1SLAPSCHEMA(8C)                                                  SLAPSCHEMA(8C)
2
3
4

NAME

6       slapschema - SLAPD in-database schema checking utility
7

SYNOPSIS

9       /usr/sbin/slapschema  [-afilter]  [-bsuffix] [-c] [-ddebug-level] [-fs‐
10       lapd.conf] [-Fconfdir] [-g]  [-HURI]  [-lerror-file]  [-ndbnum]  [-oop‐
11       tion[=value]] [-ssubtree-dn] [-v]
12

DESCRIPTION

14       Slapschema  is  used  to  check  schema compliance of the contents of a
15       slapd(8) database.  It opens the given database determined by the data‐
16       base  number  or  suffix and checks the compliance of its contents with
17       the corresponding schema. Errors are written to standard output or  the
18       specified  file.   Databases  configured as subordinate of this one are
19       also output, unless -g is specified.
20
21       Administrators may need to  modify  existing  schema  items,  including
22       adding  new required attributes to objectClasses, removing existing re‐
23       quired or allowed attributes from objectClasses, entirely removing  ob‐
24       jectClasses,  or  any  other change that may result in making perfectly
25       valid entries no longer compliant with the modified schema.  The execu‐
26       tion  of  the  slapschema tool after modifying the schema can point out
27       inconsistencies that would otherwise surface only when inconsistent en‐
28       tries need to be modified.
29
30
31       The entry records are checked in database order, not superior first or‐
32       der.  The entry records will be checked considering all (user and oper‐
33       ational)  attributes stored in the database.  Dynamically generated at‐
34       tributes (such as subschemaSubentry) will not be considered.
35

OPTIONS

37       -a filter
38              Only check entries matching the asserted filter.  For example
39
40              slapschema -a \
41                  "(!(entryDN:dnSubtreeMatch:=ou=People,dc=example,dc=com))"
42
43              will check all but the "ou=People,dc=example,dc=com" subtree  of
44              the    "dc=example,dc=com"   database.    Deprecated;   use   -H
45              ldap:///???(filter) instead.
46
47       -b suffix
48              Use the specified suffix to determine which database  to  check.
49              By default, the first database that supports the requested oper‐
50              ation is used. The -b cannot be used in conjunction with the  -n
51              option.
52
53       -c     Enable continue (ignore errors) mode.
54
55       -d debug-level
56              Enable  debugging  messages  as  defined by the specified debug-
57              level; see slapd(8) for details.
58
59       -f slapd.conf
60              Specify an alternative slapd.conf(5) file.
61
62       -F confdir
63              specify a config directory.  If both -f and  -F  are  specified,
64              the  config  file will be read and converted to config directory
65              format and written to the specified directory.  If  neither  op‐
66              tion  is specified, an attempt to read the default config direc‐
67              tory will be made before trying to use the default config  file.
68              If  a valid config directory exists then the default config file
69              is ignored.
70
71       -g     disable subordinate gluing.  Only the specified database will be
72              processed, and not its glued subordinates (if any).
73
74       -H  URI
75              use  dn,  scope  and filter from URI to only handle matching en‐
76              tries.
77
78       -l error-file
79              Write errors to specified file instead of standard output.
80
81       -n dbnum
82              Check the dbnum-th database listed in  the  configuration  file.
83              The  config  database slapd-config(5), is always the first data‐
84              base, so use -n 0
85
86              The -n cannot be used in conjunction with the -b option.
87
88       -o option[=value]
89              Specify an option with a(n optional)  value.   Possible  generic
90              options/values are:
91
92                     syslog=<subsystems>  (see `-s' in slapd(8))
93                     syslog-level=<level> (see `-S' in slapd(8))
94                     syslog-user=<user>   (see `-l' in slapd(8))
95
96
97       -s subtree-dn
98              Only check entries in the subtree specified by this DN.  Implies
99              -b subtree-dn if no -b nor -n option is given.  Deprecated;  use
100              -H ldap:///subtree-dn instead.
101
102       -v     Enable verbose mode.
103

LIMITATIONS

105       For  some backend types, your slapd(8) should not be running (at least,
106       not in read-write mode) when you do this to ensure consistency  of  the
107       database.  It  is  always safe to run slapschema with the slapd-mdb(5),
108       and slapd-null(5) backends.
109

EXAMPLES

111       To check the schema compliance of your SLAPD database  after  modifica‐
112       tions  to  the  schema, and put any error in a file called errors.ldif,
113       give the command:
114
115            /usr/sbin/slapschema -l errors.ldif
116

SEE ALSO

118       ldap(3), ldif(5), slapd(8)
119
120       "OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)
121

ACKNOWLEDGEMENTS

123       OpenLDAP Software is developed and maintained by The  OpenLDAP  Project
124       <http://www.openldap.org/>.  OpenLDAP Software is derived from the Uni‐
125       versity of Michigan LDAP 3.3 Release.
126
127
128
129OpenLDAP 2.6.3                    2022/07/14                    SLAPSCHEMA(8C)
Impressum