Ludwig,
what about this 'fix'
https://bugzilla.redhat.com/show_bug.cgi?id=1009122
won't the setting of nsslapd -ignore-time-skew==on effectively solve the issue?
IE on the down server edit the value in /etc/dirsrv/slapd-DOMAIN/dse.ldif to
nsslapd-ignore-time-skew=on
and then try to bring up the ipa server?