1.lf 1 stdin 2.TH SLAPSCHEMA 8C "2020/04/28" "OpenLDAP 2.4.50" 3.\" Copyright 1998-2020 The OpenLDAP Foundation All Rights Reserved. 4.\" Copying restrictions apply. See COPYRIGHT/LICENSE. 5.\" $OpenLDAP$ 6.SH NAME 7slapschema \- SLAPD in-database schema checking utility 8.SH SYNOPSIS 9.B /usr/sbin/slapschema 10[\c 11.BI \-a filter\fR] 12[\c 13.BI \-b suffix\fR] 14[\c 15.BR \-c ] 16[\c 17.BI \-d debug-level\fR] 18[\c 19.BI \-f slapd.conf\fR] 20[\c 21.BI \-F confdir\fR] 22[\c 23.BR \-g ] 24[\c 25.BI \-H URI\fR] 26[\c 27.BI \-l error-file\fR] 28[\c 29.BI \-n dbnum\fR] 30[\c 31.BI \-o option\fR[ = value\fR]] 32[\c 33.BI \-s subtree-dn\fR] 34[\c 35.BR \-v ] 36.LP 37.SH DESCRIPTION 38.LP 39.B Slapschema 40is used to check schema compliance of the contents of a 41.BR slapd (8) 42database. 43It opens the given database determined by the database number or 44suffix and checks the compliance of its contents with the corresponding 45schema. Errors are written to standard output or the specified file. 46Databases configured as 47.B subordinate 48of this one are also output, unless \fB\-g\fP is specified. 49.LP 50Administrators may need to modify existing schema items, including 51adding new required attributes to objectClasses, 52removing existing required or allowed attributes from objectClasses, 53entirely removing objectClasses, 54or any other change that may result in making perfectly valid entries 55no longer compliant with the modified schema. 56The execution of the 57.B slapschema 58tool after modifying the schema can point out 59inconsistencies that would otherwise surface only when 60inconsistent entries need to be modified. 61 62.LP 63The entry records are checked in database order, not superior first 64order. The entry records will be checked considering all 65(user and operational) attributes stored in the database. 66Dynamically generated attributes (such as subschemaSubentry) 67will not be considered. 68.SH OPTIONS 69.TP 70.BI \-a \ filter 71Only check entries matching the asserted filter. 72For example 73 74slapschema \-a \\ 75 "(!(entryDN:dnSubtreeMatch:=ou=People,dc=example,dc=com))" 76 77will check all but the "ou=People,dc=example,dc=com" subtree 78of the "dc=example,dc=com" database. 79Deprecated; use \fB-H\fP \fIldap:///???(filter)\fP instead. 80.TP 81.BI \-b \ suffix 82Use the specified \fIsuffix\fR to determine which database to 83check. The \fB\-b\fP cannot be used in conjunction 84with the 85.B \-n 86option. 87.TP 88.B \-c 89Enable continue (ignore errors) mode. 90.TP 91.BI \-d \ debug-level 92Enable debugging messages as defined by the specified 93.IR debug-level ; 94see 95.BR slapd (8) 96for details. 97.TP 98.BI \-f \ slapd.conf 99Specify an alternative 100.BR slapd.conf (5) 101file. 102.TP 103.BI \-F \ confdir 104specify a config directory. 105If both 106.B \-f 107and 108.B \-F 109are specified, the config file will be read and converted to 110config directory format and written to the specified directory. 111If neither option is specified, an attempt to read the 112default config directory will be made before trying to use the default 113config file. If a valid config directory exists then the 114default config file is ignored. 115.TP 116.B \-g 117disable subordinate gluing. Only the specified database will be 118processed, and not its glued subordinates (if any). 119.TP 120.B \-H \ URI 121use dn, scope and filter from URI to only handle matching entries. 122.TP 123.BI \-l \ error-file 124Write errors to specified file instead of standard output. 125.TP 126.BI \-n \ dbnum 127Check the \fIdbnum\fR\-th database listed in the 128configuration file. The config database 129.BR slapd\-config (5), 130is always the first database, so use 131.B \-n 0 132 133The 134.B \-n 135cannot be used in conjunction with the 136.B \-b 137option. 138.TP 139.BI \-o \ option\fR[ = value\fR] 140Specify an 141.I option 142with a(n optional) 143.IR value . 144Possible generic options/values are: 145.LP 146.nf 147 syslog=<subsystems> (see `\-s' in slapd(8)) 148 syslog\-level=<level> (see `\-S' in slapd(8)) 149 syslog\-user=<user> (see `\-l' in slapd(8)) 150 151.fi 152.TP 153.BI \-s \ subtree-dn 154Only check entries in the subtree specified by this DN. 155Implies \fB\-b\fP \fIsubtree-dn\fP if no 156.B \-b 157nor 158.B \-n 159option is given. 160Deprecated; use \fB-H\fP \fIldap:///subtree-dn\fP instead. 161.TP 162.B \-v 163Enable verbose mode. 164.SH LIMITATIONS 165For some backend types, your 166.BR slapd (8) 167should not be running (at least, not in read-write 168mode) when you do this to ensure consistency of the database. It is 169always safe to run 170.B slapschema 171with the 172.BR slapd\-bdb (5), 173.BR slapd\-hdb (5), 174and 175.BR slapd\-null (5) 176backends. 177.SH EXAMPLES 178To check the schema compliance of your SLAPD database after modifications 179to the schema, and put any error in a file called 180.BR errors.ldif , 181give the command: 182.LP 183.nf 184.ft tt 185 /usr/sbin/slapschema \-l errors.ldif 186.ft 187.fi 188.SH "SEE ALSO" 189.BR ldap (3), 190.BR ldif (5), 191.BR slapd (8) 192.LP 193"OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/) 194.SH ACKNOWLEDGEMENTS 195.lf 1 ./../Project 196.\" Shared Project Acknowledgement Text 197.B "OpenLDAP Software" 198is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>. 199.B "OpenLDAP Software" 200is derived from the University of Michigan LDAP 3.3 Release. 201.lf 195 stdin 202