Thank you very much Quanah for your response!
Sort of. If you added the schema and then an object, the other masters should halt replication at that point until they have a matching schema.
That's interesting.
Not really, no. It does depend on the version of OpenLDAP in use, as there were some bugs in older OpenLDAP versions that would allow the object to partially replicate or the object to just get skipped, which could cause headache. But those issues were fixed.
So then best practice with tree sync is add the schema to all masters first, then an object. which would make sense.
I would say that by doing cn=config replication, you've added a wide surface area for new issues to occur. I generally view cn=config replication as more of a beta feature. There are still ongoing issues being resolved and fixed for it (For example, ITS#8616 in the most recent 2.4.47 release)
Hmm... so would you recommend removing the replication of cn=config for now? Individually adding the schema to each master is feasible for us.
Thank you again
-Dave