[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: schemacheck and structuralObjectClass

--On Wednesday, May 18, 2005 10:58 AM -0500 Ben Beuchler <insyte@gmail.com> wrote:

The schemacheck directive is undocumented (at least in all
current versions of OpenLDAP Software) for good reason,
it simply should never be used.  The directive has been
removed from HEAD sources, and soon will be removed from
2.3 (and likely 2.2) sources.

OK. Is there another acceptable method for validating that a new entry meets the all the requirements of the relevant schemata?

Yes, leave schemacheck ON

> If I'm creating accounts with
> "schemacheck" turned off, should I be manually adding the
> "structuralObjectClass" entry?

You should remove the schemacheck directive from slapd.conf(5)
and then rebuild.

Is removing schemacheck entirely equivalent to "schemacheck off"?

No, it would be equivalent to leaving schemacheck on.

The whole point here, is no one in their right mind should ever run an LDAP server with schemacheck off, as this disables schema checking (and thus the part that validates that your entries are sane).


Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

"These censorship operations against schools and libraries are stronger
than ever in the present religio-political climate. They often focus on
fantasy and sf books, which foster that deadly enemy to bigotry and blind
faith, the imagination." -- Ursula K. Le Guin