From 902ced1e3521e6386f2a2cffdce96fea003e5877 Mon Sep 17 00:00:00 2001 From: lukem Date: Mon, 8 Mar 2010 05:11:20 +0000 Subject: [PATCH] Man pages added in 2.4.21 --- external/bsd/openldap/man/ldapexop.1 | 253 ++++++++++++++++++++++ external/bsd/openldap/man/ldapurl.1 | 175 +++++++++++++++ external/bsd/openldap/man/slapd-ndb.5 | 126 +++++++++++ external/bsd/openldap/man/slapo-collect.5 | 56 +++++ external/bsd/openldap/man/slapo-sssvlv.5 | 53 +++++ external/bsd/openldap/man/slapschema.8 | 190 ++++++++++++++++ 6 files changed, 853 insertions(+) create mode 100644 external/bsd/openldap/man/ldapexop.1 create mode 100644 external/bsd/openldap/man/ldapurl.1 create mode 100644 external/bsd/openldap/man/slapd-ndb.5 create mode 100644 external/bsd/openldap/man/slapo-collect.5 create mode 100644 external/bsd/openldap/man/slapo-sssvlv.5 create mode 100644 external/bsd/openldap/man/slapschema.8 diff --git a/external/bsd/openldap/man/ldapexop.1 b/external/bsd/openldap/man/ldapexop.1 new file mode 100644 index 000000000000..19d4c6f9e21e --- /dev/null +++ b/external/bsd/openldap/man/ldapexop.1 @@ -0,0 +1,253 @@ +.\" OpenLDAP: pkg/ldap/doc/man/man1/ldapexop.1,v 1.1.2.2 2009/06/03 01:41:51 quanah Exp +.\" This contribution is derived from OpenLDAP Software. +.\" All of the modifications to OpenLDAP Software represented in this +.\" contribution were developed by Peter Marschall . +.\" I have not assigned rights and/or interest in this work to any party. +.\" +.\" Copyright 2009 Peter Marschall +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted only as authorized by the OpenLDAP Public License. +.\" +.\" A copy of this license is available in file LICENSE in the +.\" top-level directory of the distribution or, alternatively, at +.\" http://www.OpenLDAP.org/license.html. + +.TH LDAPEXOP 1 + +.SH NAME +ldapexop \- issue LDAP extended operations + +.SH SYNOPSIS +ldapexop +[\c +.BI \-d \ level\fR] +[\c +.BI \-D \ binddn\fR] +[\c +.BR \-e \ [ ! ] \fIext\fP [ =\fIextparam\fP ]] +[\c +.BI \-f \ file\fR] +[\c +.BI \-h \ host\fR] +[\c +.BI \-H \ URI\fR] +[\c +.BR \-I ] +[\c +.BR \-n ] +[\c +.BR \-N ] +[\c +.BI \-O \ security-properties\fR] +[\c +.BI \-o \ opt\fR[\fP = optparam\fR]] +[\c +.BI \-p \ port\fR] +[\c +.BR \-Q ] +[\c +.BI \-R \ realm\fR] +[\c +.BI \-U \ authcid\fR] +[\c +.BR \-v ] +[\c +.BR \-V ] +[\c +.BI \-w \ passwd\fR] +[\c +.BR \-W ] +[\c +.BR \-x ] +[\c +.BI \-X \ authzid\fR] +[\c +.BI \-y \ file\fR] +[\c +.BI \-Y \ mech\fR] +[\c +.BR \-Z [ Z ]] +{\c +.I oid +| +.BI oid: data +| +.BI oid:: b64data +| +.B whoami +| +.BI cancel \ cancel-id +| +.BI refresh \ DN \ \fR[\fIttl\fR]} + +.SH DESCRIPTION +ldapexop issues the LDAP extended operation specified by \fBoid\fP +or one of the special keywords \fBwhoami\fP, \fBcancel\fP, or \fBrefresh\fP. + +Additional data for the extended operation can be passed to the server using +\fIdata\fP or base-64 encoded as \fIb64data\fP in the case of \fBoid\fP, +or using the additional parameters in the case of the specially named extended +operations above. + +Please note that ldapexop behaves differently for the same extended operation +when it was given as an OID or as a specialliy named operation: + +Calling ldapexop with the OID of the \fBwhoami\fP (RFC 4532) extended operation +.nf + + ldapexop [] 1.3.6.1.4.1.4203.1.11.3 + +.fi +yields +.nf + + # extended operation response + data:: + +.fi +while calling it with the keyword \fBwhoami\fP +.nf + + ldapexop [] whoami + +.fi +results in +.nf + + dn: + +.fi + + +.SH OPTIONS +.TP +.BI \-d \ level +Set the LDAP debugging level to \fIlevel\fP. +.TP +.BI \-D \ binddn +Use the Distinguished Name \fIbinddn\fP to bind to the LDAP directory. +.TP +.BR \-e \ [ ! ] \fIext\fP [ =\fIextparam\fP ] +Specify general extensions. \'!