I've read all the available documentation, the Mastering OpenLDAP book, and like a zillion mail-list posts but I haven't found a way to make such scenario possible. I see several use cases for this scenario like an enterprise application syncing all users from the main LDAP of the Org but keeping it's own application related schemas and objects in its server.
So please, could you point me in the right direction or help me discard the possibility at all?
EDIT June 17
An example scenario:
What I'm trying to accomplish is to be able to get all the data in o=area1,o=myorg,dc=org and o=area2,o=myorg,dc=org from the provider, but also to be able to have additional data in the consumer, like o=subarea1,o=myorg,dc=org.
I have no problem getting the data from the provider, I've set up an syncrepl entry in the consumer for each branch (area1, area2) with different rids
syncrepl rid=101
provider="ldap://provider:389"
bindmethod=simple
binddn="cn=replicator,o=myorg,cn=org"
credentials="***"
searchbase="o=area1,o=myorg,dc=org"
type=refreshAndPersist
retry="5 5 300 5"
timeout=3
schemachecking=off
scope=sub
and I've also activated syncprov on the provider.
The proble arises when I try to add any data on the consumer, it always fails with error:
LDAP Error code 53 - shadow context; no update referral
Best Answer
Yes you can. Just search filter and attrs you want to replicate at your syncrepl configuration
now, it goes as follows:
There is one catch though. For attributes that your master samba does not have it, you have to update manually. For example, you have samba password at your consumer LDAP and your master LDAP does not have it, you have to update 2 LDAP to sync sambaNTPassword and sambaLMPassword at consumer LDAP to userPassword at master LDAP when user change their password. Of course, that only apply if you want to keep them passwords sync though.