diff --git a/ldap/manifests/init.pp b/ldap/manifests/init.pp
index e2c146a..93f10a3 100644
--- a/ldap/manifests/init.pp
+++ b/ldap/manifests/init.pp
@@ -523,11 +523,18 @@ class ldap::server {
 #   $aclsource:
 #       Source file for custom ACL's. Default is to use template.
 #
+#   $master:
+#       Master LDAP server URI when creating slave database.
+#
+#   $syncpw:
+#       Password for uid=replicator,cn=config,${name} user on master.
+#       Only needed for slave databases.
+#
 # === Sample usage
 #
 # ldap::server::database { "dc=example,dc=com": }
 #
-define ldap::server::database($aclsource = "") {
+define ldap::server::database($aclsource = "", $master = "", $syncpw = "") {
 
     include ldap::server
 
diff --git a/ldap/templates/slapd-database.conf.erb b/ldap/templates/slapd-database.conf.erb
index b3e052f..ebc524b 100644
--- a/ldap/templates/slapd-database.conf.erb
+++ b/ldap/templates/slapd-database.conf.erb
@@ -24,6 +24,25 @@ syncprov-sessionlog		100
 # Mode 700 recommended.
 directory	/srv/ldap/<%= name %>
 
+<% if master != "" -%>
+# replication
+syncrepl rid=2
+         provider=<%= master %>
+         type=refreshAndPersist
+         retry="10 10 60 +"
+         searchbase="<%= ldap_basedn %>"
+         filter="(objectClass=*)"
+         scope="sub"
+         sizelimit=500000
+         timelimit=360000
+         schemachecking="off"
+         bindmethod="simple"
+         tls_reqcert="never"
+         binddn="uid=replicator,cn=config,<%= ldap_basedn %>"
+         credentials="<%= syncpw %>"
+updateref <%= master %>
+<% end -%>
+
 # include acl and index configs
 include		<%= scope.lookupvar('ldap::server::config') %>/slapd.conf.d/acl.<%= name %>.conf
 include		<%= scope.lookupvar('ldap::server::config') %>/slapd.conf.d/index.<%= name %>.conf