\' indicates criticality. +.nf + [!]assert= (RFC 4528; a RFC 4515 Filter string) + [!]authzid= (RFC 4370; "dn:" or "u:") + [!]chaining[=[/]] + one of "chainingPreferred", "chainingRequired", + "referralsPreferred", "referralsRequired" + [!]manageDSAit (RFC 3296) + [!]noop + ppolicy + [!]postread[=] (RFC 4527; comma-separated attr list) + [!]preread[=] (RFC 4527; comma-separated attr list) + [!]relax + abandon, cancel, ignore (SIGINT sends abandon/cancel, + or ignores response; if critical, doesn't wait for SIGINT. + not really controls) +.fi +.TP +.BI \-f \ file +Read operations from \fIfile\fP. +.TP +.BI \-h \ host +Specify the host on which the ldap server is running. +Deprecated in favor of \fB\-H\fP. +.TP +.BI \-H \ URI +Specify URI(s) referring to the ldap server(s); only the protocol/host/port +fields are allowed; a list of URI, separated by whitespace or commas +is expected. +.TP +.BI \-I +Enable SASL Interactive mode. Always prompt. Default is to prompt +only as needed. +.TP +.BI \-n +Show what would be done but don't actually do it. +Useful for debugging in conjunction with \fB\-v\fP. +.TP +.BI \-N +Do not use reverse DNS to canonicalize SASL host name. +.TP +.BI \-O \ security-properties +Specify SASL security properties. +.TP +.BI \-o \ opt\fR[\fP = optparam\fR] +Specify general options: +.nf + nettimeout= (in seconds, or "none" or "max") +.fi +.TP +.BI \-p \ port +Specify the TCP port where the ldap server is listening. +Deprecated in favor of \fB\-H\fP. +.TP +.BI \-Q +Enable SASL Quiet mode. Never prompt. +.TP +.BI \-R \ realm +Specify the realm of authentication ID for SASL bind. The form of the realm +depends on the actual SASL mechanism used. +.TP +.BI \-U \ authcid +Specify the authentication ID for SASL bind. The form of the ID +depends on the actual SASL mechanism used. +.TP +.BI \-v +Run in verbose mode, with many diagnostics written to standard output. +.TP +.BI \-V +Print version info and usage message. +If\fB\-VV\fP is given, only the version information is printed. +.TP +.BI \-w \ passwd +Use \fIpasswd\fP as the password for simple authentication. +.TP +.BI \-W +Prompt for simple authentication. +This is used instead of specifying the password on the command line. +.TP +.BI \-x +Use simple authentication instead of SASL. +.TP +.BI \-X \ authzid +Specify the requested authorization ID for SASL bind. +.I authzid +must be one of the following formats: +.BI dn: "" +or +.BI u: +.TP +.BI \-y \ file +Use complete contents of \fIfile\fP as the password for +simple authentication. +.TP +.BI \-Y \ mech +Specify the SASL mechanism to be used for authentication. +Without this option, the program will choose the best mechanism the server knows. +.TP +.BR \-Z [ Z ] +Issue StartTLS (Transport Layer Security) extended operation. +Giving it twice (\fB\-ZZ\fP) will require the operation to be successful. + +.SH DIAGNOSTICS +Exit status is zero if no errors occur. +Errors result in a non-zero exit status and +a diagnostic message being written to standard error. + +.SH "SEE ALSO" +.BR ldap_extended_operation_s (3) + +.SH AUTHOR +This manual page was written by Peter Marschall +based on \fBldapexop\fP's usage message and a few tests +with \fBldapexop\fP. +Do not expect it to be complete or absolutely correct. + +.SH ACKNOWLEDGEMENTS +.\" Shared Project Acknowledgement Text +.B "OpenLDAP Software" +is developed and maintained by The OpenLDAP Project . +.B "OpenLDAP Software" +is derived from University of Michigan LDAP 3.3 Release. + diff --git a/external/bsd/openldap/man/ldapurl.1 b/external/bsd/openldap/man/ldapurl.1 new file mode 100644 index 000000000000..65ea336849a4 --- /dev/null +++ b/external/bsd/openldap/man/ldapurl.1 @@ -0,0 +1,175 @@ +.TH LDAPURL 1 "2009/12/20" "OpenLDAP 2.4.21" +.