Nsslapd-schemacheck (schema checking), Warning, Note – Red Hat 8.1 User Manual

An error is returned by default when object classes that include trailing spaces are added to an entry.
Additionally, during operations such as add, modify, and import (when object classes are expanded and
missing superiors are added) trailing spaces are ignored, if appropriate. This means that even when
nsslapd-schema-ignore-trailing-spaces is on, a value such as top is not added if top is already
there. An error message is logged and returned to the client if an object class is not found and it
contains trailing spaces.

Parameter

Description

Entry DN

cn=config

Valid Values

on | off

Default Value

off

Syntax

DirectoryString

Example

nsslapd-schema-ignore-trailing-spaces: on

2.3.1.97. nsslapd-schemacheck (Schema Checking)

This attribute sets whether the database schema is enforced when entries are added or modified. When
this attribute has a value of on, Directory Server will not check the schema of existing entries until they
are modified. The database schema defines the type of information allowed in the database. The default
schema can be extended using the object classes and attribute types. For information on how to extend
the schema using the Directory Server Console, see the "Extending the Directory Schema" chapter in
the Directory Server Administrator's Guide.

WARNING

Red Hat strongly discourages turning off schema checking. This can lead to severe
interoperability problems. This is typically used for very old or non-standard LDAP data that must
be imported into the Directory Server. If there are not a lot of entries that have this problem,
consider using the extensibleObject object class in those entries to disable schema
checking on a per entry basis.

NOTE

Schema checking works by default when database modifications are made using an LDAP client,
such as ldapmodify or when importing a database from LDIF using ldif2db. If schema
checking is turned off, every entry has to be verified manually to see that they conform to the
schema. If schema checking is turned on, the server sends an error message listing the entries
which do not match the schema. Ensure that the attributes and object classes created in the LDIF
statements are both spelled correctly and identified in dse.ldif. Either create an LDIF file in the
schema directory or add the elements to 99user.ldif.

Parameter

Description

Entry DN

cn=config

Valid Values

on | off

Default Value

on

Syntax

DirectoryString

Example

nsslapd-schemacheck: on

2.3.1.98. nsslapd-schemadir

This is the absolute path to the directory containing the Directory Server instance-specific schema files.
When the server starts up, it reads the schema files from this directory, and when the schema is
modified through LDAP tools, the schema files in this directory are updated. This directory must be
owned by the server user ID, and that user must have read and write permissions to the directory. The
default value is the schema subdirectory of the Directory Server instance-specific configuration directory,
/etc/dirsrv/slapd-instance_name/schem a.

Changes made to this attribute will not take effect until the server is restarted.

2.3.1.99. nsslapd-schemareplace

Determines whether modify operations that replace attribute values are allowed on the cn=schema
entry.

Parameter

Description

Entry DN

cn=config

Valid Values

on | off | replication-only

Red Hat Directory Server 8.1 Configuration and Command Reference

4 5