What problems or error messages are you having exactly? The new package is suppose to adjust the new permissions automatically to have slapd run as the ldap user and group.

If you do a:
chown -R root:ldap /etc/openldap/schema

does it works afterwards with the "-u ldap -g ldap" options?

Thank you for your answers. It's not a permission issue, sorry if I wasn't clear about the error message.

My openldap was already configured to drop its permission to an non-root user. Since it wasn't done by default I named this user openldap and configured it via the SLAPD_OPTIONS field in /etc/conf.d/slapd, which seemed like the right place to do it. If the updated package was taking advantage of this, pacman would nicely create a /etc/conf.d/slapd.pacnew file and as an admin I would be happily enjoying this great improvement of the default configuration.

In fact in my case there was another problem since the upgrade process did a chown of /var/lib/openldap/openldap-data. I didn't thought of that before, thank you for mentionning permissions. I would rather have pacman print some upgrade instructions instead of wildly messing with a working setup.

Here is what I got as an error message right after the upgrade :
[root@midgard /etc/conf.d] 3514 # /etc/rc.d/slapd restart
:: Stopping OpenLDAP [DONE]
:: Starting OpenLDAP [BUSY]
/etc/rc.d/slapd: line 9: 7760 Segmentation fault /usr/sbin/slapd -u ldap -g ldap -h "$SLAPD_SERVICES" $SLAPD_OPTIONS
[FAIL]

Anyway, thank you again for your help.

I see now. Perhaps a post-upgrade message would've been appropriate but I guess it's too late now. The reason I didn't put one is that we suppose that users use packages the way they are meant to be used. The old package was running the daemon as root. By creating an openldap user to to run the daemon, you were basically using a custom package. Instead of modifying the existing PKGBUILD and building a new package, you did the changes directly to your system. When doing such things, you need to be more careful when upgrading. Fortunately, it didn't took us time to identify the problem.

I added the "-u ldap -g ldap" to the daemon instead of the config file because they are not really options. The new packages is meant to be run as the ldap user and ldap group (all the files permissions are set accordingly). It's not something users can change like the other options, at least whithout messing with file permissions.

As for this bug report, I'm inclined to simply close it. I'll leave it open for a week or so in case there is something you or other users want to add. And it'll be easier to find for users who have similar problems. I would recommend to change your system to use the ldap user created by the package instead of your openldap user. It'll save you from permissions problems on future updates.

As for this issue I also consider it solved in my case, thank you for your time and efforts.

But as your explaination I must call it bullshit, I'm sorry. I was in no way using anything you could even remotely call a "custom package" since I just changed a configuration option!

The default "run as root" was a real problem. I agree with you and it is really better now you changed that - and I thank you for that. But what was I supposed to do before? File a bug report to change a default setting that annoy me? No I wouldn't think about doing that! Even though it was a dumb default setting, there was a sane way to fix the problem : the SLAPD_OPTIONS field in the conf.d file. Because this variable was provided there was no problem at all for me to do that.

Again I am sorry because I really respect the maintainer work and the time you provide to make archlinux a better linux distribution. You just didn't thought of a way some users would use your package and that's fine, I am not angry and I still thank you for this upgrade. Just don't bullshit please.

Actually, you should've open a feature resquest on the bug tracker. Many daemons run as the nobody user or as their own user so it would have been accepted. It might have taken some time as the package is orphaned but that's another story.

The -u and -g options are not like the rest of the options which works out-of-the-box by simply setting them in the conf.d file and restarting the server. First you must create the user and group if they don't exist already, then you need to modify the ownership of directories and files. So in addition of modifying the conf.d file which is expected from users, you also changed the ownership of directories/files installed by pacman which is unexpected. This is why the update cause some problems for you. If you still disagree, that is fine.

I'll close this as any further discussion would be pointless. The openldap server now runs as non-root and your system is fixed.