OpenDS Tips: Disabling Schema checking

Opends Logo TagWhen you install OpenDS LDAP directory server, the server is configured to verify that newly-written or added entries conform to the directory server's schema (and therefore conform to the LDAP standards).

If you intend to run a reliable service with OpenDS, and provide interoperability between multiple LDAP clients, you should not change this setting. But sometime, developers need to quickly test LDAP with existing data and don't have the complete definition of the schema, or don't have time to deal with loading the proper schema. Then, the quick option is to disable schema checking.

This can be done using the dsconfig advanced mode, and the global configuration option check-schema.

dsconfig set-global-configuration-prop \\
--set check-schema:false \\
--hostname localhost \\
--trustAll \\
--port 4444 \\
--bindDN cn=Directory\\ Manager \\
--bindPassword \*\*\*\*\*\* \\
--no-prompt

There are 2 other properties that can be tuned for a finer grain control of schema checking:

  • invalid-attribute-syntax-behavior: controls whether the syntax of the attribute values are checked when adding, modifying entries.
  • single-structural-objectclass-behavior: controls how the server should behave if an attempt is made to add or modify an entry with more than one structural objectclass.

You can find more details on schema checking on the OpenDS documentation wiki and more specifically at https://www.opends.org/wiki/page/HowToExtendTheLDAPSchema#section-HowToExtendTheLDAPSchema-ConfiguringSchemaChecking

Technorati Tags: , , ,

Comments:

Even though schema checking is turned off, is there something written to a log when something does not conform?

I would like to firefight things before turning it back on.

Posted by Karl on January 21, 2009 at 02:22 PM CET #

No, when schema checking is disabled, there is no check thus no warning.

Posted by Ludo on January 22, 2009 at 03:22 AM CET #

Post a Comment:
Comments are closed for this entry.
About

This is the blog of a senior software engineer, specialized in LDAP, Directory Server and OpenDS. Ludovic Poitou works in France at the Grenoble Engineering Center, in the Directory Services Engineering team. Outside work, I love skiing and taking photo

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today