Replication of new suffix not possible?

[Yvonne Lootsma <yvonne.lootsma@cmg.nl>]

Hello,
 
I have a system with one master and one slave, which is working fine.
The rootdn and updatedn are of the following form:
rootdn: "cn=AAA,o=CCC", 
updatedn: "cn=BBB,o=CCC"
 
There is already a tree with suffix "o=CCC" available in the database, now I
want to add a new tree with suffix "o=DDD".
In the slapd.conf files of both the master and the slave I added the
following line 
suffix    "o=DDD"
 
Everything was restarted and then I try to add to following data:

dn: o=DDD
objectClass: top
objectClass: organization
o: DDD

This is correctly added to the master, but the replication to the slave
fails. I get the following error line in the .rej file:

ERROR: Insufficient access.

 
When I try to add the same data with ldapadd to the slave with -D
"cn=BBB,o=CCC", I get the following output:

adding new entry "o=DDD"
ldap_add: Insufficient access
 
ldif_record() = 50
 

When I reconfigure the slave as master, it is possible to add the data.
After that, I can reconfigure the slave again as slave, and it is possible
to add new data of the following form:

dn: ou=EEE,o=DDD
ou: EEE
objectclass: top
objectclass: organizationalunit

 
This new data is now correctly replicated to the slave.
 
Question: How can I add the new tree with root "o=DDD" to the database
without reconfiguring the slave as a master?
 
It seems that it is not possible to replicate a new suffix.
Once the suffix has been added manually to the slave,
further addition of entries to the new suffix tree works fine. 
 
Yvonne Lootsma