OK.

Pierangelo Masarati is right all the way.

I'm not using the latest release. I'm using the one that debian provides. C programming doesn't 'chroot's, it 'setuid();'s. My mistake. Sorry. I'm not into the internals of openldap, but Pierangelo sure is and setuid() **before** reading the configuration files makes sense (which reminds me i should 'chown' those too), so I was far off.

But, one issue remains: When I deleted the files, /etc/init.d/slapd start /etc/init.d/slapd stop slapd -l base.ldif /etc/init.d/slapd start ldapdelete failed again with the same error: (80) entry index delete failed

After testing, I think the problem is with slapadd. The above command (slapd -l base.ldif) created one 'objectClass.bdb' file owned by root:root. After chown'ing that bdb file all works again.

Furthermore, if one skips the slapd start/stop steps, slapadd populates the database dir and all created files are owned by root.

Is this a bug or not? Shouldn't 'slapadd' setuid();?

One workaround is issuing 'sudo -u openldap slapadd ...' to avoid chown'ing afterwards.

Oh, and yes Pierangelo, I make mistakes. Lots of them, unfortunately, like many users. But I try not to post them in Bug reports ;)