2009-05-28 21:54:52 +08:00
|
|
|
.TH SLAPSCHEMA 8C "RELEASEDATE" "OpenLDAP LDVERSION"
|
2020-01-10 00:50:21 +08:00
|
|
|
.\" Copyright 1998-2020 The OpenLDAP Foundation All Rights Reserved.
|
2009-05-28 21:54:52 +08:00
|
|
|
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
|
|
|
|
.\" $OpenLDAP$
|
|
|
|
.SH NAME
|
|
|
|
slapschema \- SLAPD in-database schema checking utility
|
|
|
|
.SH SYNOPSIS
|
|
|
|
.B SBINDIR/slapschema
|
2009-06-03 09:02:29 +08:00
|
|
|
[\c
|
|
|
|
.BI \-a filter\fR]
|
|
|
|
[\c
|
|
|
|
.BI \-b suffix\fR]
|
|
|
|
[\c
|
|
|
|
.BR \-c ]
|
|
|
|
[\c
|
|
|
|
.BI \-d debug-level\fR]
|
|
|
|
[\c
|
|
|
|
.BI \-f slapd.conf\fR]
|
|
|
|
[\c
|
|
|
|
.BI \-F confdir\fR]
|
|
|
|
[\c
|
|
|
|
.BR \-g ]
|
|
|
|
[\c
|
2010-01-18 23:00:40 +08:00
|
|
|
.BI \-H URI\fR]
|
|
|
|
[\c
|
2009-06-03 09:02:29 +08:00
|
|
|
.BI \-l error-file\fR]
|
|
|
|
[\c
|
|
|
|
.BI \-n dbnum\fR]
|
|
|
|
[\c
|
2012-03-09 11:29:30 +08:00
|
|
|
.BI \-o option\fR[ = value\fR]]
|
2009-06-03 09:02:29 +08:00
|
|
|
[\c
|
|
|
|
.BI \-s subtree-dn\fR]
|
|
|
|
[\c
|
|
|
|
.BR \-v ]
|
2009-05-28 21:54:52 +08:00
|
|
|
.LP
|
|
|
|
.SH DESCRIPTION
|
|
|
|
.LP
|
|
|
|
.B Slapschema
|
|
|
|
is used to check schema compliance of the contents of a
|
|
|
|
.BR slapd (8)
|
|
|
|
database.
|
|
|
|
It opens the given database determined by the database number or
|
|
|
|
suffix and checks the compliance of its contents with the corresponding
|
|
|
|
schema. Errors are written to standard output or the specified file.
|
|
|
|
Databases configured as
|
|
|
|
.B subordinate
|
2009-06-03 09:02:29 +08:00
|
|
|
of this one are also output, unless \fB\-g\fP is specified.
|
2009-05-28 21:54:52 +08:00
|
|
|
.LP
|
|
|
|
Administrators may need to modify existing schema items, including
|
|
|
|
adding new required attributes to objectClasses,
|
|
|
|
removing existing required or allowed attributes from objectClasses,
|
|
|
|
entirely removing objectClasses,
|
|
|
|
or any other change that may result in making perfectly valid entries
|
|
|
|
no longer compliant with the modified schema.
|
|
|
|
The execution of the
|
2012-03-09 11:29:30 +08:00
|
|
|
.B slapschema
|
|
|
|
tool after modifying the schema can point out
|
2009-06-03 09:02:29 +08:00
|
|
|
inconsistencies that would otherwise surface only when
|
2009-05-28 21:54:52 +08:00
|
|
|
inconsistent entries need to be modified.
|
|
|
|
|
|
|
|
.LP
|
|
|
|
The entry records are checked in database order, not superior first
|
|
|
|
order. The entry records will be checked considering all
|
|
|
|
(user and operational) attributes stored in the database.
|
|
|
|
Dynamically generated attributes (such as subschemaSubentry)
|
|
|
|
will not be considered.
