Chapter 4. Validating the syntax of existing attribute values

With syntax validation, the Directory Server checks if an attribute value follows the rules of the syntax provided in the definition of that attribute. The Directory Server records the results of syntax validation tasks in the /var/log/dirsrv/slapd-instance_name/errors file.

Manual syntax validation is required if:

  • You have the syntax validation disabled in the nsslapd-syntaxcheck parameter.

    Note

    Red Hat recommends that syntax validation should not be disabled.

  • You migrate data from a server with disabled or without syntax validation.

4.1. Creating a syntax validation task using the dsconf schema validate-syntax command

With the dsconf schema validate-syntax command, you can create a syntax validation task to check every modified attribute and ensure that the new value has the required syntax.

Procedure

  • To create a syntax validation task, enter:

    # dsconf -D "cn=Directory Manager" ldap://server.example.com schema validate-syntax -f '(objectclass=inetorgperson)' ou=People,dc=example,dc=com

    In the example output, the command creates a task that validates the syntax of all values in the ou=People,dc=example,dc=com sub-tree which match the (objectclass=inetorgperson) filter.

4.2. Creating a syntax validation task using a cn task entry

The cn=tasks,cn=config entry in the Directory Server configuration is a container entry for temporary entries used by the server for managing tasks. You can initiate a syntax validation operation by creating a task in the cn=syntax validate,cn=tasks,cn=config entry.

Procedure

  • To initiate a syntax validation operation, create a task in the cn=syntax validate,cn=tasks,cn=config entry as follows:

    # ldapadd -D "cn=Directory Manager" -W -p 389 -H ldap://server.example.com -x
    
    dn: cn=example_syntax_validate,cn=syntax validate,cn=tasks,cn=config
    objectclass: extensibleObject
    cn: cn=example_syntax_validate
    basedn: ou=People,dc=example,dc=com
    filter: (objectclass=inetorgperson)

    In the example output, the command creates a task that validates the syntax of all values in the ou=People,dc=example,dc=com sub-tree that is similar to the (objectclass=inetorgperson) filter. When the task completes, Directory Server deletes the entry from the directory configuration.