\" OpenLDAP: pkg/ldap/doc/man/man1/ldapurl.1,v 1.1.2.4 2009/06/08 18:23:33 quanah Exp +.\" Copyright 2008-2009 The OpenLDAP Foundation All Rights Reserved. +.\" Copying restrictions apply. See COPYRIGHT/LICENSE. +.SH NAME +ldapurl \- LDAP URL formatting tool +.SH SYNOPSIS +.B ldapurl +[\c +.BR \-a \ attrs\fR] +[\c +.BI \-b \ searchbase\fR] +[\c +.BR \-e \ [ ! ] \fIext\fP [ =\fIextparam\fP ]] +[\c +.BR \-E \ [ ! ] \fIext\fP [ =\fIextparam\fP ]] +[\c +.BI \-f \ filter\fR] +[\c +.BI \-H \ ldapuri\fR] +[\c +.BI \-h \ ldaphost\fR] +[\c +.BI \-p \ ldapport\fR] +[\c +.BR \-s \ { base \||\| one \||\| sub \||\| children }] +[\c +.BI \-S \ scheme\fR] +.SH DESCRIPTION +.I ldapurl +is a command that allows to either compose or decompose LDAP URIs. +.LP +When invoked with the \fB\-H\fP option, +.B ldapurl +extracts the components of the \fIldapuri\fP option argument, +unescaping hex-escaped chars as required. +It basically acts as a frontend to the +.BR ldap_url_parse (3) +call. +Otherwise, it builds an LDAP URI based on the components +passed with the appropriate options, performing the inverse operation. +Option \fB\-H\fP is incompatible with options +.BR \-a , +.BR \-b , +.BR \-E , +.BR \-f , +.BR \-H , +.BR \-h , +.BR \-p , +.BR \-S , +and +.BR \-s . +.SH OPTIONS +.TP +.TP +.BI \-a \ attrs +Set a comma-separated list of attribute selectors. +.TP +.BI \-b \ searchbase +Set the \fIsearchbase\fP. +.TP +.BR \-e \ [ ! ] \fIext\fP [ =\fIextparam\fP ] +.TP +.BR \-E \ [ ! ] \fIext\fP [ =\fIextparam\fP ] + +Specify general extensions with \fB\-e\fP and search extensions with \fB\-E\fP. +\'\fB!\fP\' indicates criticality. + +General extensions: +.nf + [!]assert= (an RFC 4515 Filter) + [!]authzid= ("dn:" or "u:") + [!]manageDSAit + [!]noop + ppolicy + [!]postread[=] (a comma-separated attribute list) + [!]preread[=] (a comma-separated attribute list) + abandon, cancel (SIGINT sends abandon/cancel; not really controls) +.fi + +Search extensions: +.nf + [!]domainScope (domain scope) + [!]mv= (matched values filter) + [!]pr=[/prompt|noprompt] (paged results/prompt) + [!]sss=[\-][/[\-]...] (server side sorting) + [!]subentries[=true|false] (subentries) + [!]sync=ro[/] (LDAP Sync refreshOnly) + rp[/][/] (LDAP Sync refreshAndPersist) +.fi +.TP +.TP +.BI \-f \ filter +Set the URL filter. No particular check on conformity with RFC 4515 +LDAP filters is performed, but the value is hex-escaped as required. +.TP +.BI \-H \ ldapuri +Specify URI to be exploded. +.TP +.BI \-h \ ldaphost +Set the host. +.TP +.BI \-p \ ldapport +Set the TCP port. +.TP +.BI \-S \ scheme +Set the URL scheme. Defaults for other fields, like \fIldapport\fP, +may depend on the value of \fIscheme\fP. +.TP +.BR \-s \ { base \||\| one \||\| sub \||\| children } +Specify the scope of the search to be one of +.BR base , +.BR one , +.BR sub , +or +.B children +to specify a base object, one-level, subtree, or children search. +The default is +.BR sub . +Note: +.B children +scope requires LDAPv3 subordinate feature extension. + +.SH OUTPUT FORMAT +If the \fB\-H\fP option is used, the \fIldapuri\fP supplied +is exploded in its components, which are printed to standard output +in an LDIF-like form. +.LP +Otherwise, the URI built using the values passed with the other options +is printed to standard output. +.SH EXAMPLE +The following command: +.LP +.nf + ldapuri \-h ldap.example.com \-b dc=example,dc=com \-s sub \-f "(cn=Some One)" +.fi +.LP +returns +.LP +.nf + ldap://ldap.example.com:389/dc=example,dc=com??sub?(cn=Some%20One) +.fi +.LP +The command: +.LP +.nf + ldapuri \-H ldap://ldap.example.com:389/dc=example,dc=com??sub?