I'm testing openldap 2.5 in preparation for migration my production
services, and I noticed that the 2.5 RPMs no longer create an ldap user
and instead run slapd as root by default? Is this because they're no
longer intended to replace the system bundled openldap packages? It
seems undesirable from a security perspective to run slapd as root
rather than a dedicated service account.
I see there's a note about updating the startup options to run as a
service account here:
https://repo.symas.com/soldap/systemd/
but the ldap user/group used as an example won't exist unless the system
RPMs or the 2.4 RPMs have been previously installed or the user is
created manually.
