I want to shadow my directory into multiple locations. I'd like to use
updateref to provide a way to make writes back to the master. The
problem is that updateref hands a new LDAP URI back to the client who
then tries to connect to the appropriate server... this is a problem if
the client does not have access to connect directly to the referred
server. In my case the shadow server has access to the master but the
clients do not (private subnet).
Is there a way for the shadow server to send the write operation to the
master itself, as though its proxying it, rather than returning a
referral to the client?