We've talked about this before; it would be nice for the consumer to be able to pull updates from a different suffix on the provider than the one in use on the consumer. Just attaching the rwm overlay is not straightforward, since that expects to sit on a database and the consumer's queries are sent through direct LDAP calls. A potential kludge for this would be to rewrite all of the consumer client code in terms of backend calls through a back-ldap instance. That seems a little heavy-handed though.
Another possibility may be to just expose some of the rwm overlay's entry points so the consumer can call them explicitly, faking enough of the context so we can call suffixmassage config. Suggestions?