Externalize access to a partial replica

[Jehan PROCACCIA <Jehan.Procaccia@it-sudparis.eu>]

hello

I need to give acces to a partial replica of my ldap directory
this replica only contain "white pages" attributes -> no userpassword !

syncrepl        rid=001
filter="(|(objectClass=organizationalPerson)
attrs="uid,cn,sn,ou,departmentNumber,GivenName

I created a bind user in the master ldap to give external access to that 
replica
but as I don't replicate userpassword, then that bind user doesn't have 
usperpasswd in the replicate and then cannot authenticate on it (egg and 
chiken pb !)

then how can I have that partial replica whitout userpassword attributes,
but still allow someone (at least one dn, but not the rootdn in 
slapd.conf that I want to keep secret)
to bind to that replica !?

I tested a binddn out of ldap database with SASL (digest-md5), but 
apparently (ldapsearch -Y) it requires  a userpassword attribute for 
that binddn in the ldap database :-(
I though that having a password only in /etc/salsdb2 would be enough ... 
to bad ;-(
I also tested with a translucent in front of my replica, in that 
translucent I added the userpassword for the binddn so that he can bind 
, but the search addresed to that translucent that finally goes to my 
partial replica ends up in an anonymous bind,
not as that binddn I expected :-( (so ACL cannot be match )

Please let me know how  to  let a user+password (binddn having 
correponding ACL) search my replica on a replica not containing 
userpassword attributes (or a least one for that binddn) . would it be 
possible to replicate userpassowrd attribute from the master only for 
that binddn ?

Thanks.