so I added that to both masters, restarted, and viola, it's replicating both directions well.
Do you think that could have been my problem? Here is my config (names changed to protect the innocent)
credentials=SECRET searchbase="dc=abc,dc=xyz" type=refreshAndPersist scope=sub
interval=00:00:00:10 retry="5 5 100 5" timeout=1 schemachecking=off
attrs="*,structuralObjectClass,entryUUID,entryCSN,creatorsName,createTimestamp,modifiersName,modifyTimestamp"
syncrepl rid=011 provider=ldap://ldap2.nitle.org:1000 binddn="cn=manager,dc=abc,dc=xyz" bindmethod=simple
credentials=SECRET searchbase="dc=abc,dc=xyz" type=refreshAndPersist schemachecking=off scope=sub
interval=00:00:00:10 retry="5 5 100 5" timeout=1
attrs="*,structuralObjectClass,entryUUID,entryCSN,creatorsName,createTimestamp,modifiersName,modifyTimestamp"
overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100
Both masters have the same config options.