I wrongly supposed that a LDAP server configured with replication (sycnrepl) and not using syncprov modules (so is only a consumer and not a provider) would automatically behave as a Read-ONLY replica as it will sync from other servers specified on the syncrepl settings but will not be providing deltas thru syncprov module.

However I tested the following scenario (N-way multimatseer with one 'Readreplica')

- Servers A and B with syncprov enabled (so they are providers)
- Servers A and B both sync (syncprel) to the other (so they are consumers)
- Added server C syncrepl to A and B, *BUT not loading syncprov*. So is a consumer only, (ReadReplica)?

However I verified that I can make changes to C and they got stored into C. (Not replicated to A/B as they don't sync with C).

- So how I got C behave like a true ReadOnly replica (denying writes)?
- If I have to set some settings, note that I'm also replicating olcConfig tree cn=config, so how I got this setting applied only to one server?

Thanks for any hints or explation on my doubts.