Some entries not syncing to slave using syncrepl

[Robert Fitzpatrick <lists@webtent.net>]

I have setup a 2.3.43 master/slave using syncrepl, but some entries are
not syncing. I have one entire tree (ou=Domains,dc=example,dc=com) and
some entries under another certain tree not coming over to the slave.

Here is my slapd.conf syncrepl entry on the slave with an ip address of
10.0.0.5...

syncrepl rid=120
                provider=ldap://10.0.0.6:389
                type=refreshAndPersist
                interval=00:00:05:00
                searchbase="dc=example,dc=com"
                filter="(objectClass=*)"
                scope=sub
                schemachecking=off
                bindmethod=simple
                binddn="uid=slurpd,ou=Services,dc=example,dc=com"
                credentials=password

And in my master from slapd.conf...

overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100

My ACL does not contain any specific access for my Domains container,
but at the bottom contains...

access to *
        by sockurl.regex="^ldapi://%2fvar%2frun%2fopenldap%2fldapi/$" write
        by group.exact="cn=Administrators,dc=example,dc=com" write
        by self write
        by users read
        by peername=10.0.0.5 read
        by * read

My slurpd uid is a member of the Administrators group entry. Using my
Domains tree as an example, I can read the entry no problem...

esmtp# ldapsearch -LLL -h 10.0.0.6 -D uid=slurpd,ou=Services,dc=example,dc=com -W "(ou=Domains)" dn
Enter LDAP Password: 
dn: ou=Domains,dc=example,dc=com

However, I have no Domains container in my slave :(

esmtp# ldapsearch -LLL -h localhost -D uid=slurpd,ou=Services,dc=example,dc=com -W "(ou=Domains)" dn
Enter LDAP Password:

Can someone help me shed some light on this problem?