1SLAPSCHEMA(8C) SLAPSCHEMA(8C)
2
3
4
6 slapschema - SLAPD in-database schema checking utility
7
9 /usr/sbin/slapschema [-afilter] [-bsuffix] [-c] [-ddebug-level] [-fs‐
10 lapd.conf] [-Fconfdir] [-g] [-HURI] [-lerror-file] [-ndbnum] [-oop‐
11 tion[=value]] [-ssubtree-dn] [-v]
12
14 Slapschema is used to check schema compliance of the contents of a
15 slapd(8) database. It opens the given database determined by the data‐
16 base number or suffix and checks the compliance of its contents with
17 the corresponding schema. Errors are written to standard output or the
18 specified file. Databases configured as subordinate of this one are
19 also output, unless -g is specified.
20
21 Administrators may need to modify existing schema items, including
22 adding new required attributes to objectClasses, removing existing re‐
23 quired or allowed attributes from objectClasses, entirely removing ob‐
24 jectClasses, or any other change that may result in making perfectly
25 valid entries no longer compliant with the modified schema. The execu‐
26 tion of the slapschema tool after modifying the schema can point out
27 inconsistencies that would otherwise surface only when inconsistent en‐
28 tries need to be modified.
29
30
31 The entry records are checked in database order, not superior first or‐
32 der. The entry records will be checked considering all (user and oper‐
33 ational) attributes stored in the database. Dynamically generated at‐
34 tributes (such as subschemaSubentry) will not be considered.
35
37 -a filter
38 Only check entries matching the asserted filter. For example
39
40 slapschema -a \
41 "(!(entryDN:dnSubtreeMatch:=ou=People,dc=example,dc=com))"
42
43 will check all but the "ou=People,dc=example,dc=com" subtree of
44 the "dc=example,dc=com" database. Deprecated; use -H
45 ldap:///???(filter) instead.
46
47 -b suffix
48 Use the specified suffix to determine which database to check.
49 By default, the first database that supports the requested oper‐
50 ation is used. The -b cannot be used in conjunction with the -n
51 option.
52
53 -c Enable continue (ignore errors) mode.
54
55 -d debug-level
56 Enable debugging messages as defined by the specified debug-
57 level; see slapd(8) for details.
58
59 -f slapd.conf
60 Specify an alternative slapd.conf(5) file.
61
62 -F confdir
63 specify a config directory. If both -f and -F are specified,
64 the config file will be read and converted to config directory
65 format and written to the specified directory. If neither op‐
66 tion is specified, an attempt to read the default config direc‐
67 tory will be made before trying to use the default config file.
68 If a valid config directory exists then the default config file
69 is ignored.
70
71 -g disable subordinate gluing. Only the specified database will be
72 processed, and not its glued subordinates (if any).
73
74 -H URI
75 use dn, scope and filter from URI to only handle matching en‐
76 tries.
77
78 -l error-file
79 Write errors to specified file instead of standard output.
80
81 -n dbnum
82 Check the dbnum-th database listed in the configuration file.
83 The config database slapd-config(5), is always the first data‐
84 base, so use -n 0
85
86 The -n cannot be used in conjunction with the -b option.
87
88 -o option[=value]
89 Specify an option with a(n optional) value. Possible generic
90 options/values are:
91
92 syslog=<subsystems> (see `-s' in slapd(8))
93 syslog-level=<level> (see `-S' in slapd(8))
94 syslog-user=<user> (see `-l' in slapd(8))
95
96
97 -s subtree-dn
98 Only check entries in the subtree specified by this DN. Implies
99 -b subtree-dn if no -b nor -n option is given. Deprecated; use
100 -H ldap:///subtree-dn instead.
101
102 -v Enable verbose mode.
103
105 For some backend types, your slapd(8) should not be running (at least,
106 not in read-write mode) when you do this to ensure consistency of the
107 database. It is always safe to run slapschema with the slapd-mdb(5),
108 and slapd-null(5) backends.
109
111 To check the schema compliance of your SLAPD database after modifica‐
112 tions to the schema, and put any error in a file called errors.ldif,
113 give the command:
114
115 /usr/sbin/slapschema -l errors.ldif
116
118 ldap(3), ldif(5), slapd(8)
119
120 "OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)
121
123 OpenLDAP Software is developed and maintained by The OpenLDAP Project
124 <http://www.openldap.org/>. OpenLDAP Software is derived from the Uni‐
125 versity of Michigan LDAP 3.3 Release.
126
127
128
129OpenLDAP 2.6.2 2022/05/04 SLAPSCHEMA(8C)