openldap/doc/man/man8/slapschema.8

187 lines
4.4 KiB
Groff
Raw Normal View History

2009-05-28 21:54:52 +08:00
.TH SLAPSCHEMA 8C "RELEASEDATE" "OpenLDAP LDVERSION"
.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.\" $OpenLDAP$
.SH NAME
slapschema \- SLAPD in-database schema checking utility
.SH SYNOPSIS
.B SBINDIR/slapschema
2009-06-03 09:02:29 +08:00
[\c
.BI \-a filter\fR]
[\c
.BI \-b suffix\fR]
[\c
.BR \-c ]
[\c
.BI \-d debug-level\fR]
[\c
.BI \-f slapd.conf\fR]
[\c
.BI \-F confdir\fR]
[\c
.BR \-g ]
[\c
.BI \-l error-file\fR]
[\c
.BI \-n dbnum\fR]
[\c
.BI \-o option\fR[ = value\FR]]
[\c
.BI \-s subtree-dn\fR]
[\c
.BR \-v ]
2009-05-28 21:54:52 +08:00
.LP
.SH DESCRIPTION
.LP
.B Slapschema
is used to check schema compliance of the contents of a
.BR slapd (8)
database.
It opens the given database determined by the database number or
suffix and checks the compliance of its contents with the corresponding
schema. Errors are written to standard output or the specified file.
Databases configured as
.B subordinate
2009-06-03 09:02:29 +08:00
of this one are also output, unless \fB\-g\fP is specified.
2009-05-28 21:54:52 +08:00
.LP
Administrators may need to modify existing schema items, including
adding new required attributes to objectClasses,
removing existing required or allowed attributes from objectClasses,
entirely removing objectClasses,
or any other change that may result in making perfectly valid entries
no longer compliant with the modified schema.
The execution of the
.B slapschema tool after modifying the schema can point out
2009-06-03 09:02:29 +08:00
inconsistencies that would otherwise surface only when
2009-05-28 21:54:52 +08:00
inconsistent entries need to be modified.
.LP
The entry records are checked in database order, not superior first
order. The entry records will be checked considering all
(user and operational) attributes stored in the database.
Dynamically generated attributes (such as subschemaSubentry)
will not be considered.
.SH OPTIONS
.TP
2009-06-03 09:02:29 +08:00
.BI \-a \ filter
2009-05-28 21:54:52 +08:00
Only check entries matching the asserted filter.
For example
2009-06-03 09:02:29 +08:00
slapschema \-a \\
2009-05-28 21:54:52 +08:00
"(!(entryDN:dnSubtreeMatch:=ou=People,dc=example,dc=com))"
will check all but the "ou=People,dc=example,dc=com" subtree
of the "dc=example,dc=com" database.
.TP
2009-06-03 09:02:29 +08:00
.BI \-b \ suffix
2009-05-28 21:54:52 +08:00
Use the specified \fIsuffix\fR to determine which database to
2009-06-03 09:02:29 +08:00
check. The \fB\-b\fP cannot be used in conjunction
2009-05-28 21:54:52 +08:00
with the
.B \-n
option.
.TP
.B \-c
Enable continue (ignore errors) mode.
.TP
2009-06-03 09:02:29 +08:00
.BI \-d \ debug-level
2009-05-28 21:54:52 +08:00
Enable debugging messages as defined by the specified
2009-06-03 09:02:29 +08:00
.IR debug-level ;
2009-05-28 21:54:52 +08:00
see
.BR slapd (8)
for details.
.TP
2009-06-03 09:02:29 +08:00
.BI \-f \ slapd.conf
2009-05-28 21:54:52 +08:00
Specify an alternative
.BR slapd.conf (5)
file.
.TP
2009-06-03 09:02:29 +08:00
.BI \-F \ confdir
2009-05-28 21:54:52 +08:00
specify a config directory.
If both
2009-06-03 09:02:29 +08:00
.B \-f
2009-05-28 21:54:52 +08:00
and
2009-06-03 09:02:29 +08:00
.B \-F
2009-05-28 21:54:52 +08:00
are specified, the config file will be read and converted to
config directory format and written to the specified directory.
If neither option is specified, an attempt to read the
default config directory will be made before trying to use the default
config file. If a valid config directory exists then the
default config file is ignored.
.TP
.B \-g
disable subordinate gluing. Only the specified database will be
processed, and not its glued subordinates (if any).
.TP
2009-06-03 09:02:29 +08:00
.BI \-l \ error-file
2009-05-28 21:54:52 +08:00
Write errors to specified file instead of standard output.
.TP
2009-06-03 09:02:29 +08:00
.BI \-n \ dbnum
2009-05-28 21:54:52 +08:00
Check the \fIdbnum\fR\-th database listed in the
configuration file. The config database
2009-06-03 09:02:29 +08:00
.BR slapd\-config (5),
2009-05-28 21:54:52 +08:00
is always the first database, so use
.B \-n 0
The
.B \-n
cannot be used in conjunction with the
.B \-b
option.
.TP
2009-06-03 09:02:29 +08:00
.BI \-o \ option\fR[ = value\fR]
2009-05-28 21:54:52 +08:00
Specify an
2009-06-03 09:02:29 +08:00
.I option
2009-05-28 21:54:52 +08:00
with a(n optional)
2009-06-03 09:02:29 +08:00
.IR value .
2009-05-28 21:54:52 +08:00
Possible generic options/values are:
.LP
.nf
syslog=<subsystems> (see `\-s' in slapd(8))
2009-06-03 09:02:29 +08:00
syslog\-level=<level> (see `\-S' in slapd(8))
syslog\-user=<user> (see `\-l' in slapd(8))
2009-05-28 21:54:52 +08:00
.fi
.TP
2009-06-03 09:02:29 +08:00
.BI \-s \ subtree-dn
2009-05-28 21:54:52 +08:00
Only check entries in the subtree specified by this DN.
2009-06-03 09:02:29 +08:00
Implies \fB\-b\fP \fIsubtree-dn\fP if no
2009-05-28 21:54:52 +08:00
.B \-b
nor
.B \-n
option is given.
.TP
.B \-v
Enable verbose mode.
.SH LIMITATIONS
For some backend types, your
.BR slapd (8)
should not be running (at least, not in read-write
mode) when you do this to ensure consistency of the database. It is
always safe to run
.B slapschema
with the
2009-06-03 09:02:29 +08:00
.BR slapd\-bdb (5),
.BR slapd\-hdb (5),
2009-05-28 21:54:52 +08:00
and
2009-06-03 09:02:29 +08:00
.BR slapd\-null (5)
2009-05-28 21:54:52 +08:00
backends.
.SH EXAMPLES
To check the schema compliance of your SLAPD database after modifications
to the schema, and put any error in a file called
.BR errors.ldif ,
give the command:
.LP
.nf
.ft tt
2009-06-03 09:02:29 +08:00
SBINDIR/slapcat \-l errors.ldif
2009-05-28 21:54:52 +08:00
.ft
.fi
.SH "SEE ALSO"
.BR ldap (3),
.BR ldif (5),
.BR slapd (8)
.LP
"OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)
.SH ACKNOWLEDGEMENTS
.so ../Project