SLAPSCHEMA(8C) SLAPSCHEMA(8C)
NAME
slapschema - SLAPD in-database schema checking utility
SYNOPSIS
/usr/sbin/slapschema [-afilter] [-bsuffix] [-c] [-ddebug-level]
[-fslapd.conf] [-Fconfdir] [-g] [-HURI] [-lerror-file] [-ndbnum]
[-ooption[=value]] [-ssubtree-dn] [-v]
DESCRIPTION
Slapschema is used to check schema compliance of the contents of a
slapd(8) database. It opens the given database determined by the
database number or suffix and checks the compliance of its contents
with the corresponding schema. Errors are written to standard output or
the specified file. Databases configured as subordinate of this one
are also output, unless -g is specified.
Administrators may need to modify existing schema items, including
adding new required attributes to objectClasses, removing existing
required or allowed attributes from objectClasses, entirely removing
objectClasses, or any other change that may result in making perfectly
valid entries no longer compliant with the modified schema. The
execution of the slapschema tool after modifying the schema can point
out inconsistencies that would otherwise surface only when inconsistent
entries need to be modified.
The entry records are checked in database order, not superior first
order. The entry records will be checked considering all (user and
operational) attributes stored in the database. Dynamically generated
attributes (such as subschemaSubentry) will not be considered.
OPTIONS
-a_filter
Only check entries matching the asserted filter. For example
slapschema -a \
"(!(entryDN:dnSubtreeMatch:=ou=People,dc=example,dc=com))"
will check all but the "ou=People,dc=example,dc=com" subtree of
the "dc=example,dc=com" database. Deprecated; use -H
ldap:///???(filter) instead.
-b_suffix
Use the specified suffix to determine which database to check.
The -b cannot be used in conjunction with the -n option.
-c Enable continue (ignore errors) mode.
-d_debug-level
Enable debugging messages as defined by the specified
debug-level; see slapd(8) for details.
-f_slapd.conf
Specify an alternative slapd.conf(5) file.
-F_confdir
specify a config directory. If both -f and -F are specified,
the config file will be read and converted to config directory
format and written to the specified directory. If neither
option is specified, an attempt to read the default config
directory will be made before trying to use the default config
file. If a valid config directory exists then the default config
file is ignored.
-g disable subordinate gluing. Only the specified database will be
processed, and not its glued subordinates (if any).
-H URI
use dn, scope and filter from URI to only handle matching
entries.
-l_error-file
Write errors to specified file instead of standard output.
-n_dbnum
Check the dbnum-th database listed in the configuration file.
The config database slapd-config(5), is always the first
database, so use -n 0
The -n cannot be used in conjunction with the -b option.
-o_option[=value]
Specify an option with a(n optional) value. Possible generic
options/values are:
syslog=<subsystems> (see `-s' in slapd(8))
syslog-level=<level> (see `-S' in slapd(8))
syslog-user=<user> (see `-l' in slapd(8))
-s_subtree-dn
Only check entries in the subtree specified by this DN. Implies
-b subtree-dn if no -b nor -n option is given. Deprecated; use
-H ldap:///subtree-dn instead.
-v Enable verbose mode.
LIMITATIONS
For some backend types, your slapd(8) should not be running (at least,
not in read-write mode) when you do this to ensure consistency of the
database. It is always safe to run slapschema with the slapd-bdb(5),
slapd-hdb(5), and slapd-null(5) backends.
EXAMPLES
To check the schema compliance of your SLAPD database after
modifications to the schema, and put any error in a file called
errors.ldif, give the command:
/usr/sbin/slapcat -l errors.ldif
SEE ALSO
ldap(3), ldif(5), slapd(8)
"OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)
ACKNOWLEDGEMENTS
OpenLDAP Software is developed and maintained by The OpenLDAP Project
<http://www.openldap.org/>. OpenLDAP Software is derived from
University of Michigan LDAP 3.3 Release.
OpenLDAP 2.4.28 2011/11/24 SLAPSCHEMA(8C)