Yolinux.com

slapschema manpage

Search topic Section


SLAPSCHEMA(8C)							SLAPSCHEMA(8C)



NAME
       slapschema - SLAPD in-database schema checking utility

SYNOPSIS
       /usr/sbin/slapschema   [-afilter]   [-bsuffix]	[-c]   [-ddebug-level]
       [-fslapd.conf] [-Fconfdir] [-g] [-HURI] [-lerror-file] [-ndbnum] [-oop-
       tion[=value]] [-ssubtree-dn] [-v]

DESCRIPTION
       Slapschema  is  used  to	 check	schema compliance of the contents of a
       slapd(8) database.  It opens the given database determined by the data-
       base  number  or	 suffix and checks the compliance of its contents with
       the corresponding schema. Errors are written to standard output or  the
       specified  file.	  Databases  configured as subordinate of this one are
       also output, unless -g is specified.

       Administrators may need to  modify  existing  schema  items,  including
       adding  new  required  attributes  to  objectClasses, removing existing
       required or allowed attributes from  objectClasses,  entirely  removing
       objectClasses,  or any other change that may result in making perfectly
       valid entries no longer compliant with the modified schema.  The execu-
       tion  of	 the  slapschema tool after modifying the schema can point out
       inconsistencies that would otherwise  surface  only  when  inconsistent
       entries need to be modified.


       The  entry  records  are	 checked in database order, not superior first
       order.  The entry records will be checked  considering  all  (user  and
       operational)  attributes stored in the database.	 Dynamically generated
       attributes (such as subschemaSubentry) will not be considered.

OPTIONS
       -a filter
	      Only check entries matching the asserted filter.	For example

	      slapschema -a \
		  "(!(entryDN:dnSubtreeMatch:=ou=People,dc=example,dc=com))"

	      will check all but the "ou=People,dc=example,dc=com" subtree  of
	      the    "dc=example,dc=com"   database.	Deprecated;   use   -H
	      ldap:///???(filter) instead.

       -b suffix
	      Use the specified suffix to determine which database  to	check.
	      The -b cannot be used in conjunction with the -n option.

       -c     Enable continue (ignore errors) mode.

       -d debug-level
	      Enable  debugging	 messages  as  defined by the specified debug-
	      level; see slapd(8) for details.

       -f slapd.conf
	      Specify an alternative slapd.conf(5) file.

       -F confdir
	      specify a config directory.  If both -f and  -F  are  specified,
	      the  config  file will be read and converted to config directory
	      format and written  to  the  specified  directory.   If  neither
	      option  is  specified,  an  attempt  to  read the default config
	      directory will be made before trying to use the  default	config
	      file. If a valid config directory exists then the default config
	      file is ignored.

       -g     disable subordinate gluing.  Only the specified database will be
	      processed, and not its glued subordinates (if any).

       -H  URI
	      use  dn,	scope  and  filter  from  URI  to only handle matching
	      entries.

       -l error-file
	      Write errors to specified file instead of standard output.

       -n dbnum
	      Check the dbnum-th database listed in  the  configuration	 file.
	      The  config  database slapd-config(5), is always the first data-
	      base, so use -n 0

	      The -n cannot be used in conjunction with the -b option.

       -o option[=value]
	      Specify an option with a(n optional)  value.   Possible  generic
	      options/values are:

		     syslog=<subsystems>  (see `-s' in slapd(8))
		     syslog-level=<level> (see `-S' in slapd(8))
		     syslog-user=<user>	  (see `-l' in slapd(8))


       -s subtree-dn
	      Only check entries in the subtree specified by this DN.  Implies
	      -b subtree-dn if no -b nor -n option is given.  Deprecated;  use
	      -H ldap:///subtree-dn instead.

       -v     Enable verbose mode.

LIMITATIONS
       For  some backend types, your slapd(8) should not be running (at least,
       not in read-write mode) when you do this to ensure consistency  of  the
       database.  It  is  always safe to run slapschema with the slapd-bdb(5),
       slapd-hdb(5), and slapd-null(5) backends.

EXAMPLES
       To check the schema compliance of your SLAPD database  after  modifica-
       tions  to  the  schema, and put any error in a file called errors.ldif,
       give the command:

	    /usr/sbin/slapschema -l errors.ldif

SEE ALSO
       ldap(3), ldif(5), slapd(8)

       "OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)

ACKNOWLEDGEMENTS
       OpenLDAP Software is developed and maintained by The  OpenLDAP  Project
       <http://www.openldap.org/>.   OpenLDAP Software is derived from Univer-
       sity of Michigan LDAP 3.3 Release.



OpenLDAP 2.4.40			  2014/09/20			SLAPSCHEMA(8C)