Man Linux: Main Page and Category List


       slapschema - SLAPD in-database schema checking utility


       /usr/sbin/slapschema   [-afilter]   [-bsuffix]   [-c]   [-ddebug-level]
       [-fslapd.conf]  [-Fconfdir]  [-g]  [-HURI]   [-lerror-file]   [-ndbnum]
       [-ooption[=value]] [-ssubtree-dn] [-v]


       Slapschema  is  used  to  check  schema compliance of the contents of a
       slapd(8) database.  It opens  the  given  database  determined  by  the
       database  number  or  suffix  and checks the compliance of its contents
       with the corresponding schema. Errors are written to standard output or
       the  specified  file.   Databases configured as subordinate of this one
       are also output, unless -g is specified.

       Administrators may need to  modify  existing  schema  items,  including
       adding  new  required  attributes  to  objectClasses, removing existing
       required or allowed attributes from  objectClasses,  entirely  removing
       objectClasses,  or any other change that may result in making perfectly
       valid entries no  longer  compliant  with  the  modified  schema.   The
       execution  of  the slapschema tool after modifying the schema can point
       out inconsistencies that would otherwise surface only when inconsistent
       entries need to be modified.

       The  entry  records  are  checked in database order, not superior first
       order.  The entry records will be checked  considering  all  (user  and
       operational)  attributes stored in the database.  Dynamically generated
       attributes (such as subschemaSubentry) will not be considered.


       -a filter
              Only check entries matching the asserted filter.  For example

              slapschema -a \

              will check all but the "ou=People,dc=example,dc=com" subtree  of
              the    "dc=example,dc=com"   database.    Deprecated;   use   -H
              ldap:///???(filter) instead.

       -b suffix
              Use the specified suffix to determine which database  to  check.
              The -b cannot be used in conjunction with the -n option.

       -c     Enable continue (ignore errors) mode.

       -d debug-level
              Enable  debugging  messages  as  defined by the specified debug-
              level; see slapd(8) for details.

       -f slapd.conf
              Specify an alternative slapd.conf(5) file.

       -F confdir
              specify a config directory.  If both -f and  -F  are  specified,
              the  config  file will be read and converted to config directory
              format and written  to  the  specified  directory.   If  neither
              option  is  specified,  an  attempt  to  read the default config
              directory will be made before trying to use the  default  config
              file. If a valid config directory exists then the default config
              file is ignored.

       -g     disable subordinate gluing.  Only the specified database will be
              processed, and not its glued subordinates (if any).

       -H  URI
              use  dn,  scope  and  filter  from  URI  to only handle matching

       -l error-file
              Write errors to specified file instead of standard output.

       -n dbnum
              Check the dbnum-th database listed in  the  configuration  file.
              The   config  database  slapd-config(5),  is  always  the  first
              database, so use -n 0

              The -n cannot be used in conjunction with the -b option.

       -o option[=value]
              Specify an option with a(n optional)  value.   Possible  generic
              options/values are:

                     syslog=<subsystems>  (see `-s' in slapd(8))
                     syslog-level=<level> (see `-S' in slapd(8))
                     syslog-user=<user>   (see `-l' in slapd(8))

       -s subtree-dn
              Only check entries in the subtree specified by this DN.  Implies
              -b subtree-dn if no -b nor -n option is given.  Deprecated;  use
              -H ldap:///subtree-dn instead.

       -v     Enable verbose mode.


       For  some backend types, your slapd(8) should not be running (at least,
       not in read-write mode) when you do this to ensure consistency  of  the
       database.  It  is  always safe to run slapschema with the slapd-bdb(5),
       slapd-hdb(5), and slapd-null(5) backends.


       To  check  the  schema  compliance  of  your   SLAPD   database   after
       modifications  to  the  schema,  and  put  any  error  in a file called
       errors.ldif, give the command:

            /usr/sbin/slapcat -l errors.ldif


       ldap(3), ldif(5), slapd(8)

       "OpenLDAP Administrator's Guide" (


       OpenLDAP Software is developed and maintained by The  OpenLDAP  Project
       <>.    OpenLDAP   Software   is   derived  from
       University of Michigan LDAP 3.3 Release.