(cn=Some%20One) +.fi +.LP +returns +.LP +.nf + scheme: ldap + host: ldap.example.com + port: 389 + dn: dc=example,dc=com + scope: sub + filter: (cn=Some One) +.fi +.LP +.SH DIAGNOSTICS +Exit status is zero if no errors occur. +Errors result in a non-zero exit status and +a diagnostic message being written to standard error. +.SH "SEE ALSO" +.BR ldap (3), +.BR ldap_url_parse (3), +.SH AUTHOR +The OpenLDAP Project +.SH ACKNOWLEDGEMENTS +.\" Shared Project Acknowledgement Text +.B "OpenLDAP Software" +is developed and maintained by The OpenLDAP Project . +.B "OpenLDAP Software" +is derived from University of Michigan LDAP 3.3 Release. diff --git a/external/bsd/openldap/man/slapd-ndb.5 b/external/bsd/openldap/man/slapd-ndb.5 new file mode 100644 index 000000000000..a316266c5a96 --- /dev/null +++ b/external/bsd/openldap/man/slapd-ndb.5 @@ -0,0 +1,126 @@ +.TH SLAPD-NDB 5 "2009/12/20" "OpenLDAP 2.4.21" +.\" Copyright 2008-2009 The OpenLDAP Foundation All Rights Reserved. +.\" Copying restrictions apply. See COPYRIGHT/LICENSE. +.\" OpenLDAP: pkg/ldap/doc/man/man5/slapd-ndb.5,v 1.4.2.4 2009/06/03 01:41:56 quanah Exp +.SH NAME +slapd\-ndb \- MySQL NDB backend to slapd +.SH SYNOPSIS +.B /etc/openldap/slapd.conf +.SH DESCRIPTION +The \fBndb\fP backend to +.BR slapd (8) +uses the MySQL Cluster package to store data, through its NDB API. +It provides fault tolerance with extreme scalability, along with +a degree of SQL compatibility. +.LP +This backend is designed to store LDAP information using tables that +are also visible from SQL. It uses a higher level SQL API for creating +these tables, while using the low level NDB API for storing and +retrieving the data within these tables. The NDB Cluster engine +allows data to be partitioned across multiple data nodes, and this +backend allows multiple slapd instances to operate against a given +database concurrently. +.LP +The general approach is to use distinct tables for each LDAP object class. +Entries comprised of multiple object classes will have their data +spread across multiple tables. The data tables use a 64 bit entryID +as their primary key. The DIT hierarchy is maintained in a separate +table, which maps DNs to entryIDs. +.LP +This backend is experimental. While intended to be a general-purpose +backend, it is currently missing a number of common LDAP features. +See the \fBTODO\fP file in the source directory for details. +.SH CONFIGURATION +These +.B slapd.conf +options apply to the \fBndb\fP backend database. +That is, they must follow a "database ndb" line and +come before any subsequent "backend" or "database" lines. +Other database options are described in the +.BR slapd.conf (5) +manual page. + +.SH DATA SOURCE CONFIGURATION + +.TP +.B dbhost +The name or IP address of the host running the MySQL server. The default +is "localhost". On Unix systems, the connection to a local server is made +using a Unix Domain socket, whose path is specified using the +.B dbsocket +directive. +.TP +.B dbuser +The MySQL login ID to use when connecting to the MySQL server. The chosen +user must have sufficient privileges to manipulate the SQL tables in the +target database. +.TP +.B dbpasswd +The password for the \fBdbuser\fP. +.TP +.B dbname +The name of the MySQL database to use. +.TP +.B dbport +The port number to use for the TCP connection to the MySQL server. +.TP +.B dbsocket +The socket to be used for connecting to a local MySQL server. +.TP +.B dbflag +Client flags for the MySQL session. See the MySQL documentation for details. +.TP +.B dbconnect +The name or IP address of the host running the cluster manager. The default +is "localhost". +.TP +.B dbconnections +The number of cluster connections to establish. Using up to 4 may improve +performance