Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Man pages added in 2.4.21

This commit is contained in:
lukem 2010-03-08 05:11:20 +00:00
parent 19fc3e3fef
commit 902ced1e35
6 changed files with 853 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

253
external/bsd/openldap/man/ldapexop.1 vendored Normal file
View File

@ -0,0 +1,253 @@
.\" OpenLDAP: pkg/ldap/doc/man/man1/ldapexop.1,v 1.1.2.2 2009/06/03 01:41:51 quanah Exp
.\" This contribution is derived from OpenLDAP Software.
.\" All of the modifications to OpenLDAP Software represented in this
.\" contribution were developed by Peter Marschall <peter@adpm.de>.
.\" I have not assigned rights and/or interest in this work to any party.
.\"
.\" Copyright 2009 Peter Marschall
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted only as authorized by the OpenLDAP Public License.
.\"
.\" A copy of this license is available in file LICENSE in the
.\" top-level directory of the distribution or, alternatively, at
.\" http://www.OpenLDAP.org/license.html.
.TH LDAPEXOP 1
.SH NAME
ldapexop \- issue LDAP extended operations
.SH SYNOPSIS
ldapexop
[\c
.BI \-d \ level\fR]
[\c
.BI \-D \ binddn\fR]
[\c
.BR \-e \ [ ! ] \fIext\fP [ =\fIextparam\fP ]]
[\c
.BI \-f \ file\fR]
[\c
.BI \-h \ host\fR]
[\c
.BI \-H \ URI\fR]
[\c
.BR \-I ]
[\c
.BR \-n ]
[\c
.BR \-N ]
[\c
.BI \-O \ security-properties\fR]
[\c
.BI \-o \ opt\fR[\fP = optparam\fR]]
[\c
.BI \-p \ port\fR]
[\c
.BR \-Q ]
[\c
.BI \-R \ realm\fR]
[\c
.BI \-U \ authcid\fR]
[\c
.BR \-v ]
[\c
.BR \-V ]
[\c
.BI \-w \ passwd\fR]
[\c
.BR \-W ]
[\c
.BR \-x ]
[\c
.BI \-X \ authzid\fR]
[\c
.BI \-y \ file\fR]
[\c
.BI \-Y \ mech\fR]
[\c
.BR \-Z [ Z ]]
{\c
.I oid
|
.BI oid: data
|
.BI oid:: b64data
|
.B whoami
|
.BI cancel \ cancel-id
|
.BI refresh \ DN \ \fR[\fIttl\fR]}
.SH DESCRIPTION
ldapexop issues the LDAP extended operation specified by \fBoid\fP
or one of the special keywords \fBwhoami\fP, \fBcancel\fP, or \fBrefresh\fP.
Additional data for the extended operation can be passed to the server using
\fIdata\fP or base-64 encoded as \fIb64data\fP in the case of \fBoid\fP,
or using the additional parameters in the case of the specially named extended
operations above.
Please note that ldapexop behaves differently for the same extended operation
when it was given as an OID or as a specialliy named operation:
Calling ldapexop with the OID of the \fBwhoami\fP (RFC 4532) extended operation
.nf
ldapexop [<options>] 1.3.6.1.4.1.4203.1.11.3
.fi
yields
.nf
# extended operation response
data:: <base64 encoded response data>
.fi
while calling it with the keyword \fBwhoami\fP
.nf
ldapexop [<options>] whoami
.fi
results in
.nf
dn:<client's identity>
.fi
.SH OPTIONS
.TP
.BI \-d \ level
Set the LDAP debugging level to \fIlevel\fP.
.TP
.BI \-D \ binddn
Use the Distinguished Name \fIbinddn\fP to bind to the LDAP directory.
.TP
.BR \-e \ [ ! ] \fIext\fP [ =\fIextparam\fP ]
Specify general extensions. \'!\' indicates criticality.
.nf
[!]assert=<filter> (RFC 4528; a RFC 4515 Filter string)
[!]authzid=<authzid> (RFC 4370; "dn:<dn>" or "u:<user>")
[!]chaining[=<resolveBehavior>[/<continuationBehavior>]]
one of "chainingPreferred", "chainingRequired",
