When schema checking is on, the Directory Server ensures three things:
The object classes and attributes using are defined in the directory schema.
The attributes required for an object class are contained in the entry.
Only attributes allowed by the object class are contained in the entry.
Schema checking is turned on by default in the Directory Server, and the Directory Server should always run with schema checking turned on. The only situation where is may be beneficial to turn schema checking off is to accelerate LDAP import operations. However, there is a risk of importing entries that do not conform to the schema. Consequently, it is impossible to search for these entries.
In the Directory Server Console, select the Configuration tab.
Highlight the server icon at the top of the navigation tree, then select the Settings tab in the right pane.
To enable schema checking, check the Enable Schema Checking check box; clear it to turn off schema checking.
To turn schema checking on and off using LDAP commands, edit the value of the
nsslapd-schemacheck attribute. For example:
ldapmodify -D "cn=directory manager" -W -p 389 -h server.example.com -x
replace: nsslapd-schemacheck: on
For information, see the Directory Server Configuration and Command-Line Tool Reference.