Please test. p.
It works, but needs to adjustement to the master ACL. My basic
configuration yield me this at OTP bind on replica:
ldap_sasl_interactive_bind_s: Bad parameter to an ldap routine (-9)
replica slapd logs:
conn=1001 op=0 RESULT tag=103 err=50 text=
SASL [conn=1001] Failure: Error putting OTP secret
send_ldap_result: conn=1001 op=0 p=3
send_ldap_result: err=80 matched="" text="SASL(-1): generic failure:
Error putting OTP secret"
This has been fixed on the master, by adding this at the beginning of
access to * attrs=cmusaslsecretOTP
by dn.regex="cn=replica,o=test" write stop
by * break
Another point: bind on the replica is impossible when the master is
down. I understand this is to prevent replaying the same OTP on multiple
replicas, but that defeats the purpose of setting up replicas for fail
over. What about making the behavior configurable?