12.8. Turning Schema Checking On and Off

When schema checking is on, the Directory Server ensures three things:
  • The object classes and attributes using are defined in the directory schema.
  • The attributes required for an object class are contained in the entry.
  • Only attributes allowed by the object class are contained in the entry.

Important

Red Hat recommends not to disable the schema checking.
Schema checking is turned on by default in the Directory Server, and the Directory Server should always run with schema checking turned on. The only situation where is may be beneficial to turn schema checking off is to accelerate LDAP import operations. However, there is a risk of importing entries that do not conform to the schema. Consequently, it is impossible to update these entries.

12.8.1. Turning Schema Checking On and Off Using the Command Line

To turn schema checking on and off using LDAP commands, edit the value of the nsslapd-schemacheck attribute. For example to disable schema checking:
# ldapmodify -D "cn=Directory Manager" -W -p 389 -h server.example.com -x

dn: cn=config
changetype: modify
replace: nsslapd-schemacheck
nsslapd-schemacheck: off
For details about the nsslapd-schemacheck parameter, see the description of the parameter in the Red Hat Directory Server Configuration, Command, and File Reference.

12.8.2. Turning Schema Checking On and Off Using the Console

To enable or disable schema checking using the Console:
  1. In the Directory Server Console, select the Configuration tab.
  2. Highlight the server icon at the top of the navigation tree, then select the Settings tab in the right pane.
  3. To enable schema checking, check the Enable Schema Checking check box; clear it to turn off schema checking.
  4. Click Save.