https://bugs.openldap.org/show_bug.cgi?id=9466
--- Comment #1 from Howard Chu hyc@openldap.org --- Certainly sounds like a bug in glibc. Note the slapd(8) documentation:
-u user slapd will run slapd with the specified user name or id, and that user's supplementary group access list as set with init‐ groups(3). The group ID is also changed to this user's gid, un‐ less the -g option is used to override. Note when used with -r, slapd will use the user database in the change root environment. <<<
The workaround they've suggested is unacceptable. It is decades of standard practice for processes using chroot jails to use the security databases inside the chroot jail, not the databases of the host environment.