|
|
|
|
.SH OPTIONS
|
|
|
|
.TP
|
2009-06-03 09:02:29 +08:00
|
|
|
.BI \-a \ filter
|
2009-05-28 21:54:52 +08:00
|
|
|
Only check entries matching the asserted filter.
|
|
|
|
For example
|
|
|
|
|
2009-06-03 09:02:29 +08:00
|
|
|
slapschema \-a \\
|
2009-05-28 21:54:52 +08:00
|
|
|
"(!(entryDN:dnSubtreeMatch:=ou=People,dc=example,dc=com))"
|
|
|
|
|
|
|
|
will check all but the "ou=People,dc=example,dc=com" subtree
|
|
|
|
of the "dc=example,dc=com" database.
|
2010-01-18 23:00:40 +08:00
|
|
|
Deprecated; use \fB-H\fP \fIldap:///???(filter)\fP instead.
|
2009-05-28 21:54:52 +08:00
|
|
|
.TP
|
2009-06-03 09:02:29 +08:00
|
|
|
.BI \-b \ suffix
|
2009-05-28 21:54:52 +08:00
|
|
|
Use the specified \fIsuffix\fR to determine which database to
|
2009-06-03 09:02:29 +08:00
|
|
|
check. The \fB\-b\fP cannot be used in conjunction
|
2009-05-28 21:54:52 +08:00
|
|
|
with the
|
|
|
|
.B \-n
|
|
|
|
option.
|
|
|
|
.TP
|
|
|
|
.B \-c
|
|
|
|
Enable continue (ignore errors) mode.
|
|
|
|
.TP
|
2009-06-03 09:02:29 +08:00
|
|
|
.BI \-d \ debug-level
|
2009-05-28 21:54:52 +08:00
|
|
|
Enable debugging messages as defined by the specified
|
2009-06-03 09:02:29 +08:00
|
|
|
.IR debug-level ;
|
2009-05-28 21:54:52 +08:00
|
|
|
see
|
|
|
|
.BR slapd (8)
|
|
|
|
for details.
|
|
|
|
.TP
|
2009-06-03 09:02:29 +08:00
|
|
|
.BI \-f \ slapd.conf
|
2009-05-28 21:54:52 +08:00
|
|
|
Specify an alternative
|
|
|
|
.BR slapd.conf (5)
|
|
|
|
file.
|
|
|
|
.TP
|
2009-06-03 09:02:29 +08:00
|
|
|
.BI \-F \ confdir
|
2009-05-28 21:54:52 +08:00
|
|
|
specify a config directory.
|
|
|
|
If both
|
2009-06-03 09:02:29 +08:00
|
|
|
.B \-f
|
2009-05-28 21:54:52 +08:00
|
|
|
and
|
2009-06-03 09:02:29 +08:00
|
|
|
.B \-F
|
2009-05-28 21:54:52 +08:00
|
|
|
are specified, the config file will be read and converted to
|
|
|
|
config directory format and written to the specified directory.
|
|
|
|
If neither option is specified, an attempt to read the
|
|
|
|
default config directory will be made before trying to use the default
|
|
|
|
config file. If a valid config directory exists then the
|
|
|
|
default config file is ignored.
|
|
|
|
.TP
|
|
|
|
.B \-g
|
|
|
|
disable subordinate gluing. Only the specified database will be
|
|
|
|
processed, and not its glued subordinates (if any).
|
|
|
|
.TP
|
2010-01-18 23:00:40 +08:00
|
|
|
.B \-H \ URI
|
|
|
|
use dn, scope and filter from URI to only handle matching entries.
|
|
|
|
.TP
|
2009-06-03 09:02:29 +08:00
|
|
|
.BI \-l \ error-file
|
2009-05-28 21:54:52 +08:00
|
|
|
Write errors to specified file instead of standard output.
