Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in / Register
Toggle navigation
Menu
Open sidebar
Joe Martin
OpenLDAP
Commits
a7f4102b
Commit
a7f4102b
authored
Jun 03, 2009
by
Quanah Gibson-Mount
Browse files
ITS#6150
parent
aebb63ec
Changes
7
Hide whitespace changes
Inline
Side-by-side
CHANGES
View file @
a7f4102b
...
...
@@ -7,6 +7,7 @@ OpenLDAP 2.4.17 Engineering
Fixed liblutil opendir/closedir on windows (ITS#6041)
Fixed liblutil for _GNU_SOURCE (ITS#5464,ITS#5666)
Added slapd sasl auxprop support (ITS#6147)
Added slapd schema checking tool (ITS#6150)
Fixed slapd assert with closing connections (ITS#6111)
Fixed slapd cert validation (ITS#6098)
Fixed slapd errno handling (ITS#6037)
...
...
doc/man/man8/slapschema.8
0 → 100644
View file @
a7f4102b
.TH SLAPSCHEMA 8C "RELEASEDATE" "OpenLDAP LDVERSION"
.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.\" $OpenLDAP$
.SH NAME
slapschema \- SLAPD in-database schema checking utility
.SH SYNOPSIS
.B SBINDIR/slapschema
.B [\-a filter]
.B [\-b suffix]
.B [\-c]
.B [\-d level]
.B [\-f slapd.conf]
.B [\-F confdir]
.B [\-g]
.B [\-l error-file]
.B [\-n dbnum]
.B [\-o name[=value]]
.B [\-s subtree-dn]
.B [\-v]
.B
.LP
.SH DESCRIPTION
.LP
.B Slapschema
is used to check schema compliance of the contents of a
.BR slapd (8)
database.
It opens the given database determined by the database number or
suffix and checks the compliance of its contents with the corresponding
schema. Errors are written to standard output or the specified file.
Databases configured as
.B subordinate
of this one are also output, unless \fB-g\fP is specified.
.LP
Administrators may need to modify existing schema items, including
adding new required attributes to objectClasses,
removing existing required or allowed attributes from objectClasses,
entirely removing objectClasses,
or any other change that may result in making perfectly valid entries
no longer compliant with the modified schema.
The execution of the
.B slapschema tool after modifying the schema can point out
inconsistencies that would otherwise surface only as soon as
inconsistent entries need to be modified.
.LP
The entry records are checked in database order, not superior first
order. The entry records will be checked considering all
(user and operational) attributes stored in the database.
Dynamically generated attributes (such as subschemaSubentry)
will not be considered.
.SH OPTIONS
.TP
.BI \-a " filter"
Only check entries matching the asserted filter.
For example
slapschema -a \\
"(!(entryDN:dnSubtreeMatch:=ou=People,dc=example,dc=com))"
will check all but the "ou=People,dc=example,dc=com" subtree
of the "dc=example,dc=com" database.
.TP
.BI \-b " suffix"
Use the specified \fIsuffix\fR to determine which database to
check. The \-b cannot be used in conjunction
with the
.B \-n
option.
.TP
.B \-c
Enable continue (ignore errors) mode.
.TP
.BI \-d " level"
Enable debugging messages as defined by the specified
.IR level ;
see
.BR slapd (8)
for details.
.TP
.BI \-f " slapd.conf"
Specify an alternative
.BR slapd.conf (5)
file.
.TP
.BI \-F " confdir"
specify a config directory.
If both
.B -f
and
.B -F
are specified, the config file will be read and converted to
config directory format and written to the specified directory.
If neither option is specified, an attempt to read the
default config directory will be made before trying to use the default
config file. If a valid config directory exists then the
default config file is ignored.
.TP
.B \-g
disable subordinate gluing. Only the specified database will be
processed, and not its glued subordinates (if any).
.TP
.BI \-l " error-file"
Write errors to specified file instead of standard output.
.TP
.BI \-n " dbnum"
Check the \fIdbnum\fR\-th database listed in the
configuration file. The config database
.BR slapd-config (5),
is always the first database, so use
.B \-n 0
The
.B \-n
cannot be used in conjunction with the
.B \-b
option.
.TP
.BI \-o " option[=value]"
Specify an
.BR option
with a(n optional)
.BR value .
