access to * by self write
I hope this isn't the first ACL you have, allowing self write to all attributes is most likely a security issue.
No, this is my last ACL, there are a few more restrictive ones above it.
by <some kind of entry regarding gssapi ldap/slave.domain.com auth?>
AFAIK, no, you need to just do some SASL to dn mapping with authz-regexp statements.
You should probably give your slaves read access to all attributes you want replicated on all entries you want replicated. And, you probably want the slaves to have unlimited (time,size) access.
It's probably most convenient to do this by putting all your slaves in a groupOfNames entry, eg cn=Replicator,ou=Group,dc=soe,dc=ucsc,dc=edu (with the DN each slave is mapped to by your authz-regexp's as a member attribute) and add clauses like this to every ACL:
by group="cn=Replicator,ou=Group,dc=soe,dc=ucsc,dc=edu" read
and a line like this in each database:
limits group="cn=Replicator,ou=Group,dc=soe,dc=ucsc,dc=edu" size=unlimited time=unlimited
Then, adding another slave requires only an ldapmodify (besides the slave configuration).
It can if you slapadd just the base entry for this database (with all normal attributes and at least the entryCSN attribute) with the -w flag (unnecessary if the entry you add has the contextCSN), then the slave should sync itself. However, depending on the size of your directory, it may be a lot more efficient to slapadd a recent dump of the entire database.
ciao, erich