under heavier load. The default is 1. + +.SH SCHEMA CONFIGURATION +.TP +.B attrlen +Specify the column length to use for a particular attribute. LDAP attributes are +stored in individual columns of the SQL tables. The maximum column lengths for +each column must be specified when creating these tables. If a length constraint +was specified in the attribute's LDAP schema definition, that value will be used +by default. If the schema didn't specify a constraint, the default is 128 bytes. +Currently the maximum is 1024. +.TP +.B index +Specify a list of attributes for which indexing should be maintained. +Currently there is no support for substring indexing; a single index structure +provides presence, equality, and inequality indexing for the specified attributes. +.TP +.B attrset +Specify a list of attributes to be treated as an attribute set. This directive +creates a table named \fIset\fP which will contain all of the listed attributes. +Ordinarily an attribute resides in a table named by an object class that uses +the attribute. However, attributes are only allowed to appear in a single table. +For attributes that are derived from an inherited object class definition, +the attribute will only be stored in the superior class's table. +Attribute sets should be defined for any attributes that are used in multiple +unrelated object classes, i.e., classes that are not connected by a simple +inheritance chain. +.SH ACCESS CONTROL +The +.B ndb +backend honors most access control semantics as indicated in +.BR slapd.access (5). +.SH FILES +.TP +.B /etc/openldap/slapd.conf +default +.B slapd +configuration file +.SH SEE ALSO +.BR slapd.conf (5), +.BR slapd\-config (5), +.BR slapd (8), +.BR slapadd (8), +.BR slapcat (8), +.BR slapindex (8), +MySQL Cluster documentation. +.SH AUTHOR +Howard Chu, with assistance from Johan Andersson et al @ MySQL. diff --git a/external/bsd/openldap/man/slapo-collect.5 b/external/bsd/openldap/man/slapo-collect.5 new file mode 100644 index 000000000000..5dd4fdd20686 --- /dev/null +++ b/external/bsd/openldap/man/slapo-collect.5 @@ -0,0 +1,56 @@ +.TH SLAPO-COLLECT 5 "2009/12/20" "OpenLDAP 2.4.21" +.\" Copyright 2003-2009 The OpenLDAP Foundation All Rights Reserved. +.\" Copying restrictions apply. See COPYRIGHT/LICENSE. +.\" OpenLDAP: pkg/ldap/doc/man/man5/slapo-collect.5,v 1.3.2.4 2009/06/03 01:41:59 quanah Exp +.SH NAME +slapo\-collect \- Collective attributes overlay to slapd +.SH SYNOPSIS +/etc/openldap/slapd.conf +.SH DESCRIPTION +The collect overlay is used to provide a relatively coarse +implementation of RFC 3671 collective attributes. +In X.500, a collective attribute is "a user attribute whose +values are the same for each member of an entry collection". + +Collective attributes are added to entries returned by a search operation +when the entry is within the scope of the related ancestor. +Collective attributes can only be modified when the modification affects +the related ancestor. + +.SH CONFIGURATION +This +.B slapd.conf +option applies to the collect overlay. +It should appear after the +.B overlay +directive. +.TP +.B collectinfo +Specify the +.B DN +of the ancestor entry and the set of related collective attributes, where +.B attrlist +is a comma-separated list of attributes. +The +.B DN +should be within the naming context of the database. + +.SH FILES +.TP +/etc/openldap/slapd.conf +default slapd configuration file +.SH SEE ALSO +.BR slapd.conf (5), +.BR slapd\-config (5), +The +.BR slapo\-collect (5) +overlay supports dynamic configuration via +.BR back-config . +.SH ACKNOWLEDGEMENTS +This module was written in 2003 by Howard Chu. +This man page was written in 2008 by Pierangelo Masarati. +.