Comment 11 for bug 563829

It seems like the new slapd.postinst in 2.4.21-0ubuntu5 will cause a configuration error for upgrades from previous Lucid versions of the package.

Specifically, up through 2.4.21-0ubuntu4, the postinst script added the following line:
  olcAccess: to * by dn.exact=cn=localroot,cn=config manage by * break
to the /etc/ldap/slapd.d/cn=config/olcDatabase={-1}frontend.ldif file (when upgrading from a previous version older than 2.4.17-1ubuntu3).

The new version of the script will add the following line instead (and will do so when upgrading from any prior version of the package):
  olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break

But since there is no attempt to remove the old non-indexed line while the indexed one is added, slapd will refuse to start with the resulting frontend.ldif file.

I can't easily run an actual test of this upgrade path myself, but bug 570657 and bug 570533 seem to be consistent with this scenario.