Am 08.01.20 um 16:16 schrieb Vincent Ducot:
Hi all, I'm testing multi-master replication between (at least 2) openldap nodes (2.4.45, on Ubuntu 18.04) and facing a problem with replication account.
At some point in time I decided to create a separate database as replication-account
slapd.conf: database ldif directory /empty suffix "dc=syncrepl" access to dn.base="dc=syncrepl" by * auth rootdn "dc=syncrepl" rootpw "{PLAIN}secret"
This account exist per configuration even on an "empty" syncrepl consumer and is allowed to read/write the database to be replicated. It will not be replicated itself an avoid the issue you describe. N-way replication can start from zero.
If this should be insecure, I hope, somebody will correct me (and the archive), please.
Andreas