Okay,
I dumped my output to a file so I could see what was happening and debug.
In the syncrepl definition in slapd.conf, there are these two lines:
updatedn="cn=replicator,cn=service,cn=applications,dc=stanford,dc=edu"
binddn="cn=ldap-dev2,cn=ldap,cn=operational,dc=stanford,dc=edu"
What I find, is that the replica binds to the server as ldap-dev2 (as
expected), but then tries to read from the master as cn=replicator. My
understanding from the documentation was that the updatedn entry was the
entry that would be used from the master to the replica to write changes
back into the replica -- definitely not the case from what I can see. I
would expect the replica to continue to use its binddn as its method to
read... is it also using this updatedn to write back into itself? More
investigation on my part. ;)