From c1a7bc8c7ba5596099e436c09fdc42ff114314be Mon Sep 17 00:00:00 2001 From: Pierangelo Masarati Date: Thu, 28 May 2009 13:54:52 +0000 Subject: [PATCH] add slapschema tool (ITS#6150) --- doc/man/man8/slapschema.8 | 175 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 175 insertions(+) create mode 100644 doc/man/man8/slapschema.8 diff --git a/doc/man/man8/slapschema.8 b/doc/man/man8/slapschema.8 new file mode 100644 index 0000000000..26ca7c73b7 --- /dev/null +++ b/doc/man/man8/slapschema.8 @@ -0,0 +1,175 @@ +.TH SLAPSCHEMA 8C "RELEASEDATE" "OpenLDAP LDVERSION" +.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved. +.\" Copying restrictions apply. See COPYRIGHT/LICENSE. +.\" $OpenLDAP$ +.SH NAME +slapschema \- SLAPD in-database schema checking utility +.SH SYNOPSIS +.B SBINDIR/slapschema +.B [\-a filter] +.B [\-b suffix] +.B [\-c] +.B [\-d level] +.B [\-f slapd.conf] +.B [\-F confdir] +.B [\-g] +.B [\-l error-file] +.B [\-n dbnum] +.B [\-o name[=value]] +.B [\-s subtree-dn] +.B [\-v] +.B +.LP +.SH DESCRIPTION +.LP +.B Slapschema +is used to check schema compliance of the contents of a +.BR slapd (8) +database. +It opens the given database determined by the database number or +suffix and checks the compliance of its contents with the corresponding +schema. Errors are written to standard output or the specified file. +Databases configured as +.B subordinate +of this one are also output, unless \fB-g\fP is specified. +.LP +Administrators may need to modify existing schema items, including +adding new required attributes to objectClasses, +removing existing required or allowed attributes from objectClasses, +entirely removing objectClasses, +or any other change that may result in making perfectly valid entries +no longer compliant with the modified schema. +The execution of the +.B slapschema tool after modifying the schema can point out +inconsistencies that would otherwise surface only as soon as +inconsistent entries need to be modified. + +.LP +The entry records are checked in database order, not superior first +order. The entry records will be checked considering all +(user and operational) attributes stored in the database. +Dynamically generated attributes (such as subschemaSubentry) +will not be considered. +.SH OPTIONS +.TP +.BI \-a " filter" +Only check entries matching the asserted filter. +For example + +slapschema -a \\ + "(!(entryDN:dnSubtreeMatch:=ou=People,dc=example,dc=com))" + +will check all but the "ou=People,dc=example,dc=com" subtree +of the "dc=example,dc=com" database. +.TP +.BI \-b " suffix" +Use the specified \fIsuffix\fR to determine which database to +check. The \-b cannot be used in conjunction +with the +.B \-n +option. +.TP +.B \-c +Enable continue (ignore errors) mode. +.TP +.BI \-d " level" +Enable debugging messages as defined by the specified +.IR level ; +see +.BR slapd (8) +for details. +.TP +.BI \-f " slapd.conf" +Specify an alternative +.BR slapd.conf (5) +file. +.TP +.BI \-F " confdir" +specify a config directory. +If both +.B -f +and +.B -F +are specified, the config file will be read and converted to +config directory format and written to the specified directory. +If neither option is specified, an attempt to read the +default config directory will be made before trying to use the default +config file. If a valid config directory exists then the +default config file is ignored. +.TP +.B \-g +disable subordinate gluing. Only the specified database will be +processed, and not its glued subordinates (if any). +.TP +.BI \-l " error-file" +Write errors to specified file instead of standard output. +.TP +.BI \-n " dbnum" +Check the \fIdbnum\fR\-th database listed in the +configuration file. The config database +.BR slapd-config (5), +is always the first database, so use +.B \-n 0 + +The +.B \-n +cannot be used in conjunction with the +.B \-b +option. +.TP +.BI \-o " option[=value]" +Specify an +.BR option +with a(n optional) +.BR value . +Possible generic options/values are: +.LP +.nf + syslog= (see `\-s' in slapd(8)) + syslog-level= (see `\-S' in slapd(8)) + syslog-user= (see `\-l' in slapd(8)) + +.fi +.TP +.BI \-s " subtree-dn" +Only check entries in the subtree specified by this DN. +Implies `-b subtree-dn' if no +.B \-b +nor +.B \-n +option is given. +.TP +.B \-v +Enable verbose mode. +.SH LIMITATIONS +For some backend types, your +.BR slapd (8) +should not be running (at least, not in read-write +mode) when you do this to ensure consistency of the database. It is +always safe to run +.B slapschema +with the +.BR slapd-bdb (5), +.BR slapd-hdb (5), +and +.BR slapd-null (5) +backends. +.SH EXAMPLES +To check the schema compliance of your SLAPD database after modifications +to the schema, and put any error in a file called +.BR errors.ldif , +give the command: +.LP +.nf +.ft tt + SBINDIR/slapcat -l errors.ldif +.ft +.fi +.SH "SEE ALSO" +.BR ldap (3), +.BR ldif (5), +.BR slapd (8) +.LP +"OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/) +.SH ACKNOWLEDGEMENTS +.so ../Project -- 2.39.5