"referralsPreferred", "referralsRequired"
[!]manageDSAit (RFC 3296)
[!]noop
ppolicy
[!]postread[=<attrs>] (RFC 4527; comma-separated attr list)
[!]preread[=<attrs>] (RFC 4527; comma-separated attr list)
[!]relax
abandon, cancel, ignore (SIGINT sends abandon/cancel,
or ignores response; if critical, doesn't wait for SIGINT.
not really controls)
.fi
.TP
.BI \-f \ file
Read operations from \fIfile\fP.
.TP
.BI \-h \ host
Specify the host on which the ldap server is running.
Deprecated in favor of \fB\-H\fP.
.TP
.BI \-H \ URI
Specify URI(s) referring to the ldap server(s); only the protocol/host/port
fields are allowed; a list of URI, separated by whitespace or commas
is expected.
.TP
.BI \-I
Enable SASL Interactive mode. Always prompt. Default is to prompt
only as needed.
.TP
.BI \-n
Show what would be done but don't actually do it.
Useful for debugging in conjunction with \fB\-v\fP.
.TP
.BI \-N
Do not use reverse DNS to canonicalize SASL host name.
.TP
.BI \-O \ security-properties
Specify SASL security properties.
.TP
.BI \-o \ opt\fR[\fP = optparam\fR]
Specify general options:
.nf
nettimeout=<timeout> (in seconds, or "none" or "max")
.fi
.TP
.BI \-p \ port
Specify the TCP port where the ldap server is listening.
Deprecated in favor of \fB\-H\fP.
.TP
.BI \-Q
Enable SASL Quiet mode. Never prompt.
.TP
.BI \-R \ realm
Specify the realm of authentication ID for SASL bind. The form of the realm
depends on the actual SASL mechanism used.
.TP
.BI \-U \ authcid
Specify the authentication ID for SASL bind. The form of the ID
depends on the actual SASL mechanism used.
.TP
.BI \-v
Run in verbose mode, with many diagnostics written to standard output.
.TP
.BI \-V
Print version info and usage message.
If\fB\-VV\fP is given, only the version information is printed.
.TP
.BI \-w \ passwd
Use \fIpasswd\fP as the password for simple authentication.
.TP
.BI \-W
Prompt for simple authentication.
This is used instead of specifying the password on the command line.
.TP
.BI \-x
Use simple authentication instead of SASL.
.TP
.BI \-X \ authzid
Specify the requested authorization ID for SASL bind.
.I authzid
must be one of the following formats:
.BI dn: "<distinguished name>"
or
.BI u: <username>
.TP
.BI \-y \ file
Use complete contents of \fIfile\fP as the password for
simple authentication.
.TP
.BI \-Y \ mech
Specify the SASL mechanism to be used for authentication.
Without this option, the program will choose the best mechanism the server knows.
.TP
.BR \-Z [ Z ]
Issue StartTLS (Transport Layer Security) extended operation.
Giving it twice (\fB\-ZZ\fP) will require the operation to be successful.
.SH DIAGNOSTICS
Exit status is zero if no errors occur.
Errors result in a non-zero exit status and
a diagnostic message being written to standard error.
.SH "SEE ALSO"
.BR ldap_extended_operation_s (3)
.SH AUTHOR
This manual page was written by Peter Marschall
based on \fBldapexop\fP's usage message and a few tests
with \fBldapexop\fP.
Do not expect it to be complete or absolutely correct.
.SH ACKNOWLEDGEMENTS
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from University of Michigan LDAP 3.3 Release.

