When you install OpenDS LDAP directory server, the server is configured to verify that newly-written or added entries conform to the directory server’s schema (and therefore conform to the LDAP standards).
If you intend to run a reliable service with OpenDS, and provide interoperability between multiple LDAP clients, you should not change this setting. But sometime, developers need to quickly test LDAP with existing data and don’t have the complete definition of the schema, or don’t have time to deal with loading the proper schema. Then, the quick option is to disable schema checking.
This can be done using the dsconfig advanced mode, and the global configuration option check-schema.
dsconfig set-global-configuration-prop \
–set check-schema:false \
–hostname localhost \
–trustAll \
–port 4444 \
–bindDN cn=Directory\ Manager \
–bindPassword ****** \
–no-prompt
There are 2 other properties that can be tuned for a finer grain control of schema checking:
- invalid-attribute-syntax-behavior: controls whether the syntax of the attribute values are checked when adding, modifying entries.
- single-structural-objectclass-behavior: controls how the server should behave if an attempt is made to add or modify an entry with more than one structural objectclass.
You can find more details on schema checking on the OpenDS documentation wiki and more specifically at https://www.opends.org/wiki/page/HowToExtendTheLDAPSchema#section-HowToExtendTheLDAPSchema-ConfiguringSchemaChecking
Technorati Tags: directory-server, ldap, opends, tip
Ludo Sketches 
Even though schema checking is turned off, is there something written to a log when something does not conform?
I would like to firefight things before turning it back on.
No, when schema checking is disabled, there is no check thus no warning.