rra@stanford.edu writes:

...

There are more ways (than slapindex) to break file ownership.

There is, and we should probably also do that, but slapindex is far and away the most common and it would be cool if we could catch the problem before it happens instead of just warning afterwards.

slapadd has the same problem. For that matter, starting slapd without -u can mess up for when you restart with -u. So we can just as well make it general: If root opens a database for writing, fail instead if the directory or database file is not owned by root. Unless a slapd.conf option says differently I guess. Not sure if the default should be to check that for slapd as well as the tools.