Possible generic options/values are:
.LP
.nf
syslog=<subsystems> (see `\-s' in slapd(8))
syslog-level=<level> (see `\-S' in slapd(8))
syslog-user=<user> (see `\-l' in slapd(8))
.fi
.TP
.BI \-s " subtree-dn"
Only check entries in the subtree specified by this DN.
Implies `-b subtree-dn' if no
.B \-b
nor
.B \-n
option is given.
.TP
.B \-v
Enable verbose mode.
.SH LIMITATIONS
For some backend types, your
.BR slapd (8)
should not be running (at least, not in read-write
mode) when you do this to ensure consistency of the database. It is
always safe to run
.B slapschema
with the
.BR slapd-bdb (5),
.BR slapd-hdb (5),
and
.BR slapd-null (5)
backends.
.SH EXAMPLES
To check the schema compliance of your SLAPD database after modifications
to the schema, and put any error in a file called
.BR errors.ldif ,
give the command:
.LP
.nf
.ft tt
SBINDIR/slapcat -l errors.ldif
.ft
.fi
.SH "SEE ALSO"
.BR ldap (3),
.BR ldif (5),
.BR slapd (8)
.LP
"OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)
.SH ACKNOWLEDGEMENTS
.so ../Project
servers/slapd/Makefile.in
View file @
a7f4102b
...
...
@@ -13,7 +13,7 @@
## top-level directory of the distribution or, alternatively, at
## <http://www.OpenLDAP.org/license.html>.
SLAPTOOLS
=
slapadd slapcat slapdn slapindex slappasswd slaptest slapauth slapacl
SLAPTOOLS
=
slapadd slapcat slapdn slapindex slappasswd slaptest slapauth slapacl
slapschema
PROGRAMS
=
slapd
$(SLAPTOOLS)
XPROGRAMS
=
sslapd libbackends.a .backend liboverlays.a
XSRCS
=
version.c
...
...
@@ -38,7 +38,7 @@ SRCS = main.c globals.c bconfig.c config.c daemon.c \
backglue.c backover.c ctxcsn.c ldapsync.c frontend.c
\
slapadd.c slapcat.c slapcommon.c slapdn.c slapindex.c
\
slappasswd.c slaptest.c slapauth.c slapacl.c component.c
\
aci.c alock.c txn.c
\
aci.c alock.c txn.c
slapschema.c
\
$
(
@PLAT@_SRCS
)
OBJS
=
main.o globals.o bconfig.o config.o daemon.o
\
...
...
@@ -56,7 +56,7 @@ OBJS = main.o globals.o bconfig.o config.o daemon.o \
backglue.o backover.o ctxcsn.o ldapsync.o frontend.o
\
slapadd.o slapcat.o slapcommon.o slapdn.o slapindex.o
\
slappasswd.o slaptest.o slapauth.o slapacl.o component.o
\
aci.o alock.o txn.o
\
aci.o alock.o txn.o
slapschema.o
\
$
(
@PLAT@_OBJS
)
LDAP_INCDIR
=
../../include
-I
$(srcdir)
-I
$(srcdir)
/slapi
-I
.
...
...
servers/slapd/main.c
View file @
a7f4102b
...
...
@@ -65,7 +65,7 @@ static struct sockaddr_in bind_addr;
typedef
int
(
MainFunc
)
LDAP_P
((
int
argc
,
char
*
argv
[]
));
extern
MainFunc
slapadd
,
slapcat
,
slapdn
,
slapindex
,
slappasswd
,
slaptest
,
slapauth
,
slapacl
;
slaptest
,
slapauth
,
slapacl
,
slapschema
;
static
struct
{
char
*
name
;
...
...
@@ -76,6 +76,7 @@ static struct {
{
"slapdn"
,
slapdn
},
{
"slapindex"
,
slapindex
},
{
"slappasswd"
,
slappasswd
},
{
"slapschema"
,
slapschema
},
{
"slaptest"
,
slaptest
},
{
"slapauth"
,
slapauth
},
{
"slapacl"
,
slapacl
},
...
...
servers/slapd/slapcommon.c
View file @
a7f4102b
...
...
@@ -94,6 +94,11 @@ usage( int tool, const char *progname )
case
SLAPTEST
:
options
=
" [-u]
\n
"
;
break
;
case
SLAPSCHEMA
:
options
=
" [-c]
\n\t
[-g] [-n databasenumber | -b suffix]"
" [-l errorfile] [-a filter] [-s subtree]
\n
"
;
break
;
}
if
(
options
!=
NULL
)
{
...
