On Solaris 8/9 changing passwords using the passwd command does not work
when the LDAP clients bind to a replicated LDAP readonly server. The
Solaris client does not understand the referral to the supplier LDAP
sent by the consumer. The LDAP client can only change the password when
it binds to the supplier and receives no referral.

* Supplier: Directory Server 5.2 on Solaris 9 4/03
* Consumer: Directory Server 5.2 on Solaris 8 12/02
* Clients: Solaris 9 4/03, Solaris 8 12/02

$ passwd -r ldap
passwd: Changing password for bernd
Enter existing login password:
New Password:
Re-enter new Password:
passwd: password successfully changed for bernd

Client Syslog:
Jul 4 15:03:01 temp-net5 passwd[781]: [ID 545954 user.error]
libsldap: Invalid or non-LDAP URL when processing referrals URL:
Jul 4 15:03:01 temp-net5 passwd[781]: [ID 293258 user.error]
libsldap: Status: 0 Mesg: Internal write State machine exit (state =
14, rc = 0).

Everything is set up according to the Sun docs and I can't find any
configuration mistake. The referrals on the consumer LDAP are correct
and the client can resolve the host names.

What could be wrong here?
Has anybody a working setup with LDAP replicas?
Is there a better approach for load balancing and failover?

Thanks in advance for help.