform" or update referrals when trying to write to my masters.  Should I be using mirrormode for multi-master replication?

2. I am not sure my overlays are ordered in the best way and wonder if this misordering is a part of the replication problems I am seeing.

Can anyone offer any suggestions as to what I might have wrong for multi-master replication or for the proper stacking order of my overlays?

I am using openldap 2.4.11 and I am configuring everything with slapd.conf.

I am trying to update to 2.4.16 but I need a reliable RPM for it.  It is company policy that the build tools do not go on production servers so I must find an RPM or build an RPM on our build box.

--- Begin master1 slapd.conf ---
...globals, schema and such...

password-hash   {SSHA}

ServerID 1

# access.conf contains all access statements which get rsynced
# to all master and slave ldap servers
include /etc/openldap/access.conf

authz-policy both
sizelimit unlimited

database        bdb
suffix          "dc=example,dc=com"
rootdn          "cn=Manager,dc=example,dc=com"
rootpw          secret
directory       /var/lib/ldap

index objectClass                       eq,pres
index ou,cn,mail,surname,givenname      eq,pres,sub
index uidNumber,gidNumber,loginShell    eq,pres
index uid                               eq,pres,sub
index nisMapName,nisMapEntry            eq,pres,sub
index member,uniqueMember,memberOf      eq,pres
index entryCSN,entryUUID                eq

overlay accesslog
logdb cn=log
logops writes session
logpurge 7+00:00 1+00:00

overlay ppolicy
ppolicy_default    cn=ppolicy_default,ou=policies,dc=example,dc=com
ppolicy_use_lockout true

syncrepl rid=001
        provider=ldap://master2/
        bindmethod=simple
        binddn="cn=replicator,dc=example,dc=com"
        credentials=secret
        searchbase="dc=example,dc=com"
        schemachecking=off
        type=refreshAndPersist
        starttls=yes
        tls_reqcert=never
        retry="60 5 600 +"

overlay syncprov
syncprov-checkpoint 100 10

mirrormode on

overlay unique
unique_uri "ldap:///o=*,dc=example,dc=com?uid?sub?(objectClass=posixAccount)"
unique_uri "ldap:///o=*,dc=example,dc=com?uidNumber?sub?(objectClass=posixAccount)"
unique_uri "ldap:///o=*,dc=example,dc=com?cn?sub?(objectClass=posixGroup)"

overlay dynlist
dynlist-attrset posixGroup memberURL memberUid:uid

overlay memberof
memberof-refint TRUE
memberof-dangling error
--- End master1 slapd.conf ---

Master2 slapd.conf is identical except for being ServerID 2 and its syncrepl provider is master1.