\" Shared Project Acknowledgement Text +.B "OpenLDAP Software" +is developed and maintained by The OpenLDAP Project . +.B "OpenLDAP Software" +is derived from University of Michigan LDAP 3.3 Release. diff --git a/external/bsd/openldap/man/slapo-sssvlv.5 b/external/bsd/openldap/man/slapo-sssvlv.5 new file mode 100644 index 000000000000..334fadf0d917 --- /dev/null +++ b/external/bsd/openldap/man/slapo-sssvlv.5 @@ -0,0 +1,53 @@ +.TH SLAPO-SSSVLV 5 "2009/12/20" "OpenLDAP 2.4.21" +.\" Copyright 2009 The OpenLDAP Foundation All Rights Reserved. +.\" Copyright 2009 Symas Corporation All Rights Reserved. +.\" Copying restrictions apply. See COPYRIGHT/LICENSE. +.\" OpenLDAP: pkg/ldap/doc/man/man5/slapo-sssvlv.5,v 1.1.2.2 2009/07/22 20:02:21 quanah Exp +.SH NAME +slapo\-sssvlv \- Server Side Sorting and Virtual List View overlay to slapd +.SH SYNOPSIS +/etc/openldap/slapd.conf +.SH DESCRIPTION +This overlay implements the LDAP Server Side Sorting (RFC2891) control +as well as the Virtual List View control. It also replaces the default +implementation of the LDAP PagedResults (RFC2696) control, to ensure +that it works with Sorting. The overlay can be used with any backend +or globally for all backends. + +Since a complete result set must be generated in memory before sorting can +be performed, processing sort requests can have a large impact on the +server's memory use. As such, any connection is limited to having only +one sort request active at a time. Additional limits may be configured +as described below. + +.SH CONFIGURATION +These +.B slapd.conf +options apply to the SSSVLV overlay. +They should appear after the +.B overlay +directive. +.TP +.B sssvlv\-max +Set the maximum number of concurrent sort requests allowed across all +connections. The default is one half of the number of server threads. +.TP +.B sssvlv\-maxkeys +Set the maximum number of keys allowed in a sort request. The default is 5. +.SH FILES +.TP +/etc/openldap/slapd.conf +default slapd configuration file +.TP +/etc/openldap/slapd.d +default slapd configuration directory +.SH SEE ALSO +.BR slapd.conf (5), +.BR slapd\-config (5). +.LP +"OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/) +.LP +IETF LDAP Virtual List View proposal by D. Boreham, J. Sermersheim, +and A. Kashi in IETF document "draft-ietf-ldapext-ldapv3-vlv-09.txt". +.SH AUTHOR +Howard Chu diff --git a/external/bsd/openldap/man/slapschema.8 b/external/bsd/openldap/man/slapschema.8 new file mode 100644 index 000000000000..ef2bc52899d0 --- /dev/null +++ b/external/bsd/openldap/man/slapschema.8 @@ -0,0 +1,190 @@ +.TH SLAPSCHEMA 8C "2009/12/20" "OpenLDAP 2.4.21" +.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved. +.\" Copying restrictions apply. See COPYRIGHT/LICENSE. +.\" OpenLDAP: pkg/ldap/doc/man/man8/slapschema.8,v 1.1.2.3 2009/06/03 01:42:01 quanah Exp +.SH NAME +slapschema \- SLAPD in-database schema checking utility +.SH SYNOPSIS +.B /usr/sbin/slapschema +[\c +.BI \-a filter\fR] +[\c +.BI \-b suffix\fR] +[\c +.BR \-c ] +[\c +.BI \-d debug-level\fR] +[\c +.BI \-f slapd.conf\fR] +[\c +.BI \-F confdir\fR] +[\c +.BR \-g ] +[\c +.BI \-l error-file\fR] +[\c +.BI \-n dbnum\fR] +[\c +.BI \-o option\fR[ = value\FR]] +[\c +.BI \-s subtree-dn\fR] +[\c +.BR \-v ] +.LP +.SH DESCRIPTION +.LP +.B Slapschema +is used to check schema compliance of the contents of a +.BR slapd (8) +database. +It opens the given database determined by the database number or +suffix and checks the compliance of its contents with the corresponding +schema. Errors are written to standard output or the specified file. +Databases configured as +.B subordinate +of this one are also output, unless \fB\-g\fP is specified. +.LP +Administrators may need to modify existing schema