If slap_passwd_parse returns something != LDAP_SUCCESS the code tries to free ndn->bv_val but this might be uninitialized and the server segfaults. http://www.openldap.org/its/index.cgi?findid=2390
This issue should also affect RHEL2.1