175
external/bsd/openldap/man/ldapurl.1 vendored Normal file
View File

@ -0,0 +1,175 @@
.TH LDAPURL 1 "2009/12/20" "OpenLDAP 2.4.21"
.\" OpenLDAP: pkg/ldap/doc/man/man1/ldapurl.1,v 1.1.2.4 2009/06/08 18:23:33 quanah Exp
.\" Copyright 2008-2009 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldapurl \- LDAP URL formatting tool
.SH SYNOPSIS
.B ldapurl
[\c
.BR \-a \ attrs\fR]
[\c
.BI \-b \ searchbase\fR]
[\c
.BR \-e \ [ ! ] \fIext\fP [ =\fIextparam\fP ]]
[\c
.BR \-E \ [ ! ] \fIext\fP [ =\fIextparam\fP ]]
[\c
.BI \-f \ filter\fR]
[\c
.BI \-H \ ldapuri\fR]
[\c
.BI \-h \ ldaphost\fR]
[\c
.BI \-p \ ldapport\fR]
[\c
.BR \-s \ { base \||\| one \||\| sub \||\| children }]
[\c
.BI \-S \ scheme\fR]
.SH DESCRIPTION
.I ldapurl
is a command that allows to either compose or decompose LDAP URIs.
.LP
When invoked with the \fB\-H\fP option,
.B ldapurl
extracts the components of the \fIldapuri\fP option argument,
unescaping hex-escaped chars as required.
It basically acts as a frontend to the
.BR ldap_url_parse (3)
call.
Otherwise, it builds an LDAP URI based on the components
passed with the appropriate options, performing the inverse operation.
Option \fB\-H\fP is incompatible with options
.BR \-a ,
.BR \-b ,
.BR \-E ,
.BR \-f ,
.BR \-H ,
.BR \-h ,
.BR \-p ,
.BR \-S ,
and
.BR \-s .
.SH OPTIONS
.TP
.TP
.BI \-a \ attrs
Set a comma-separated list of attribute selectors.
.TP
.BI \-b \ searchbase
Set the \fIsearchbase\fP.
.TP
.BR \-e \ [ ! ] \fIext\fP [ =\fIextparam\fP ]
.TP
.BR \-E \ [ ! ] \fIext\fP [ =\fIextparam\fP ]
Specify general extensions with \fB\-e\fP and search extensions with \fB\-E\fP.
\'\fB!\fP\' indicates criticality.
General extensions:
.nf
[!]assert=<filter> (an RFC 4515 Filter)
[!]authzid=<authzid> ("dn:<dn>" or "u:<user>")
[!]manageDSAit
[!]noop
ppolicy
[!]postread[=<attrs>] (a comma-separated attribute list)
[!]preread[=<attrs>] (a comma-separated attribute list)
abandon, cancel (SIGINT sends abandon/cancel; not really controls)
.fi
Search extensions:
.nf
[!]domainScope (domain scope)
[!]mv=<filter> (matched values filter)
[!]pr=<size>[/prompt|noprompt] (paged results/prompt)
[!]sss=[\-]<attr[:OID]>[/[\-]<attr[:OID]>...] (server side sorting)
[!]subentries[=true|false] (subentries)
[!]sync=ro[/<cookie>] (LDAP Sync refreshOnly)
rp[/<cookie>][/<slimit>] (LDAP Sync refreshAndPersist)
.fi
.TP
.TP
.BI \-f \ filter
Set the URL filter. No particular check on conformity with RFC 4515
LDAP filters is performed, but the value is hex-escaped as required.
.TP
.BI \-H \ ldapuri
Specify URI to be exploded.
.TP
.BI \-h \ ldaphost
Set the host.
.TP
.BI \-p \ ldapport
Set the TCP port.
.TP
.BI \-S \ scheme
Set the URL scheme. Defaults for other fields, like \fIldapport\fP,
may depend on the value of \fIscheme\fP.
.TP
.BR \-s \ { base \||\| one \||\| sub \||\| children }
Specify the scope of the search to be one of
.BR base ,
.BR one ,
.BR sub ,
or
.B children
to specify a base object, one-level, subtree, or children search.
The default is
.BR sub .
Note:
.B children
scope requires LDAPv3 subordinate feature extension.
.SH OUTPUT FORMAT
If the \fB\-H\fP option is used, the \fIldapuri\fP supplied
is exploded in its components, which are printed to standard output
in an LDIF-like form.
.LP
Otherwise, the URI built using the values passed with the other options
is printed to standard output.
.SH EXAMPLE
The following command:
.LP
.nf
ldapuri \-h ldap.example.com \-b dc=example,dc=com \-s sub \-f "(cn=Some One)"
.fi
.LP
returns
.LP
.nf
ldap://ldap.example.com:389/dc=example,dc=com??sub?(cn=Some%20One)
.fi
.LP
The command:
.LP
.nf
ldapuri \-H ldap://ldap.example.com:389/dc=example,dc=com??sub?(cn=Some%20One)
.fi
.LP
returns
.LP
.nf
scheme: ldap
host: ldap.example.com
port: 389
dn: dc=example,dc=com
scope: sub
filter: (cn=Some One)
.fi
.LP
.SH DIAGNOSTICS
Exit status is zero if no errors occur.
Errors result in a non-zero exit status and
a diagnostic message being written to standard error.
.SH "SEE ALSO"
.BR ldap (3),
.BR ldap_url_parse (3),
.SH AUTHOR
The OpenLDAP Project <http://www.openldap.org/>
.SH ACKNOWLEDGEMENTS
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from University of Michigan LDAP 3.3 Release.

