Pierangelo Masarati <masarati(a)aero.polimi.it> wrote:
I'm not a fan of OTP, but I believe this problem is worth being
discussed not only with respect to OTP, but also because it may share
issues with other auth methods where the directory stores auth-related
data (like SASL auxprops).
When everything is set up correctly, a client should not direct binds
with this type of mech to a replica.
A simple solution in the single master situation is to redirect any SASL
OTP bind to the master. As far as I understand, we have no way of
configuring this right now, it needs at add some code, right?
The multi-master setup is much more complicated to get done right.