Thank you very much Quanah for your response!
Sort of. If you added the schema and then an object, the other masters
should halt replication at that point until they have a matching schema.
That's interesting.
Not really, no. It does depend on the version of OpenLDAP in use, as there
were some bugs in older OpenLDAP versions that would allow the object to
partially replicate or the object to just get skipped, which could cause
headache. But those issues were fixed.
So then best practice with tree sync is add the schema to all masters first, then an object. which would make sense.
I would say that by doing cn=config replication, you've added a wide
surface area for new issues to occur. I generally view cn=config
replication as more of a beta feature. There are still ongoing issues
being resolved and fixed for it (For example, ITS#8616 in the most recent
2.4.47 release)
Hmm... so would you recommend removing the replication of cn=config for now? Individually adding the schema to each master is feasible for us.
Thank you again
-Dave