Is there any documentation or post explaining what you mean by "master/slave".
This is something I always find a bit confusing with Zentyal, especially when looking at restrictions while running Samba, master, slave etc..
I think I understand LDAP pretty well (I've deployed world wide LDAP infrastructure with custom schema and complex replicaiton scheme) but can't figure why such limitation occurs.
When I tried to investigate a bit more, I came under the impression that what you call "master/slave" is somewhat different from what I understand.
To me, ALL ldap servers being part of master/slave design should have exactly same content in term of schema and entries. The only difference between master and slave is that master accepts updates (entry creation, modiciaiton, delete) while slave works in "read only" mode and sends back referral (to master ldap servers) in case ldap clients tries to write on slave server.
Because of this, I don't understand why such limitation exists in you implementation and I don't understand why Zentyal components are not configured in such a way that one describes what is the main ldap server and what is the failover ldap server. After all, this is the only reason to have master/slave design (plus potentially some security reasons that might push not to have ldap master running on Zentyal server acting as internet gateway).
My approach is more toward users&groups design based on one single LDAP server (that is master), bringing replication capability for failover or performance reasons. Then new Zentyal instance deployment should contain, somewhere, parameter to identify LDAP server it relies on.
Is it standalone LDAP server ? if yes, then this is most likely local master
is it an existing ldap server ? remote ? Then one valid question is to decide whenever local replication (slave) should be deployed, but this is part of LDAP service redundancy, perf etc... not part of service (mail, samba etc) deployment.
So this is how I perceive this kind of deployment but I don't feel this is the way your implementation works but can't find any documentaiton expalining this.
Christian