Hmm. I have never done an HA pair with an LDAP-configured authentication backend for the webgui (which will also be xmlrpc sync.)
Later versions (including 2.4.X) fixed the long-standing issue of being unable to specify the xmlrpc username and password.
It might be worth creating a local user on the primary, which should sync to the secondary, that specifically includes the System - HA node sync permission then specifying that user on the primary in the XMLRPC settings.
The secondary is the one that is controlling where things are authenticated. Are you certain the user being specified is present there? Does the XMLRPC sync user and password pass on the secondary in Diagnostics > Authentication? Is there any significant delay? Are the Authentication servers specified identical on the primary and the secondary? Do both nodes pass Diagnostics > Authentication?
![Screen Shot 2017-11-03 at 12.12.06 PM.png](/public/imported_attachments/1/Screen Shot 2017-11-03 at 12.12.06 PM.png)
![Screen Shot 2017-11-03 at 12.12.06 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2017-11-03 at 12.12.06 PM.png_thumb)