pedrorandrade@gmail.com writes:
After testing, I think the problem is with slapadd. The above command (slapd -l base.ldif) created one 'objectClass.bdb' file owned by root:root. After chown'ing that bdb file all works again.
Furthermore, if one skips the slapd start/stop steps, slapadd populates the database dir and all created files are owned by root.
Is this a bug or not? Shouldn't 'slapadd' setuid();?
If you're going to run slapd as a non-root user, you need to be sure that all data initialization is done as the user you're running slapd as. If any of that data initialization is done by the Debian packaging scripts (the upgrade scripts, the init script, and so forth), that's a bug in the Debian package. Please submit a bug to Debian so that we can fix it there.
I doubt that anything here is a bug in OpenLDAP.