Red Hat Directory Server 8.0 Administrator's Guide

4. Turning Schema Checking On and Off

When schema checking is on, the Directory Server ensures three things:

• The object classes and attributes using are defined in the directory schema.

• The attributes required for an object class are contained in the entry.

• Only attributes allowed by the object class are contained in the entry.

Schema checking is turned on by default in the Directory Server, and the Directory Server

should always run with schema checking turned on. The only situation where is may be

beneficial to turn schema checking off is to accelerate LDAP import operations. However, there

is a risk of importing entries that do not conform to the schema. Consequently, it is impossible to

search for these entries.

To turn schema checking on and off, do the following:

1. In the Directory Server Console, select the Configuration tab.

2. Highlight the server icon at the top of the navigation tree, then select the Settings tab in the

right pane.

3. To enable schema checking, check the Enable Schema Checking checkbox; clear it to turn

off schema checking.

4. Click Save.

To turn schema checking on and off using LDAP commands, edit the value of the

nsslapd-schemacheck attribute. For example:

ldapmodify -h myserver -p 389 -D "cn=directory manager" -w secretpwd

dn: cn=config

changetype: modify

replace: nsslapd-schemacheck: on

nsslapd-schemacheck: off

For information, see the Directory Server Configuration, Command, and File Reference.

Chapter 9. Extending the Directory Schema

362