I have three servers running openldap 2.4.
On superior server I have all account information. ldap://a.example.com On subordinate server I have an address book. ldap://b.example.com On third server I use an ldap backend to tie the two together. ldap://c.example.com

Using 3rd server (ldap://c.example.com) to search and modify, I can authenticate on 1st server (a.example.com). But because no user account information is stored on 2nd server (b.example.com) I can't authenticate, or modify any entries there.

My question is, how do I set up the ability to change entries in the subordinate database, if no entries can be bound to?

Server One:

olcSuffix: dc=example,dc=com
olcDatabase: {1}hdb
olcDBDirectory: /var/lib/ldap

With an entry like so:

dn: ou=address,dc=example,dc=com
objectClass: extensibleobject
objectClass: referral
ou: address
ref: ldap://b.example.com

Server 2:

olcReferral: ldap://a.example.com

olcSuffix: ou=address,dc=example,dc=com
olcDatabase: {1}hdb
olcDBDirectory: /var/lib/ldap

With an entry:

dn: cn=Bob,ou=address,dc=example,dc=com
objectClass: inetorgperson
cn: Bob
gn: Bob
sn: Smith

Server 3:

olcSuffix: dc=example,dc=com
olcDatabase: {1}ldap
olcDBUri: ldap://a.example.com
olcDBRebindAsUser: TRUE
olcDBChaseReferrals: TRUE