Sync working in lab but not in production

[Philip Colmer <philip.colmer@linaro.org>]

I suspect I've broken a fundamental rule of how sync works on OpenLDAP
but here goes ...

We've been running a single OpenLDAP server for a while now so I
wanted to get some resiliency into place. We are using version 2.4.28
on Ubuntu 12.04.

The original machine is a VM so I cloned it and built two further
servers from that clone. I then followed the instructions in
https://help.ubuntu.com/12.04/serverguide/openldap-server.html to add
the provider bits to server A and the consumer bits to server B.

That works fine.

So, since I had a working consumer, I added the provider bits to the
original LDAP server and changed the configuration on server B so that
it queries that server and not server A. Syncing now fails and I'm
getting the following in the log:

slapd[8201]: conn=1059 fd=18 ACCEPT from IP=127.0.0.1:52374 (IP=0.0.0.0:389)
slapd[8201]: conn=1059 op=0 BIND dn="cn=XXX,dc=YYY,dc=ZZZ" method=128
slapd[8201]: conn=1059 op=0 BIND dn="cn=XXX,dc=YYY,dc=ZZZ" mech=SIMPLE ssf=0
slapd[8201]: conn=1059 op=0 RESULT tag=97 err=0 text=
slapd[8201]: conn=1059 op=1 SRCH base="cn=accesslog" scope=2 deref=0
filter="(&(?objectClass=auditWriteObject)(?reqResult=0))"
slapd[8201]: conn=1059 op=1 SRCH attr=reqDN reqType reqMod reqNewRDN
reqDeleteOldRDN reqNewSuperior entryCSN
slapd[8201]: conn=1059 op=1 SEARCH RESULT tag=101 err=32 nentries=0 text=
slapd[8201]: do_syncrep2: rid=000 LDAP_RES_SEARCH_RESULT (32) No such object
slapd[8201]: do_syncrep2: rid=000 (32) No such object
slapd[8201]: conn=1059 op=2 UNBIND

I've double-checked the configuration on the provider and if I revert
the configuration on server B so that it consumes from server A, it
all works again.

Have I broken a fundamental rule? If I have, how can I fix it? If I
haven't, what have I done wrong?

Thanks.

Philip