diff --git a/include/portable.h.in b/include/portable.h.in
index 947ae29bd5..93e1f80819 100644
--- a/include/portable.h.in
+++ b/include/portable.h.in
@@ -1,33 +1,14 @@
 /* include/portable.h.in.  Generated automatically from configure.in by autoheader.  */
 /* portable.h.top begin */
 /*
-Copyright 1998 The OpenLDAP Foundation, Redwood City, California, USA
-All rights reserved.
-
-Redistribution and use in source and binary forms are permitted only
-as authorized by the OpenLDAP Public License.  A copy of this
-license is available at http://www.OpenLDAP.org/license.html or
-in file LICENSE in the top-level directory of the distribution.
-
-This work is derived from the University of Michigan LDAP v3.3
-distribution.  Information concerning is available at
-    http://www.umich.edu/~dirsvcs/ldap/ldap.html.
-
-This work also contains materials derived from public sources.
-
----
-
-Portions Copyright (c) 1992-1996 Regents of the University of Michigan.
-All rights reserved.
-
-Redistribution and use in source and binary forms are permitted
-provided that this notice is preserved and that due credit is given
-to the University of Michigan at Ann Arbor. The name of the University
-may not be used to endorse or promote products derived from this 
-software without specific prior written permission. This software
-is provided ``as is'' without express or implied warranty.
- 
-*/
+ * Copyright 1998,1999 The OpenLDAP Foundation, Redwood City, California, USA
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted only
+ * as authorized by the OpenLDAP Public License.  A copy of this
+ * license is available at http://www.OpenLDAP.org/license.html or
+ * in file LICENSE in the top-level directory of the distribution.
+ */
 
 #ifndef _LDAP_PORTABLE_H
 #define _LDAP_PORTABLE_H
@@ -611,6 +592,15 @@ is provided ``as is'' without express or implied warranty.
 /* Define if you have the socket library (-lsocket).  */
 #undef HAVE_LIBSOCKET
 /* portable.h.bot begin */
+/*
+ * Copyright 1998,1999 The OpenLDAP Foundation, Redwood City, California, USA
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted only
+ * as authorized by the OpenLDAP Public License.  A copy of this
+ * license is available at http://www.OpenLDAP.org/license.html or
+ * in file LICENSE in the top-level directory of the distribution.
+ */
 
 #ifdef HAVE_STDDEF_H
 #	include <stddef.h>
diff --git a/servers/slapd/charray.c b/servers/slapd/charray.c
index 26a669cd60..c2eb56ceaa 100644
--- a/servers/slapd/charray.c
+++ b/servers/slapd/charray.c
@@ -29,7 +29,7 @@ charray_add(
 		    (n + 2) * sizeof(char *) );
 	}
 
-	(*a)[n++] = s;
+	(*a)[n++] = ch_strdup(s);
 	(*a)[n] = NULL;
 }
 
@@ -51,7 +51,7 @@ charray_merge(
 	*a = (char **) ch_realloc( (char *) *a, (n + nn + 1) * sizeof(char *) );
 
 	for ( i = 0; i < nn; i++ ) {
-		(*a)[n + i] = s[i];
+		(*a)[n + i] = ch_strdup(s[i]);
 	}
 	(*a)[n + nn] = NULL;
 }
diff --git a/servers/slapd/schema.c b/servers/slapd/schema.c
index 05dbd55777..f4fab6022c 100644
--- a/servers/slapd/schema.c
+++ b/servers/slapd/schema.c
@@ -10,7 +10,7 @@
 #include "slap.h"
 
 static struct objclass	*oc_find(char *ocname);
-static int		oc_check_required(Entry *e, char *ocname);
+static char *	oc_check_required(Entry *e, char *ocname);
 static int		oc_check_allowed(char *type, struct berval **ocl);
 
 /*
@@ -35,10 +35,12 @@ oc_schema_check( Entry *e )
 
 	/* check that the entry has required attrs for each oc */
 	for ( i = 0; aoc->a_vals[i] != NULL; i++ ) {
-		if ( oc_check_required( e, aoc->a_vals[i]->bv_val ) != 0 ) {
+		char *s = oc_check_required( e, aoc->a_vals[i]->bv_val );
+
+		if (s != NULL) {
 			Debug( LDAP_DEBUG_ANY,
-			    "Entry (%s), required attr (%s) missing\n",
-			    e->e_dn, aoc->a_vals[i]->bv_val, 0 );
+			    "Entry (%s), oc \"%s\" requires attr \"%s\"\n",
+			    e->e_dn, aoc->a_vals[i]->bv_val, s );
 			ret = 1;
 		}
 	}
@@ -51,7 +53,7 @@ oc_schema_check( Entry *e )
 	for ( a = e->e_attrs; a != NULL; a = a->a_next ) {
 		if ( oc_check_allowed( a->a_type, aoc->a_vals ) != 0 ) {
 			Debug( LDAP_DEBUG_ANY,
-			    "Entry (%s), attr (%s) not allowed\n",
+			    "Entry (%s), attr \"%s\" not allowed\n",
 			    e->e_dn, a->a_type, 0 );
 			ret = 1;
 		}
@@ -60,7 +62,7 @@ oc_schema_check( Entry *e )
 	return( ret );
 }
 
