After exchanging a few private messages with Pierangelo Masarati, I just
When binding using SASL OTP to a replica, the bind works, but the
cmusaslsecretOTP attribute is modified on the replica and fail to be
propagated to the master. On the next modification, the master will
overwrite the replica's updated cmusaslsecretOTP value.
Here is a script that exhibit the behaviour:
That require SASL enabled OpenLDAP, with the OTP plugin installed.
PATH in run.sh must probably be adjusted.
The problem is in sasl_auxprop_store(), who bypass the replication
process. The easier fix to me seems to send a referal to the master on
any SASL OTP bind, Any other idea?