126
external/bsd/openldap/man/slapd-ndb.5 vendored Normal file
View File

@ -0,0 +1,126 @@
.TH SLAPD-NDB 5 "2009/12/20" "OpenLDAP 2.4.21"
.\" Copyright 2008-2009 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.\" OpenLDAP: pkg/ldap/doc/man/man5/slapd-ndb.5,v 1.4.2.4 2009/06/03 01:41:56 quanah Exp
.SH NAME
slapd\-ndb \- MySQL NDB backend to slapd
.SH SYNOPSIS
.B /etc/openldap/slapd.conf
.SH DESCRIPTION
The \fBndb\fP backend to
.BR slapd (8)
uses the MySQL Cluster package to store data, through its NDB API.
It provides fault tolerance with extreme scalability, along with
a degree of SQL compatibility.
.LP
This backend is designed to store LDAP information using tables that
are also visible from SQL. It uses a higher level SQL API for creating
these tables, while using the low level NDB API for storing and
retrieving the data within these tables. The NDB Cluster engine
allows data to be partitioned across multiple data nodes, and this
backend allows multiple slapd instances to operate against a given
database concurrently.
.LP
The general approach is to use distinct tables for each LDAP object class.
Entries comprised of multiple object classes will have their data
spread across multiple tables. The data tables use a 64 bit entryID
as their primary key. The DIT hierarchy is maintained in a separate
table, which maps DNs to entryIDs.
.LP
This backend is experimental. While intended to be a general-purpose
backend, it is currently missing a number of common LDAP features.
See the \fBTODO\fP file in the source directory for details.
.SH CONFIGURATION
These
.B slapd.conf
options apply to the \fBndb\fP backend database.
That is, they must follow a "database ndb" line and
come before any subsequent "backend" or "database" lines.
Other database options are described in the
.BR slapd.conf (5)
manual page.
.SH DATA SOURCE CONFIGURATION
.TP
.B dbhost <hostname>
The name or IP address of the host running the MySQL server. The default
is "localhost". On Unix systems, the connection to a local server is made
using a Unix Domain socket, whose path is specified using the
.B dbsocket
directive.
.TP
.B dbuser <username>
The MySQL login ID to use when connecting to the MySQL server. The chosen
user must have sufficient privileges to manipulate the SQL tables in the
target database.
.TP
.B dbpasswd <password>
The password for the \fBdbuser\fP.
.TP
.B dbname <database name>
The name of the MySQL database to use.
.TP
.B dbport <port>
The port number to use for the TCP connection to the MySQL server.
.TP
.B dbsocket <path>
The socket to be used for connecting to a local MySQL server.
.TP
.B dbflag <integer>
Client flags for the MySQL session. See the MySQL documentation for details.
.TP
.B dbconnect <connectstring>
The name or IP address of the host running the cluster manager. The default
is "localhost".
.TP
.B dbconnections <integer>
The number of cluster connections to establish. Using up to 4 may improve
performance under heavier load. The default is 1.
.SH SCHEMA CONFIGURATION
.TP
.B attrlen <attribute> <length>
Specify the column length to use for a particular attribute. LDAP attributes are
stored in individual columns of the SQL tables. The maximum column lengths for
each column must be specified when creating these tables. If a length constraint
was specified in the attribute's LDAP schema definition, that value will be used
by default. If the schema didn't specify a constraint, the default is 128 bytes.
Currently the maximum is 1024.
.TP
.B index <attr[,attr...]>
Specify a list of attributes for which indexing should be maintained.
Currently there is no support for substring indexing; a single index structure
provides presence, equality, and inequality indexing for the specified attributes.
.TP
.B attrset <set> <attrs>
Specify a list of attributes to be treated as an attribute set. This directive
creates a table named \fIset\fP which will contain all of the listed attributes.
Ordinarily an attribute resides in a table named by an object class that uses
the attribute. However, attributes are only allowed to appear in a single table.
For attributes that are derived from an inherited object class definition,
the attribute will only be stored in the superior class's table.
Attribute sets should be defined for any attributes that are used in multiple
unrelated object classes, i.e., classes that are not connected by a simple
inheritance chain.
.SH ACCESS CONTROL
The
.B ndb
backend honors most access control semantics as indicated in
.BR slapd.access (5).
.SH FILES
.TP
.B /etc/openldap/slapd.conf
default
.B slapd
configuration file
.SH SEE ALSO
.BR slapd.conf (5),
.BR slapd\-config (5),
.BR slapd (8),
.BR slapadd (8),
.BR slapcat (8),
.BR slapindex (8),
MySQL Cluster documentation.
.SH AUTHOR
Howard Chu, with assistance from Johan Andersson et al @ MySQL.

