Following the excellent guide here: https://wiki.debian.org/LDAP/OpenLDAPSetup
I was able to get LDAP replication working fairly easily. There are two problems with this however.
1. The default slapd configuration will use dc=nodomain (if no domain was picked at install) otherwise whatever domain you picked at install. You are not asked to choose, so of course if you have a different domain than your LDAP server replication will not function.
2. The above guide does NOT use SSL for replication for some reason
On your client, do the following to change dc=nodomain to whatever it should be for replication
Update all dc=nodomain entries to dc=your,dc=domain
Then start slapd
Create an LDIF file like the following (in this case, mirror.ldif)
olcSyncrepl: rid=004 provider=ldaps://YOURMASTERHOSTNAME:636 bindmethod=simple binddn="cn=mirrormode,dc=bbis,dc=us" credentials=YOURPASSWORD tls_reqcert=never searchbase="dc=bbis,dc=us" schemachecking=on type=refreshAndPersist retry="60 +" tls_cert=/etc/ldap/ssl/server.pem tls_cacert=/etc/ldap/ssl/server.pem tls_key=/etc/ldap/ssl/server.pem
Note that “rid=004” should be different for each LDAP server you bring in to play. Replace dc=bbis,dc=us with your domain.
Now add it to your schema
ldapmodify -QY EXTERNAL -H ldapi:/// -f mirror.ldif
Use ldapsearch to verify functonality
ldapsearch -H ldap://127.0.0.1 -x