-static int
+static char *
 oc_check_required( Entry *e, char *ocname )
 {
 	struct objclass	*oc;
@@ -89,11 +91,25 @@ oc_check_required( Entry *e, char *ocname )
 
 		/* not there => schema violation */
 		if ( a == NULL ) {
-			return( 1 );
+			return oc->oc_required[i];
 		}
 	}
 
-	return( 0 );
+	return( NULL );
+}
+
+/*
+ * check to see if attribute is 'operational' or not.
+ * this function should be externalized...
+ */
+static int
+oc_check_operational( char *type )
+{
+	return ( strcasecmp( type, "modifiersname" ) == 0 ||
+		strcasecmp( type, "modifytimestamp" ) == 0 ||
+		strcasecmp( type, "creatorsname" ) == 0 ||
+		strcasecmp( type, "createtimestamp" ) == 0 )
+		? 1 : 0;
 }
 
 static int
@@ -107,6 +123,10 @@ oc_check_allowed( char *type, struct berval **ocl )
 		return( 0 );
 	}
 
+	if ( oc_check_operational( type ) ) {
+		return( 0 );
+	}
+
 	/* check that the type appears as req or opt in at least one oc */
 	for ( i = 0; ocl[i] != NULL; i++ ) {
 		/* if we know about the oc */
diff --git a/tests/data/slapd-master.conf b/tests/data/slapd-master.conf
index 59657b7444..74ce2d19b0 100644
--- a/tests/data/slapd-master.conf
+++ b/tests/data/slapd-master.conf
@@ -3,7 +3,7 @@
 #
 include		./data/slapd.at.conf
 include		./data/slapd.oc.conf
-schemacheck	off
+schemacheck	on
 
 #######################################################################
 # ldbm database definitions
diff --git a/tests/data/slapd.oc.conf b/tests/data/slapd.oc.conf
index 94f2349ba5..02e3b2bdb1 100644
--- a/tests/data/slapd.oc.conf
+++ b/tests/data/slapd.oc.conf
@@ -83,18 +83,17 @@ objectclass organizationalUnit
 objectclass person
 	requires
 		objectClass,
-		sn,
 		cn
 	allows
 		description,
 		seeAlso,
+		sn,
 		telephoneNumber,
 		userPassword
 
 objectclass organizationalPerson
 	requires
 		objectClass,
-		sn,
 		cn
 	allows
 		description,
@@ -110,6 +109,7 @@ objectclass organizationalPerson
 		preferredDeliveryMethod,
 		registeredAddress,
 		seeAlso,
+		sn,
 		st,
 		streetAddress,
 		telephoneNumber,
@@ -161,7 +161,6 @@ objectclass groupOfNames
 objectclass residentialPerson
 	requires
 		objectClass,
-		sn,
 		cn,
 		l
 	allows
@@ -178,6 +177,7 @@ objectclass residentialPerson
 		preferredDeliveryMethod,
 		registeredAddress,
 		seeAlso,
+		sn,
 		st,
 		streetAddress,
 		telephoneNumber,
@@ -261,7 +261,6 @@ objectclass pilotObject
 objectclass newPilotPerson
 	requires
 		objectClass,
-		sn,
 		cn
 	allows
 		businessCategory,
@@ -270,6 +269,8 @@ objectclass newPilotPerson
 		homePhone,
 		homePostalAddress,
 		janetMailbox,
+		lastModifiedBy,
+		lastModifiedTime,
 		mail,
 		mailPreferenceOption,
 		mobile,
@@ -282,6 +283,7 @@ objectclass newPilotPerson
 		roomNumber,
 		secretary,
 		seeAlso,
+		sn,
 		telephoneNumber,
 		textEncodedORaddress,
 		uid,
@@ -663,9 +665,7 @@ objectclass kerberosSecurityObject
 objectclass umichPerson
 	requires
 		objectClass,
-		sn,
-		cn,
-		universityID
+		cn
 	allows
 		affiliationCode,
 		audio,
@@ -714,6 +714,7 @@ objectclass umichPerson
 		roomNumber,
 		secretary,
 		seeAlso,
+		sn,
 		st,
 		streetAddress,
 		telephoneNumber,
@@ -722,6 +723,7 @@ objectclass umichPerson
 		textEncodedORaddress,
 		title,
 		uid,
+		universityID,
 		updateSource,
 		userCertificate,
 		userClass,