Problem
slapd cannot be started properly because of missing schema extensions which came from the ppolicy-overlay-module. The overlay was removed by setting the ucr-variable ldap/ppolicy='no' or by unsetting it. If this variable was set in the LDAP layer using a policy and therefore distributed to all domain controllers, then replication may be affected after it is removed.
There may be a slapd-process which is not shown by the command systemctl status slapd.service. Look with ps -ef | grep slapd for remaining slapd-processes and kill them with killall slapd before you proceed.
Solution
After reactivating the ppolicy-overlay-module by setting the ucr-variable ldap/ppolicy='yes' the schema was added to the LDAP-configuration again.
ucr set ldap/ppolicy='yes'
systemctl restart slapd.service
The slapd.service should be startable again, except the Univention-Directory-Listener may have generated a failed.ldif file in the meantime. Cleaning up this situation is described in this article:
Problem: Troubleshooting slapd during an failed.ldif import
Investigation
The command slapschema shows this:
root@mf2primary:/etc# slapschema
65731e99 UNKNOWN attributeDescription "PWDFAILURETIME" inserted.
65731e99 UNKNOWN attributeDescription "PWDACCOUNTLOCKEDTIME" inserted.
65731e99 UNKNOWN attributeDescription "PWDCHANGEDTIME" inserted.