...
@@ -222,6 +227,7 @@ slap_tool_init(
int
mode
=
SLAP_TOOL_MODE
;
int
truncatemode
=
0
;
int
use_glue
=
1
;
int
writer
;
#ifdef LDAP_DEBUG
/* tools default to "none", so that at least LDAP_DEBUG_ANY
...
...
@@ -255,6 +261,11 @@ slap_tool_init(
mode
|=
SLAP_TOOL_READMAIN
|
SLAP_TOOL_READONLY
;
break
;
case
SLAPSCHEMA
:
options
=
"a:b:cd:f:F:gl:n:o:s:v"
;
mode
|=
SLAP_TOOL_READMAIN
|
SLAP_TOOL_READONLY
;
break
;
case
SLAPTEST
:
options
=
"d:f:F:o:Quv"
;
mode
|=
SLAP_TOOL_READMAIN
|
SLAP_TOOL_READONLY
;
...
...
@@ -396,7 +407,7 @@ slap_tool_init(
case
's'
:
/* dump subtree */
if
(
tool
==
SLAPADD
)
mode
|=
SLAP_TOOL_NO_SCHEMA_CHECK
;
else
if
(
tool
==
SLAPCAT
)
else
if
(
tool
==
SLAPCAT
||
tool
==
SLAPSCHEMA
)
subtree
=
ch_strdup
(
optarg
);
break
;
...
...
@@ -453,9 +464,21 @@ slap_tool_init(
}
#endif
/* LDAP_DEBUG && LDAP_SYSLOG */
switch
(
tool
)
{
case
SLAPCAT
:
case
SLAPSCHEMA
:
writer
=
1
;
break
;
default:
writer
=
0
;
break
;
}
switch
(
tool
)
{
case
SLAPADD
:
case
SLAPCAT
:
case
SLAPSCHEMA
:
if
(
(
argc
!=
optind
)
||
(
dbnum
>=
0
&&
base
.
bv_val
!=
NULL
)
)
{
usage
(
tool
,
progname
);
}
...
...
@@ -502,10 +525,10 @@ slap_tool_init(
}
if
(
ldiffile
==
NULL
)
{
dummy
.
fp
=
tool
==
SLAPCAT
?
stdout
:
stdin
;
dummy
.
fp
=
writer
?
stdout
:
stdin
;
ldiffp
=
&
dummy
;
}
else
if
((
ldiffp
=
ldif_open
(
ldiffile
,
tool
==
SLAPCAT
?
"w"
:
"r"
))
}
else
if
((
ldiffp
=
ldif_open
(
ldiffile
,
writer
?
"w"
:
"r"
))
==
NULL
)
{
perror
(
ldiffile
);
...
...
@@ -554,6 +577,7 @@ slap_tool_init(
case
SLAPADD
:
case
SLAPCAT
:
case
SLAPINDEX
:
case
SLAPSCHEMA
:
if
(
!
nbackends
)
{
fprintf
(
stderr
,
"No databases found "
"in config file
\n
"
);
...
...
servers/slapd/slapcommon.h
View file @
a7f4102b
...
...
@@ -26,6 +26,7 @@ enum slaptool {
SLAPDN
,
/* DN check w/ syntax tool */
SLAPINDEX
,
/* database index tool */
SLAPPASSWD
,
/* password generation tool */
SLAPSCHEMA
,
/* schema checking tool */
SLAPTEST
,
/* slapd.conf test tool */
SLAPAUTH
,
/* test authz-regexp and authc/authz stuff */
SLAPACL
,
/* test acl */
...
...
servers/slapd/slapschema.c
0 → 100644
View file @
a7f4102b
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1998-2009 The OpenLDAP Foundation.
* Portions Copyright 1998-2003 Kurt D. Zeilenga.
* Portions Copyright 2003 IBM Corporation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted only as authorized by the OpenLDAP
* Public License.
*
* A copy of this license is available in file LICENSE in the
* top-level directory of the distribution or, alternatively, at
* <http://www.OpenLDAP.org/license.html>.