56
external/bsd/openldap/man/slapo-collect.5 vendored Normal file
View File

@ -0,0 +1,56 @@
.TH SLAPO-COLLECT 5 "2009/12/20" "OpenLDAP 2.4.21"
.\" Copyright 2003-2009 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.\" OpenLDAP: pkg/ldap/doc/man/man5/slapo-collect.5,v 1.3.2.4 2009/06/03 01:41:59 quanah Exp
.SH NAME
slapo\-collect \- Collective attributes overlay to slapd
.SH SYNOPSIS
/etc/openldap/slapd.conf
.SH DESCRIPTION
The collect overlay is used to provide a relatively coarse
implementation of RFC 3671 collective attributes.
In X.500, a collective attribute is "a user attribute whose
values are the same for each member of an entry collection".
Collective attributes are added to entries returned by a search operation
when the entry is within the scope of the related ancestor.
Collective attributes can only be modified when the modification affects
the related ancestor.
.SH CONFIGURATION
This
.B slapd.conf
option applies to the collect overlay.
It should appear after the
.B overlay
directive.
.TP
.B collectinfo <DN> <attrlist>
Specify the
.B DN
of the ancestor entry and the set of related collective attributes, where
.B attrlist
is a comma-separated list of attributes.
The
.B DN
should be within the naming context of the database.
.SH FILES
.TP
/etc/openldap/slapd.conf
default slapd configuration file
.SH SEE ALSO
.BR slapd.conf (5),
.BR slapd\-config (5),
The
.BR slapo\-collect (5)
overlay supports dynamic configuration via
.BR back-config .
.SH ACKNOWLEDGEMENTS
This module was written in 2003 by Howard Chu.
This man page was written in 2008 by Pierangelo Masarati.
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from University of Michigan LDAP 3.3 Release.

53
external/bsd/openldap/man/slapo-sssvlv.5 vendored Normal file
View File

@ -0,0 +1,53 @@
.TH SLAPO-SSSVLV 5 "2009/12/20" "OpenLDAP 2.4.21"
.\" Copyright 2009 The OpenLDAP Foundation All Rights Reserved.
.\" Copyright 2009 Symas Corporation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.\" OpenLDAP: pkg/ldap/doc/man/man5/slapo-sssvlv.5,v 1.1.2.2 2009/07/22 20:02:21 quanah Exp
.SH NAME
slapo\-sssvlv \- Server Side Sorting and Virtual List View overlay to slapd
.SH SYNOPSIS
/etc/openldap/slapd.conf
.SH DESCRIPTION
This overlay implements the LDAP Server Side Sorting (RFC2891) control
as well as the Virtual List View control. It also replaces the default
implementation of the LDAP PagedResults (RFC2696) control, to ensure
that it works with Sorting. The overlay can be used with any backend
or globally for all backends.
Since a complete result set must be generated in memory before sorting can
be performed, processing sort requests can have a large impact on the
server's memory use. As such, any connection is limited to having only
one sort request active at a time. Additional limits may be configured
as described below.
.SH CONFIGURATION
These
.B slapd.conf
options apply to the SSSVLV overlay.
They should appear after the
.B overlay
directive.
.TP
.B sssvlv\-max <num>
Set the maximum number of concurrent sort requests allowed across all
connections. The default is one half of the number of server threads.
.TP
.B sssvlv\-maxkeys <num>
Set the maximum number of keys allowed in a sort request. The default is 5.
.SH FILES
.TP
/etc/openldap/slapd.conf
default slapd configuration file
.TP
/etc/openldap/slapd.d
default slapd configuration directory
.SH SEE ALSO
.BR slapd.conf (5),
.BR slapd\-config (5).
.LP
"OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)
.LP
IETF LDAP Virtual List View proposal by D. Boreham, J. Sermersheim,
and A. Kashi in IETF document "draft-ietf-ldapext-ldapv3-vlv-09.txt".
.SH AUTHOR
Howard Chu