|
|
|
|
.TP
|
2009-06-03 09:02:29 +08:00
|
|
|
.BI \-n \ dbnum
|
2009-05-28 21:54:52 +08:00
|
|
|
Check the \fIdbnum\fR\-th database listed in the
|
|
|
|
configuration file. The config database
|
2009-06-03 09:02:29 +08:00
|
|
|
.BR slapd\-config (5),
|
2009-05-28 21:54:52 +08:00
|
|
|
is always the first database, so use
|
|
|
|
.B \-n 0
|
|
|
|
|
|
|
|
The
|
|
|
|
.B \-n
|
|
|
|
cannot be used in conjunction with the
|
|
|
|
.B \-b
|
|
|
|
option.
|
|
|
|
.TP
|
2009-06-03 09:02:29 +08:00
|
|
|
.BI \-o \ option\fR[ = value\fR]
|
2009-05-28 21:54:52 +08:00
|
|
|
Specify an
|
2009-06-03 09:02:29 +08:00
|
|
|
.I option
|
2009-05-28 21:54:52 +08:00
|
|
|
with a(n optional)
|
2009-06-03 09:02:29 +08:00
|
|
|
.IR value .
|
2009-05-28 21:54:52 +08:00
|
|
|
Possible generic options/values are:
|
|
|
|
.LP
|
|
|
|
.nf
|
|
|
|
syslog=<subsystems> (see `\-s' in slapd(8))
|
2009-06-03 09:02:29 +08:00
|
|
|
syslog\-level=<level> (see `\-S' in slapd(8))
|
|
|
|
syslog\-user=<user> (see `\-l' in slapd(8))
|
2009-05-28 21:54:52 +08:00
|
|
|
|
|
|
|
.fi
|
|
|
|
.TP
|
2009-06-03 09:02:29 +08:00
|
|
|
.BI \-s \ subtree-dn
|
2009-05-28 21:54:52 +08:00
|
|
|
Only check entries in the subtree specified by this DN.
|
2009-06-03 09:02:29 +08:00
|
|
|
Implies \fB\-b\fP \fIsubtree-dn\fP if no
|
2009-05-28 21:54:52 +08:00
|
|
|
.B \-b
|
|
|
|
nor
|
|
|
|
.B \-n
|
|
|
|
option is given.
|
2010-01-18 23:00:40 +08:00
|
|
|
Deprecated; use \fB-H\fP \fIldap:///subtree-dn\fP instead.
|
2009-05-28 21:54:52 +08:00
|
|
|
.TP
|
|
|
|
.B \-v
|
|
|
|
Enable verbose mode.
|
|
|
|
.SH LIMITATIONS
|
|
|
|
For some backend types, your
|
|
|
|
.BR slapd (8)
|
|
|
|
should not be running (at least, not in read-write
|
|
|
|
mode) when you do this to ensure consistency of the database. It is
|
|
|
|
always safe to run
|
|
|
|
.B slapschema
|
|
|
|
with the
|
2019-05-04 06:52:59 +08:00
|
|
|
.BR slapd\-mdb (5),
|
2009-05-28 21:54:52 +08:00
|
|
|
and
|
2009-06-03 09:02:29 +08:00
|
|
|
.BR slapd\-null (5)
|
2009-05-28 21:54:52 +08:00
|
|
|
backends.
|
|
|
|
.SH EXAMPLES
|
|
|
|
To check the schema compliance of your SLAPD database after modifications
|
|
|
|
to the schema, and put any error in a file called
|
|
|
|
.BR errors.ldif ,
|
|
|
|
give the command:
|
|
|
|
.LP
|
|
|
|
.nf
|
|
|
|
.ft tt
|
2013-03-01 17:20:13 +08:00
|
|
|
SBINDIR/slapschema \-l errors.ldif
|
2009-05-28 21:54:52 +08:00
|
|
|
.ft
|
|
|
|
.fi
|
|
|
|
.SH "SEE ALSO"
|
|
|
|
.BR ldap (3),
|
|
|
|
.BR ldif (5),
|
|
|
|
.BR slapd (8)
|
|
|
|
.LP
|
|
|
|
"OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)
|
|
|
|
.SH ACKNOWLEDGEMENTS
|
|
|
|
.so ../Project
|