Fedora directory users - Mar 2007 - 2 user passwords ? / updates on consumer without referral

hello list !

i''m doing some tests to replace our openldap based ldap infrastructure
with fds; i''m really happy with fds compared to openldap, but
i''m running
into a little problem...

what i''m trying to achieve: we have 2 different user passwords: one for
our
lan, the other for the dmz (imap, jabber, ...) ; the ldap supplier is in the
lan, and there''s a consumer in the dmz;
the lan password should be used for user/services binding to the lan server,
while the dmz password should be used for user/services binding to the dmz
server

is there a simple way to do that with fds (eg. a plugin where one can choose
which attribute fds uses for binds) ?

with openldap, on the supplier, the lan password was stored in userPassword,
and the dmz password was stored in obsDmzPassword (from our custom schema) ;
the userPassword attribute was excluded from the lan->dmz replication, and
we had a script that would connect to the dmz as the directory manager (->
so no referral with this user) and which would copy the content of
obsDmzPassword to userPassword

that''s ugly, but it worked fine

now, with fds, i managed to do the same thing, when selecting "use the
databases"  under "suffix request processing" on the consumer ;
however,
this setting goes back to "return referrals for update operations"
after
each full consumer initialization ; is there a way to prevent that from
happening ?


thanks !

ivan