Tentando configurar a replicação LDAP

Quero configurar a replicação mestre-escravo entre 2 servidores OpenLDAP.

Correr ldapsearch -H ldapi:/// -Y EXTERNAL -b "cn=config" -LLL -Q "olcDatabase=*" dnproduz isto:

no mestre:

dn: olcDatabase={-1}frontend,cn=config
dn: olcDatabase={0}config,cn=config
dn: olcOverlay={0}syncprov,olcDatabase={0}config,cn=config
dn: olcDatabase={1}hdb,cn=config
dn: olcOverlay={0}memberof,olcDatabase={1}hdb,cn=config
dn: olcOverlay={1}refint,olcDatabase={1}hdb,cn=config
dn: olcOverlay={2}syncprov,olcDatabase={1}hdb,cn=config

no escravo:

dn: olcDatabase={-1}frontend,cn=config
dn: olcDatabase={0}config,cn=config
dn: olcDatabase={1}mdb,cn=config

No escravo eu executo:ldapmodify -Y EXTERNAL -H ldapi:/// -f rp.ldiff

Meu rp.ldifffica assim:

dn: olcDatabase={1}hdb,cn=config
changetype: modify
add: olcSyncRepl
olcSyncRepl: rid=003
  provider=ldap://192.168.2.3:389/
  bindmethod=simple
  binddn="uid=rpuser,dc=redacted,dc=co"
  credentials=redacted
  searchbase="dc=redacted,dc=co"
  scope=sub
  schemachecking=on
  type=refreshAndPersist
  retry="30 5 300 3"
  interval=00:00:05:00

Quando adicionei rpuserusei algo assim:

dn: uid=rpuser,dc=redacted,dc=co
objectClass: simpleSecurityObject
objectclass: account
uid: rpuser
description: Replication  User
userPassword: redacted

E eu recebo esta saída:

SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry "olcDatabase={1}hdb,cn=config"
ldap_modify: No such object (32)
    matched DN: cn=config

A mesma coisa acontece se eu tentar usar o usuário administrador.

Como supero esse problema para concluir a configuração da replicação?