When called in "upgrade" mode, the slapd.postinst script starts out by making a backup of the $SLAPD_CONF directory into /var/backups/slapd-<old-package-version>/ .
However, if the upgrade fails (e.g. because of bug #571057), then later attempts to run the upgrade script will still be called with the same old-package-version, and the script will blindly re-run the backup of $SLAPD_CONF onto the same destination directory, overwriting the original pre-upgrade-attempt versions of those files with the copies that include edits made by the earlier runs of the upgrade script.
I see there is some logic in the compute_backup_path function to check if the backup target already exists, and to abort the upgrade run if it does. Doing the same sort of check-and-abort in backup_config_once would be better than the current scenario, though it might be even nicer if the program could pick a new backup directory (e.g. /var/backups/slapd-<old-package-version>_try<count> or something) automatically, rather than aborting and forcing the user to clean up manually....
Makes sense, so marking confirmed/WishList. Nathan, would you care to prepare a patch?