When schema checking is on, Directory Server ensures that all import, add, and modify operations conform to the currently defined directory schema.
The object classes and attributes of each entry conform to the schema.
The entry contains all required attributes for all of its defined object classes.
The entry contains only attributes that are allowed by its object classes.
When modifying an entry, Directory Server performs schema checking on the entire entry, not just on the attributes that are being modified. Therefore, the operation might fail if any object class or attribute in the entry does not conform to the schema.
However, schema checking does not verify the validity of attribute values with regard to their syntax.
Schema checking is turned on by default. In general, run Directory Server with schema checking turned on. Many client applications assume that having schema checking turned on is an indication that all entries conform to the schema. However, turning on schema checking does not cause Directory Server to verify the existing contents in the directory. The only way to guarantee that all directory contents conform to the schema is to turn on schema checking before adding any entries or reinitializing all entries.
One case where you might want to turn schema checking off is to accelerate import operations of LDIF files known to conform to the schema. However, there is a risk of importing entries that do not conform to the schema. If schema checking is off, imported entries that do not confirm to the schema are not detected.
See Replicating Directory Schema for details on using schema checking in replicated environments.
When an entry does not conform to the schema, it might not be possible to search for this entry, and modification operations on the entry might fail. Follow the steps in this procedure to correct the problem.
You can use DSCC to perform this task. For information, see Directory Service Control Center Interface and the DSCC online help.
To avoid having to fix schema compliance issues, plan your schema ahead of your deployment to minimize schema changes. For more information, see the Sun Directory Server Enterprise Edition 7.0 Deployment Planning Guide.
To determine why the entry does not comply, retrieve the entry and manually compare it with the currently defined schema.
Modify the entry so that it complies with the schema, or modify the schema so that it complies with the entry.