LDAP (389 Directory Service) and Pacemaker with Multi-Master

I'm trying to setup a pair of LDAP servers running 389 (formerly Fedora DS) in high availability using Pacemaker with a floating IP. In addition, 389 supports multi-master replication, where all changes on one node are automatically replicated on one or more other nodes.

I'm fairly close to having everything working. Failover works just fine. And multi-master replication works fine. However, my current Pacemaker config stops the directory service on the non-active node. Which means that the backup node is not receiving replication data from the other node.

What is the right way to setup Pacemaker so that:

1. LDAP directory services are always running on both nodes
2. Floating IP is assigned to one of the nodes
3. Failover occurs if the master node dies or LDAP service stops running on the master

Initially, my Pacemaker config looked like the following:

property stonith-enabled=false
property no-quorum-policy=ignore

rsc_defaults resource-stickiness=100

primitive elastic_ip lsb:elastic-ip op monitor interval="10s"
primitive dirsrv lsb:dirsrv op monitor interval="10s"
order dirsrv-after-eip inf: elastic_ip dirsrv
colocation dirsrv-with-eip inf: dirsrv elastic_ip

I then explored using Pacemaker clones:

property stonith-enabled=false
property no-quorum-policy=ignore

rsc_defaults resource-stickiness=100

primitive elastic_ip lsb:elastic-ip op monitor interval="10s"
primitive ldap lsb:dirsrv op monitor interval="15s" role="Slave" timeout="10s" op monitor interval="16s" role="Master" timeout="10s"

ms ldap-clone ldap meta master-max=1 master-node-max=1 clone-max=3 clone-node-max=1 notify-true

colocation ldap-with-eip inf: elastic_ip ldap-clone:Master
order eip-after-promote inf: ldap-clone:promote elastic_ip:start
order ldap-after-eip inf: elastic_ip ldap-clone

Unfortunately, that doesn't quite work. pengine complains that "ldap-clone: Promoted 0 instances of a possible 1 to master" and then stops the LDAP service.