items, including +adding new required attributes to objectClasses, +removing existing required or allowed attributes from objectClasses, +entirely removing objectClasses, +or any other change that may result in making perfectly valid entries +no longer compliant with the modified schema. +The execution of the +.B slapschema tool after modifying the schema can point out +inconsistencies that would otherwise surface only when +inconsistent entries need to be modified. + +.LP +The entry records are checked in database order, not superior first +order. The entry records will be checked considering all +(user and operational) attributes stored in the database. +Dynamically generated attributes (such as subschemaSubentry) +will not be considered. +.SH OPTIONS +.TP +.BI \-a \ filter +Only check entries matching the asserted filter. +For example + +slapschema \-a \\ + "(!(entryDN:dnSubtreeMatch:=ou=People,dc=example,dc=com))" + +will check all but the "ou=People,dc=example,dc=com" subtree +of the "dc=example,dc=com" database. +.TP +.BI \-b \ suffix +Use the specified \fIsuffix\fR to determine which database to +check. The \fB\-b\fP cannot be used in conjunction +with the +.B \-n +option. +.TP +.B \-c +Enable continue (ignore errors) mode. +.TP +.BI \-d \ debug-level +Enable debugging messages as defined by the specified +.IR debug-level ; +see +.BR slapd (8) +for details. +.TP +.BI \-f \ slapd.conf +Specify an alternative +.BR slapd.conf (5) +file. +.TP +.BI \-F \ confdir +specify a config directory. +If both +.B \-f +and +.B \-F +are specified, the config file will be read and converted to +config directory format and written to the specified directory. +If neither option is specified, an attempt to read the +default config directory will be made before trying to use the default +config file. If a valid config directory exists then the +default config file is ignored. +.TP +.B \-g +disable subordinate gluing. Only the specified database will be +processed, and not its glued subordinates (if any). +.TP +.BI \-l \ error-file +Write errors to specified file instead of standard output. +.TP +.BI \-n \ dbnum +Check the \fIdbnum\fR\-th database listed in the +configuration file. The config database +.BR slapd\-config (5), +is always the first database, so use +.B \-n 0 + +The +.B \-n +cannot be used in conjunction with the +.B \-b +option. +.TP +.BI \-o \ option\fR[ = value\fR] +Specify an +.I option +with a(n optional) +.IR value . +Possible generic options/values are: +.LP +.nf + syslog= (see `\-s' in slapd(8)) + syslog\-level= (see `\-S' in slapd(8)) + syslog\-user= (see `\-l' in slapd(8)) + +.fi +.TP +.BI \-s \ subtree-dn +Only check entries in the subtree specified by this DN. +Implies \fB\-b\fP \fIsubtree-dn\fP if no +.B \-b +nor +.B \-n +option is given. +.TP +.B \-v +Enable verbose mode. +.SH LIMITATIONS +For some backend types, your +.BR slapd (8) +should not be running (at least, not in read-write +mode) when you do this to ensure consistency of the database. It is +always safe to run +.B slapschema +with the +.BR slapd\-bdb (5), +.BR slapd\-hdb (5), +and +.BR slapd\-null (5) +backends. +.SH EXAMPLES +To check the schema compliance of your SLAPD database after modifications +to the schema, and put any error in a file called +.BR errors.ldif , +give the command: +.LP +.nf +.ft tt + /usr/sbin/slapcat \-l errors.ldif +.ft +.fi +.SH "SEE ALSO" +.BR ldap (3), +.BR ldif (5), +.BR slapd (8) +.LP +"OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/) +.SH ACKNOWLEDGEMENTS +.\" Shared Project Acknowledgement Text +.B "OpenLDAP Software" +is developed and maintained by The OpenLDAP Project . +.B "OpenLDAP Software" +is derived from University of Michigan LDAP 3.3 Release.