12.11. Turning Schema Checking On and Off

When schema checking is on, the Directory Server ensures three things:
  • The object classes and attributes using are defined in the directory schema.
  • The attributes required for an object class are contained in the entry.
  • Only attributes allowed by the object class are contained in the entry.


Red Hat recommends not to disable the schema checking.
Schema checking is turned on by default in the Directory Server, and the Directory Server should always run with schema checking turned on. The only situation where is may be beneficial to turn schema checking off is to accelerate LDAP import operations. However, there is a risk of importing entries that do not conform to the schema. Consequently, it is impossible to update these entries.

12.11.1. Turning Schema Checking On and Off Using the Command Line

To turn schema checking on and off, set the value of the nsslapd-schemacheck parameter. For example to disable schema checking:
# dsconf -D "cn=Directory Manager" ldap://server.example.com config replace nsslapd-schemacheck=off
Successfully replaced "nsslapd-schemacheck"
For details about the nsslapd-schemacheck parameter, see the description of the parameter in the Red Hat Directory Server Configuration, Command, and File Reference.

12.11.2. Turning Schema Checking On and Off Using the Web Console

To enable or disable schema checking using the web console:
  1. Open the Directory Server user interface in the web console. See Section 1.4, “Logging Into Directory Server Using the Web Console”.
  2. Select the instance.
  3. Open the Server Settings, and select the Server Settings entry.
  4. Open the Advanced Settings tab.
  5. To enable schema checking, select the Enable Schema Checking check box. To disable the feature, clear the check box.
  6. Click Save.