Why should X user ever need to run this tool to generate a value?
Slappasswd is used to generate an userPassword value suitable
for use with ldapmodify(1), slapd.conf(5) rootpw configuration
directive or the slapd-config(5) olcRootPW configuration directive.
Do you want to restrict this text regarding ldapmodify(1) only for the cases
that the slappasswd user has also write access to back-config?
Of course your are the OpenLDAP boss. You can change everything to make it
work for you. But it breaks existing operational procedures for other people.