So... I need to add an extra "auth" line for my replication DN? I never saw that mentioned in the "OpenLDAP Administrator's Guide"; I assumed that mentioning it as the "updatedn" would be sufficient.
Well, let's take a look at the logs to figure it out:
Sep 13 10:44:07 titan slapd[5789]: conn=0 op=0 BIND dn="uid=slapd,ou=Services,dc=precidia" mech=SIMPLE ssf=0 Sep 13 10:44:07 titan slapd[5789]: conn=0 op=0 RESULT tag=97 err=0 text=
So you're not failing on the BIND. "auth" privs aren't at issue.
Sep 13 10:44:07 titan slapd[5789]: => access_allowed: delete access to "uid=bcwhite,ou=People,dc=precidia" "userPassword" requested Sep 13 10:44:07 titan slapd[5789]: => access_allowed: delete access denied by none(=0)