SLAPSCHEMA(8) System Manager's Manual SLAPSCHEMA(8)
NAME
slapschema - SLAPD in-database schema checking utility
SYNOPSIS
/usr/sbin/slapschema [-afilter] [-bsuffix] [-c] [-ddebug-level] [-fs-
lapd.conf] [-Fconfdir] [-g] [-HURI] [-lerror-file] [-ndbnum] [-oop-
tion[=value]] [-ssubtree-dn] [-v]
DESCRIPTION
Slapschema is used to check schema compliance of the contents of a
slapd(8) database. It opens the given database determined by the data-
base number or suffix and checks the compliance of its contents with the
corresponding schema. Errors are written to standard output or the spec-
ified file. Databases configured as subordinate of this one are also
output, unless -g is specified.
Administrators may need to modify existing schema items, including
adding new required attributes to objectClasses, removing existing re-
quired or allowed attributes from objectClasses, entirely removing ob-
jectClasses, or any other change that may result in making perfectly
valid entries no longer compliant with the modified schema. The execu-
tion of the slapschema tool after modifying the schema can point out in-
consistencies that would otherwise surface only when inconsistent en-
tries need to be modified.
The entry records are checked in database order, not superior first or-
der. The entry records will be checked considering all (user and opera-
tional) attributes stored in the database. Dynamically generated at-
tributes (such as subschemaSubentry) will not be considered.
OPTIONS
-a filter
Only check entries matching the asserted filter. For example
slapschema -a \
"(!(entryDN:dnSubtreeMatch:=ou=People,dc=example,dc=com))"
will check all but the "ou=People,dc=example,dc=com" subtree of
the "dc=example,dc=com" database. Deprecated; use -H
ldap:///???(filter) instead.
-b suffix
Use the specified suffix to determine which database to check. By
default, the first database that supports the requested operation
is used. The -b cannot be used in conjunction with the -n option.
-c Enable continue (ignore errors) mode.
-d debug-level
Enable debugging messages as defined by the specified debug-
level; see slapd(8) for details.
-f slapd.conf
Specify an alternative slapd.conf(5) file.
-F confdir
specify a config directory. If both -f and -F are specified, the
config file will be read and converted to config directory format
and written to the specified directory. If neither option is
specified, an attempt to read the default config directory will
be made before trying to use the default config file. If a valid
config directory exists then the default config file is ignored.
-g disable subordinate gluing. Only the specified database will be
processed, and not its glued subordinates (if any).
-H URI
use dn, scope and filter from URI to only handle matching en-
tries.
-l error-file
Write errors to specified file instead of standard output.
-n dbnum
Check the dbnum-th database listed in the configuration file. The
config database slapd-config(5), is always the first database, so
use -n 0
The -n cannot be used in conjunction with the -b option.
-o option[=value]
Specify an option with a(n optional) value. Possible generic op-
tions/values are:
syslog=<subsystems> (see `-s' in slapd(8))
syslog-level=<level> (see `-S' in slapd(8))
syslog-user=<user> (see `-l' in slapd(8))
-s subtree-dn
Only check entries in the subtree specified by this DN. Implies
-b subtree-dn if no -b nor -n option is given. Deprecated; use
-H ldap:///subtree-dn instead.
-v Enable verbose mode.
LIMITATIONS
For some backend types, your slapd(8) should not be running (at least,
not in read-write mode) when you do this to ensure consistency of the
database. It is always safe to run slapschema with the slapd-mdb(5), and
slapd-null(5) backends.
EXAMPLES
To check the schema compliance of your SLAPD database after modifica-
tions to the schema, and put any error in a file called errors.ldif,
give the command:
/usr/sbin/slapschema -l errors.ldif
SEE ALSO
ldap(3), ldif(5), slapd(8)
"OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)
ACKNOWLEDGEMENTS
OpenLDAP Software is developed and maintained by The OpenLDAP Project
<http://www.openldap.org/>. OpenLDAP Software is derived from the Uni-
versity of Michigan LDAP 3.3 Release.
OpenLDAP 2.6.10+dfsg-1 2025/05/22 SLAPSCHEMA(8)
Generated by dwww version 1.16 on Tue Dec 16 04:47:22 CET 2025.