Provided by: slapd_2.4.42+dfsg-2ubuntu3.13_amd64 bug

NAME

       slapschema - SLAPD in-database schema checking utility

SYNOPSIS

       /usr/sbin/slapschema [-afilter] [-bsuffix] [-c] [-ddebug-level] [-fslapd.conf] [-Fconfdir]
       [-g] [-HURI] [-lerror-file] [-ndbnum] [-ooption[=value]] [-ssubtree-dn] [-v]

DESCRIPTION

       Slapschema is used to check schema compliance of the contents of a slapd(8) database.   It
       opens  the  given  database  determined  by  the  database number or suffix and checks the
       compliance of its contents with the corresponding schema. Errors are written  to  standard
       output  or  the  specified file.  Databases configured as subordinate of this one are also
       output, unless -g is specified.

       Administrators may need to modify existing schema items,  including  adding  new  required
       attributes  to  objectClasses,  removing  existing  required  or  allowed  attributes from
       objectClasses, entirely removing objectClasses, or any other change  that  may  result  in
       making  perfectly  valid  entries  no  longer  compliant  with  the  modified schema.  The
       execution of the slapschema tool after modifying the schema can point out  inconsistencies
       that would otherwise surface only when inconsistent entries need to be modified.

       The  entry  records  are  checked  in database order, not superior first order.  The entry
       records will be checked considering all (user and operational) attributes  stored  in  the
       database.   Dynamically  generated  attributes  (such  as  subschemaSubentry)  will not be
       considered.

OPTIONS

       -a filter
              Only check entries matching the asserted filter.  For example

              slapschema -a \
                  "(!(entryDN:dnSubtreeMatch:=ou=People,dc=example,dc=com))"

              will   check   all   but   the   "ou=People,dc=example,dc=com"   subtree   of   the
              "dc=example,dc=com" database.  Deprecated; use -H ldap:///???(filter) instead.

       -b suffix
              Use  the  specified  suffix to determine which database to check.  The -b cannot be
              used in conjunction with the -n option.

       -c     Enable continue (ignore errors) mode.

       -d debug-level
              Enable debugging messages as defined by the specified debug-level; see slapd(8) for
              details.

       -f slapd.conf
              Specify an alternative slapd.conf(5) file.

       -F confdir
              specify  a config directory.  If both -f and -F are specified, the config file will
              be read and converted to config directory  format  and  written  to  the  specified
              directory.   If  neither option is specified, an attempt to read the default config
              directory will be made before trying to use the default config  file.  If  a  valid
              config directory exists then the default config file is ignored.

       -g     disable subordinate gluing.  Only the specified database will be processed, and not
              its glued subordinates (if any).

       -H  URI
              use dn, scope and filter from URI to only handle matching entries.

       -l error-file
              Write errors to specified file instead of standard output.

       -n dbnum
              Check the dbnum-th database listed in the configuration file. The  config  database
              slapd-config(5), is always the first database, so use -n 0

              The -n cannot be used in conjunction with the -b option.

       -o option[=value]
              Specify an option with a(n optional) value.  Possible generic options/values are:

                     syslog=<subsystems>  (see `-s' in slapd(8))
                     syslog-level=<level> (see `-S' in slapd(8))
                     syslog-user=<user>   (see `-l' in slapd(8))

       -s subtree-dn
              Only  check  entries in the subtree specified by this DN.  Implies -b subtree-dn if
              no -b nor -n option is given.  Deprecated; use -H ldap:///subtree-dn instead.

       -v     Enable verbose mode.

LIMITATIONS

       For some backend types, your slapd(8) should not be running (at least, not  in  read-write
       mode)  when  you  do  this to ensure consistency of the database. It is always safe to run
       slapschema with the slapd-bdb(5), slapd-hdb(5), and slapd-null(5) backends.

EXAMPLES

       To check the schema compliance of your SLAPD database after modifications to  the  schema,
       and put any error in a file called errors.ldif, give the command:

            /usr/sbin/slapschema -l errors.ldif

SEE ALSO

       ldap(3), ldif(5), slapd(8)

       "OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)

ACKNOWLEDGEMENTS

       OpenLDAP    Software    is    developed   and   maintained   by   The   OpenLDAP   Project
       <http://www.openldap.org/>.  OpenLDAP Software is derived from University of Michigan LDAP
       3.3 Release.