Hi
After heartbeat we force password resets and we observe an odd behavior: after a password is changed, a replica will fail bind just as if the password was wrong (LDAP_INVALID_CREDENTIALS), while another replica will accept it. slapcat show idential userPassword hashes everywhere: master, bad replica and good replica.
Destroying the replica data and resyncrhonizing it fixes the problem.
Is there some kind of bind cache somewhere? This is OpenLDAP 2.4.33
openldap-technical@openldap.org