190
external/bsd/openldap/man/slapschema.8 vendored Normal file
View File

@ -0,0 +1,190 @@
.TH SLAPSCHEMA 8C "2009/12/20" "OpenLDAP 2.4.21"
.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.\" OpenLDAP: pkg/ldap/doc/man/man8/slapschema.8,v 1.1.2.3 2009/06/03 01:42:01 quanah Exp
.SH NAME
slapschema \- SLAPD in-database schema checking utility
.SH SYNOPSIS
.B /usr/sbin/slapschema
[\c
.BI \-a filter\fR]
[\c
.BI \-b suffix\fR]
[\c
.BR \-c ]
[\c
.BI \-d debug-level\fR]
[\c
.BI \-f slapd.conf\fR]
[\c
.BI \-F confdir\fR]
[\c
.BR \-g ]
[\c
.BI \-l error-file\fR]
[\c
.BI \-n dbnum\fR]
[\c
.BI \-o option\fR[ = value\FR]]
[\c
.BI \-s subtree-dn\fR]
[\c
.BR \-v ]
.LP
.SH DESCRIPTION
.LP
.B Slapschema
is used to check schema compliance of the contents of a
.BR slapd (8)
database.
It opens the given database determined by the database number or
suffix and checks the compliance of its contents with the corresponding
schema. Errors are written to standard output or the specified file.
Databases configured as
.B subordinate
of this one are also output, unless \fB\-g\fP is specified.
.LP
Administrators may need to modify existing schema items, including
adding new required attributes to objectClasses,
removing existing required or allowed attributes from objectClasses,
entirely removing objectClasses,
or any other change that may result in making perfectly valid entries
no longer compliant with the modified schema.
The execution of the
.B slapschema tool after modifying the schema can point out
inconsistencies that would otherwise surface only when
inconsistent entries need to be modified.
.LP
The entry records are checked in database order, not superior first
order. The entry records will be checked considering all
(user and operational) attributes stored in the database.
Dynamically generated attributes (such as subschemaSubentry)
will not be considered.
.SH OPTIONS
.TP
.BI \-a \ filter
Only check entries matching the asserted filter.
For example
slapschema \-a \\
"(!(entryDN:dnSubtreeMatch:=ou=People,dc=example,dc=com))"
will check all but the "ou=People,dc=example,dc=com" subtree
of the "dc=example,dc=com" database.
.TP
.BI \-b \ suffix
Use the specified \fIsuffix\fR to determine which database to
check. The \fB\-b\fP cannot be used in conjunction
with the
.B \-n
option.
.TP
.B \-c
Enable continue (ignore errors) mode.
.TP
.BI \-d \ debug-level
Enable debugging messages as defined by the specified
.IR debug-level ;
see
.BR slapd (8)
for details.
.TP
.BI \-f \ slapd.conf
Specify an alternative
.BR slapd.conf (5)
file.
.TP
.BI \-F \ confdir
specify a config directory.
If both
.B \-f
and
.B \-F
are specified, the config file will be read and converted to
config directory format and written to the specified directory.
If neither option is specified, an attempt to read the
default config directory will be made before trying to use the default
config file. If a valid config directory exists then the
default config file is ignored.
.TP
.B \-g
disable subordinate gluing. Only the specified database will be
processed, and not its glued subordinates (if any).
.TP
.BI \-l \ error-file
Write errors to specified file instead of standard output.
.TP
.BI \-n \ dbnum
Check the \fIdbnum\fR\-th database listed in the
configuration file. The config database
.BR slapd\-config (5),
is always the first database, so use
.B \-n 0
The
.B \-n
cannot be used in conjunction with the
.B \-b
option.
.TP
.BI \-o \ option\fR[ = value\fR]
Specify an
.I option
with a(n optional)
.IR value .
Possible generic options/values are:
.LP
.nf
syslog=<subsystems> (see `\-s' in slapd(8))
syslog\-level=<level> (see `\-S' in slapd(8))
syslog\-user=<user> (see `\-l' in slapd(8))
.fi
.TP
.BI \-s \ subtree-dn
Only check entries in the subtree specified by this DN.
Implies \fB\-b\fP \fIsubtree-dn\fP if no
.B \-b
nor
.B \-n
option is given.
.TP
.B \-v
Enable verbose mode.
.SH LIMITATIONS
For some backend types, your
.BR slapd (8)
should not be running (at least, not in read-write
mode) when you do this to ensure consistency of the database. It is
always safe to run
.B slapschema
with the
.BR slapd\-bdb (5),
.BR slapd\-hdb (5),
and
.BR slapd\-null (5)
backends.
.SH EXAMPLES
To check the schema compliance of your SLAPD database after modifications
to the schema, and put any error in a file called
.BR errors.ldif ,
give the command:
.LP
.nf
.ft tt
/usr/sbin/slapcat \-l errors.ldif
.ft
.fi
.SH "SEE ALSO"
.BR ldap (3),
.BR ldif (5),
.BR slapd (8)
.LP
"OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)
.SH ACKNOWLEDGEMENTS
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from University of Michigan LDAP 3.3 Release.