I’ve been trying to setup OpenLDAP Master-Master replication running on SITE A (Datacenter 1) & SITE B (Datacenter 2) , I could successfully setup the sync between these masters. Changes are synchronized between the sites without any issues. Now I got a new requirement that “SITE A users/entries/objects should not be modifiable by SITE B and vice versa, but both have to send updates(sync) to each other.
I’m not aware how do I go with this. Will I need to think of having different OU’s configured for each site and sync the OU’s, control the write access with ACL?