• Contact Us
  • Home
  • Reference

Using slapdn

Discover how to effectively implement and utilize slapdn for streamlined directory services management and enhanced performance.

Written by Maryanne Normann

Updated at March 2nd, 2026

  • Quick Start
  • Installation
    Best Practices Configuration Troubleshooting Design Performance Platform
  • Maintenance
    Releases Upgrade
  • Reference
+ More

Table of Contents

What slapdn Does Why It’s Important Syntax Common Options Practical Examples

Date: 11-04-2022

slapdn is one of OpenLDAP’s simplest but most useful administrative tools. It’s used to validate, parse, and normalize Distinguished Names (DNs) in Symas OpenLDAP 2.6+— exactly the way slapd itself interprets them internally.

Unlike ldapsearch or other client tools, slapdn doesn’t contact the LDAP server. It works locally, reading your configuration and schema files to check and normalize DNs offline.

slapdn is read-only and safe to run anytime.

What slapdn Does

slapdn validates the syntax of DNs according to schema and matching rules. It also normalizes DNs in a canonical form: lowercase, trimmed, properly ordered. It checks schema consistency for naming attributes.

Why It’s Important

Here are some scenarios where slapdn can help with your OpenLDAP instance:

Scenario Why slapdn Helps
ACLs not matching correctly Check how slapd internally normalizes a DN
Replication filters failing Verify that the DN syntax matches provider expectations
Custom schema development Ensure naming attributes are valid
Pre-load validation Test LDIF DNs before slapadd

Syntax

slapdn [options] "Distinguished Name"

Common Options

Option Description
-f <file> Use traditional slapd.conf config file
-F <dir> Use dynamic configuration (slapd.d) directory
-v Verbose — show both original and normalized forms
-N Show only the normalized form of the DN (see below)
-d <level> Debug level (for deep troubleshooting)

Practical Examples

1. Check and normalize a DN:

slapdn -v "uid=John.Doe, ou=People, dc=example, dc=com"

Output:

DN: uid=John.Doe,ou=People,dc=example,dc=com
normalized: uid=john.doe,ou=people,dc=example,dc=com

This reveals how slapd normalizes DNs internally — critical when debugging access control (by dn.exact) or referrals.

2. Show only the normalized form (-N):

slapdn -N "cn=Manager, ou=Admins, dc=example, dc=com"

Clarification (Symas 2.6): -N does not skip schema checking. It simply suppresses the “pretty” DN output and shows only the normalized form.

3. Using the server’s configuration:

slapdn -F /opt/symas/etc/openldap/slapd.d -v "cn=Admin,dc=example,dc=com"

slapdn reads schema and matching rules directly from the same directory slapd uses.

For more information, please see slapdn Man Page.

Copyright © 2020-2024 Symas Corporation. All rights reserved.
slapdn utility

Was this article helpful?

Yes
No
Give feedback about this article

Related Articles

  • Chaining Overlay with Keep Alive Function
  • cn=monitor Reference
  • Common ldap Command Parameters
  • Common slapd Command Parameters
  • Convert Single-Master to Multi-Master Replication
  • Symas Blog RSS Feed
  • Symas on Facebook
  • Symas on Twitter
  • Symas Blog
  • Symas on LinkedIn
  • Symas YouTube Channel

Copyright © 2025, Symas Corporation. All rights reserved. Privacy Statement (updated July 31, 2023)

Phone:

Main Office: +1.650.963.7601
Fax: +1.650.390.6284

Email:

Sales: sales@symas.com
Support: support@symas.com

Office Hours:

8:00 AM - 5:00 PM ET

Office Location:

Symas Corporation
PO Box 391
Grand Junction, CO 81507 USA

Expand