slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command, as demonstrated by openldap-initscript.
Upstream's position on this is that it's not a problem, because (quoting)
Nobody compromises slapd from the network. There are no buffer overflow
vulnerabilities, there are no RCE vulnerabilities.
You'll have to try to work around it in the init script. You can get the user of the process whose PID you find in the file with
ps -p <pid> -o user=
and you can get the name of the command with
ps -p <pid> -o comm=
If you check those against the expected values every time you send a signal, it's a lot safer. The most an attacker can do in that case is prevent you from killing his hacked process via the init script.
> See Also: https://bugs.gentoo.org/show_bug.cgi?id=767184
But I was told that slapd has no vulnerabilities. I wish you could see the face I'm making.