Chapter 4. Validating the syntax of existing attribute values
With syntax validation, the Directory Server checks if an attribute value follows the rules of the syntax provided in the definition of that attribute. The Directory Server records the results of syntax validation tasks in the /var/log/dirsrv/slapd-instance_name/errors file.
Manual syntax validation is required if:
You have the syntax validation disabled in the
nsslapd-syntaxcheckparameter.NoteRed Hat recommends that syntax validation should not be disabled.
- You migrate data from a server with disabled or without syntax validation.
4.1. Creating a syntax validation task using the dsconf schema validate-syntax command
With the dsconf schema validate-syntax command, you can create a syntax validation task to check every modified attribute and ensure that the new value has the required syntax.
Procedure
To create a syntax validation task, enter:
# dsconf -D "cn=Directory Manager" ldap://server.example.com schema validate-syntax -f '(objectclass=inetorgperson)' ou=People,dc=example,dc=com
In the example output, the command creates a task that validates the syntax of all values in the
ou=People,dc=example,dc=comsub-tree which match the(objectclass=inetorgperson)filter.
4.2. Creating a syntax validation task using a cn task entry
The cn=tasks,cn=config entry in the Directory Server configuration is a container entry for temporary entries used by the server for managing tasks. You can initiate a syntax validation operation by creating a task in the cn=syntax validate,cn=tasks,cn=config entry.
Procedure
To initiate a syntax validation operation, create a task in the
cn=syntax validate,cn=tasks,cn=configentry as follows:# ldapadd -D "cn=Directory Manager" -W -p 389 -H ldap://server.example.com -x dn: cn=example_syntax_validate,cn=syntax validate,cn=tasks,cn=config objectclass: extensibleObject cn: cn=example_syntax_validate basedn: ou=People,dc=example,dc=com filter: (objectclass=inetorgperson)In the example output, the command creates a task that validates the syntax of all values in the
ou=People,dc=example,dc=comsub-tree that is similar to the(objectclass=inetorgperson)filter. When the task completes, Directory Server deletes the entry from the directory configuration.
Additional resources