slapschema — SLAPD in-database schema checking utility
SBINDIR/slapschema [
−a filter ] [
−b suffix ] [−c] [ −d debug−level ] [ −f slapd.conf ] [ −F confdir ] [−g] [ −H URI ] [ −l error−file ] [ −n dbnum ] [ −o option[= value] ] [ −s subtree−dn ] [−v]
Slapschema is
used to check schema compliance of the contents of a
slapd(8) database. It opens
the given database determined by the database number or
suffix and checks the compliance of its contents with the
corresponding schema. Errors are written to standard output
or the specified file. Databases configured as subordinate of this one are
also output, unless −g is
specified.
Administrators may need to modify existing schema items, including adding new required attributes to objectClasses, removing existing required or allowed attributes from objectClasses, entirely removing objectClasses, or any other change that may result in making perfectly valid entries no longer compliant with the modified schema. The execution of the slapschema tool after modifying the schema can point out inconsistencies that would otherwise surface only when inconsistent entries need to be modified.
The entry records are checked in database order, not superior first order. The entry records will be checked considering all (user and operational) attributes stored in the database. Dynamically generated attributes (such as subschemaSubentry) will not be considered.
−a
filterOnly check entries matching the asserted filter. For example
slapschema −a \ "(!(entryDN:dnSubtreeMatch:=ou=People,dc=example,dc=com))"
will check all but the "ou=People,dc=example,dc=com"
subtree of the "dc=example,dc=com" database.
Deprecated; use −H ldap:///???(filter)
instead.
−b
suffixUse the specified suffix to determine which
database to check. The −b cannot be used in conjunction
with the −n
option.
−cEnable continue (ignore errors) mode.
−d
debug−levelEnable debugging messages as defined by the
specified debug-level; see
slapd(8) for
details.
−f
slapd.confSpecify an alternative slapd.conf(5) file.
−F
confdirspecify a config directory. If both −f and −F are specified, the config file
will be read and converted to config directory format
and written to the specified directory. If neither
option is specified, an attempt to read the default
config directory will be made before trying to use the
default config file. If a valid config directory exists
then the default config file is ignored.
−gdisable subordinate gluing. Only the specified database will be processed, and not its glued subordinates (if any).
−H
URIuse dn, scope and filter from URI to only handle matching entries.
−l
error−fileWrite errors to specified file instead of standard output.
−n
dbnumCheck the dbnum−th database
listed in the configuration file. The config database
slapd-config(5), is
always the first database, so use −n 0
The −n cannot be
used in conjunction with the −b option.
−o
option[=value]Specify an option with a(n
optional) value. Possible generic
options/values are:
syslog=<subsystems> (see `−s' in slapd(8))
syslog−level=<level> (see `−S' in slapd(8))
syslog−user=<user> (see `−l' in slapd(8))
−s
subtree−dnOnly check entries in the subtree specified by this
DN. Implies −b
subtree-dn if
no −b nor
−n option is given.
Deprecated; use −H ldap:///subtree-dn
instead.
−vEnable verbose mode.
For some backend types, your slapd(8) should not be running (at least, not in read-write mode) when you do this to ensure consistency of the database. It is always safe to run slapschema with the slapd-bdb(5), slapd-hdb(5), and slapd-null(5) backends.
To check the schema compliance of your SLAPD database
after modifications to the schema, and put any error in a
file called errors.ldif, give the
command:
SBINDIR/slapcat −l errors.ldif
OpenLDAP Software is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>. OpenLDAP Software is derived from University of Michigan LDAP 3.3 Release.