*/
/* ACKNOWLEDGEMENTS:
* This work was initially developed by Pierangelo Masarati for inclusion
* in OpenLDAP Software. Code portions borrowed from slapcat.c;
* contributors are Kurt Zeilenga and Jong Hyuk Choi
*/
#include
"portable.h"
#include
<stdio.h>
#include
"ac/stdlib.h"
#include
"ac/ctype.h"
#include
"ac/socket.h"
#include
"ac/string.h"
#include
"slapcommon.h"
#include
"ldif.h"
static
volatile
sig_atomic_t
gotsig
;
static
RETSIGTYPE
slapcat_sig
(
int
sig
)
{
gotsig
=
1
;
}
int
slapschema
(
int
argc
,
char
**
argv
)
{
ID
id
;
int
rc
=
EXIT_SUCCESS
;
const
char
*
progname
=
"slapschema"
;
Connection
conn
=
{
0
};
OperationBuffer
opbuf
;
Operation
*
op
=
NULL
;
slap_tool_init
(
progname
,
SLAPCAT
,
argc
,
argv
);
#ifdef SIGPIPE
(
void
)
SIGNAL
(
SIGPIPE
,
slapcat_sig
);
#endif
#ifdef SIGHUP
(
void
)
SIGNAL
(
SIGHUP
,
slapcat_sig
);
#endif
(
void
)
SIGNAL
(
SIGINT
,
slapcat_sig
);
(
void
)
SIGNAL
(
SIGTERM
,
slapcat_sig
);
if
(
!
be
->
be_entry_open
||
!
be
->
be_entry_close
||
!
be
->
be_entry_first
||
!
be
->
be_entry_next
||
!
be
->
be_entry_get
)
{
fprintf
(
stderr
,
"%s: database doesn't support necessary operations.
\n
"
,
progname
);
exit
(
EXIT_FAILURE
);
}
if
(
be
->
be_entry_open
(
be
,
0
)
!=
0
)
{
fprintf
(
stderr
,
"%s: could not open database.
\n
"
,
progname
);
exit
(
EXIT_FAILURE
);
}
connection_fake_init
(
&
conn
,
&
opbuf
,
&
conn
);
op
=
&
opbuf
.
ob_op
;
op
->
o_tmpmemctx
=
NULL
;
op
->
o_bd
=
be
;
for
(
id
=
be
->
be_entry_first
(
be
);
id
!=
NOID
;
id
=
be
->
be_entry_next
(
be
)
)
{
Entry
*
e
;
char
textbuf
[
SLAP_TEXT_BUFLEN
];
size_t
textlen
=
sizeof
(
textbuf
);
const
char
*
text
=
NULL
;
if
(
gotsig
)
break
;
e
=
be
->
be_entry_get
(
be
,
id
);
if
(
e
==
NULL
)
{
printf
(
"# no data for entry id=%08lx
\n\n
"
,
(
long
)
id
);
rc
=
EXIT_FAILURE
;
if
(
continuemode
)
continue
;
break
;
}
if
(
sub_ndn
.
bv_len
&&
!
dnIsSuffix
(
&
e
->
e_nname
,
&
sub_ndn
)
)
{
be_entry_release_r
(
op
,
e
);
continue
;
}
if
(
filter
!=
NULL
)
{
int
rc
=
test_filter
(
NULL
,
e
,
filter
);
if
(
rc
!=
LDAP_COMPARE_TRUE
)
{
be_entry_release_r
(
op
,
e
);
continue
;
}
}
if
(
verbose
)
{
printf
(
"# id=%08lx
\n
"
,
(
long
)
id
);
}
rc
=
entry_schema_check
(
op
,
e
,
NULL
,
0
,
0
,
NULL
,
&
text
,
textbuf
,
textlen
);
if
(
rc
!=
LDAP_SUCCESS
)
{
fprintf
(
ldiffp
->
fp
,
"# (%d) %s%s%s
\n
"
,
rc
,
ldap_err2string
(
rc
),
text
?
": "
:
""
,
text
?
text
:
""
);
fprintf
(
ldiffp
->
fp
,
"dn: %s
\n\n
"
,
e
->
e_name
.
bv_val
);
}
be_entry_release_r
(
op
,
e
);
}
be
->
be_entry_close
(
be
);
if
(
slap_tool_destroy
()
)
rc
=
EXIT_FAILURE
;
return
rc
;
}
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment