• Contact Us
  • Home
  • Reference

Using slapschema

Discover how to effectively implement slapschema to enhance data structuring and streamline information retrieval in your projects.

Written by Maryanne Normann

Updated at March 3rd, 2026

  • Quick Start
  • Installation
    Best Practices Configuration Troubleshooting Design Performance Platform
  • Maintenance
    Releases Upgrade
  • Reference
+ More

Table of Contents

Syntax Common options Example 1 Example 2 What slapschema Checks Limitations

Date: 11-04-2022

slapschema is a database integrity verification utility that reads your database directly (bypassing slapd.) It validates each entry against your active schema. It detects invalid attribute syntaxes, missing MUST attributes, illegal objectClass combinations, ensuring that your entries conform to the attribute syntaxes, objectClass rules, and structural constraints enforced by your loaded schema. It helps detect issues before replication or after LDIF imports (e.g., after slapadd).

Syntax

slapschema [options]

Common options

Option Description
-f <file> Use a specific slapd.conf config file
-F <dir> Use the dynamic configuration directory (cn=config)
-b <base> Validate only the subtree under a specific base DN
-n <index> Validate a specific database by numeric index (e.g., -n 1)
-l <file> Log invalid entries to a file instead of stdout
-v Verbose output (shows each entry being validated)

Example 1

Validate the entire main database:

slapschema -F /opt/symas/etc/openldap/slapd.d -n 1 -v

This runs through the entire first (main) database under /opt/symas/var/openldap-data, checking every entry for schema violations.

Example output:

entry dn="uid=jdoe,ou=People,dc=example,dc=com"
   objectClass 'inetOrgPerson' requires attribute 'sn'

The entry violates schema because it lacks a required sn (surname).

You can also validate only one subtree. It would look like this:

slapschema -F /opt/symas/etc/openldap/slapd.d -b "ou=People,dc=example,dc=com"

This is useful when validating a specific branch before replication or export.

The -l can also be used to log the entries to a file as well.

Example 2

Use with slapd.conf:

slapschema -f /opt/symas/etc/openldap/slapd.conf -b "dc=example,dc=com" -v

What slapschema Checks

Validation Type Description
ObjectClass rules Ensures all MUST attributes are present
Syntax enforcement Ensures attribute values match declared SYNTAX
Attribute duplication Detects duplicate attribute definitions in entries
DIT structure rules Ensures entries follow allowed parent/child class structure
Unknown attributes Flags attributes not defined in any loaded schema

Limitations

For  some backend types, your slapd(8) should not be running (at least, not in read-write mode) when you do this to ensure consistency  of  the database. It is always safe to run slapschema with the slapd-mdb(5), and slapd-null(5) backends.

For more information, please see slapschema Man Page.

 

Copyright © 2020-2024 Symas Corporation. All rights reserved.
utility slapschema

Was this article helpful?

Yes
No
Give feedback about this article

Related Articles

  • Chaining Overlay with Keep Alive Function
  • cn=monitor Reference
  • Common ldap Command Parameters
  • Common slapd Command Parameters
  • Convert Single-Master to Multi-Master Replication
  • Symas Blog RSS Feed
  • Symas on Facebook
  • Symas on Twitter
  • Symas Blog
  • Symas on LinkedIn
  • Symas YouTube Channel

Copyright © 2025, Symas Corporation. All rights reserved. Privacy Statement (updated July 31, 2023)

Phone:

Main Office: +1.650.963.7601
Fax: +1.650.390.6284

Email:

Sales: sales@symas.com
Support: support@symas.com

Office Hours:

8:00 AM - 5:00 PM ET

Office Location:

Symas Corporation
PO Box 391
Grand Junction, CO 81507 USA

Expand