1SLAPD.OVERLAYS(5)             File Formats Manual            SLAPD.OVERLAYS(5)
2
3
4

NAME

6       slapd.overlays - overlays for slapd, the stand-alone LDAP daemon
7

DESCRIPTION

9       The slapd(8) daemon can use a variety of different overlays to alter or
10       extend the normal behavior of a database backend.  Overlays may be com‐
11       piled  statically  into  slapd, or when module support is enabled, they
12       may be dynamically loaded. Most of the overlays are only allowed to  be
13       configured  on  individual  databases,  but some may also be configured
14       globally.
15
16       Configuration options for each overlay are documented separately in the
17       corresponding slapo-<overlay>(5) manual pages.
18
19       accesslog
20              Access  Logging.   This  overlay  can record accesses to a given
21              backend database on another database.
22
23       auditlog
24              Audit Logging.  This overlay records changes on a given  backend
25              database to an LDIF log file.  By default it is not built.
26
27       autoca Automatic  Certificate Authority overlay.  This overlay can gen‐
28              erate X.509 certificate/key pairs for entries in  the  directory
29              if slapd is linked to OpenSSL.  By default it is not built.
30
31       chain  Chaining.  This overlay allows automatic referral chasing when a
32              referral would have been returned, either when configured by the
33              server or when requested by the client.
34
35       collect
36              Collective Attributes.  This overlay implements RFC 3671 collec‐
37              tive attributes; these attributes share common values  over  all
38              the  members of the collection as inherited from an ancestor en‐
39              try.
40
41       constraint
42              Constraint.  This overlay enforces  a  regular  expression  con‐
43              straint on all values of specified attributes. It is used to en‐
44              force a more rigorous syntax when the underlying attribute  syn‐
45              tax is too general.
46
47       dds    Dynamic  Directory  Services.  This overlay supports dynamic ob‐
48              jects, which have a limited life after which they expire and are
49              automatically deleted.
50
51       deref  Dereference Control.  This overlay implements the draft Derefer‐
52              ence control. The overlay can be used with any backend or  glob‐
53              ally for all backends.
54
55       dyngroup
56              Dynamic Group.  This is a demo overlay which extends the Compare
57              operation to detect members of a dynamic group.  It has  no  ef‐
58              fect on any other operations.
59
60       dynlist
61              Dynamic  List.   This overlay allows expansion of dynamic groups
62              and more.
63
64       homedir
65              Home  Directory  Provisioning.   This   overlay   manages   cre‐
66              ation/deletion of home directories for LDAP-based Unix accounts.
67
68       memberof
69              MemberOf.   This  overlay maintains automatic reverse group mem‐
70              bership values, typically stored in  an  attribute  called  mem‐
71              berOf.  This  overlay  is deprecated and should be replaced with
72              dynlist.
73
74       otp    OATH One-Time Password module.  This  module  allows  time-based
75              one-time  password,  AKA  "authenticator-style",  and HMAC-based
76              one-time password authentication to be used in conjunction  with
77              a standard LDAP password for two factor authentication.
78
79       pbind  Proxybind.   This overlay forwards simple bind requests on a lo‐
80              cal database to a remote LDAP server.
81
82       pcache Proxycache.  This overlay allows caching of LDAP search requests
83              in   a   local  database.   It  is  most  often  used  with  the
84              slapd-ldap(5) or slapd-meta(5) backends.
85
86       ppolicy
87              Password Policy.  This overlay provides a  variety  of  password
88              control  mechanisms, e.g. password aging, password reuse and du‐
89              plication control, mandatory password resets, etc.
90
91       refint Referential Integrity.  This overlay can be used with a  backend
92              database  such as slapd-mdb(5) to maintain the cohesiveness of a
93              schema which utilizes reference attributes.
94
95       remoteauth
96              Remote Authentication.  This  overlay  delegates  authentication
97              requests to remote directories.
98
99       retcode
100              Return  Code.   This  overlay  is useful to test the behavior of
101              clients when server-generated erroneous and/or unusual responses
102              occur.
103
104       rwm    Rewrite/remap.  This overlay is experimental.  It performs basic
105              DN/data rewrite and objectClass/attributeType mapping.
106
107       sssvlv Server Side Sorting and Virtual List Views.  This overlay imple‐
108              ments  the  RFC2891 server-side sorting control and virtual list
109              view controls, and replaces the RFC2696 paged-results  implemen‐
110              tation to ensure it works with the sorting technique.
111
112       syncprov
113              Syncrepl  Provider.   This  overlay implements the provider-side
114              support for syncrepl replication,  including  persistent  search
115              functionality.
116
117       translucent
118              Translucent  Proxy.   This  overlay  can  be used with a backend
119              database such as slapd-mdb(5) to create a  "translucent  proxy".
120              Content  of  entries  retrieved from a remote LDAP server can be
121              partially overridden by the database.
122
123       unique Attribute Uniqueness.  This overlay can be used with  a  backend
124              database  such as slapd-mdb(5) to enforce the uniqueness of some
125              or all attributes within a subtree.
126
127       valsort
128              Value Sorting.  This overlay can be used to enforce  a  specific
129              order  for  the  values of an attribute when it is returned in a
130              search.
131

FILES

133       /etc/openldap/slapd.conf
134              default slapd configuration file
135
136       /etc/openldap/slapd.d
137              default slapd configuration directory
138

SEE ALSO

140       ldap(3),   slapo-accesslog(5),   slapo-auditlog(5),    slapo-autoca(5),
141       slapo-chain(5),  slapo-collect(5),  slapo-constraint(5),  slapo-dds(5),
142       slapo-deref(5), slapo-dyngroup(5), slapo-dynlist(5), slapo-memberof(5),
143       slapo-pbind(5),   slapo-pcache(5),  slapo-ppolicy(5),  slapo-refint(5),
144       slapo-remoteauth(5), slapo-retcode(5),  slapo-rwm(5),  slapo-sssvlv(5),
145       slapo-syncprov(5),  slapo-translucent(5),  slapo-unique(5).  slapo-val‐
146       sort(5).  slapd-config(5), slapd.conf(5), slapd.backends(5),  slapd(8).
147       "OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)
148

ACKNOWLEDGEMENTS

150       OpenLDAP  Software  is developed and maintained by The OpenLDAP Project
151       <http://www.openldap.org/>.  OpenLDAP Software is derived from the Uni‐
152       versity of Michigan LDAP 3.3 Release.
153
154
155
156OpenLDAP 2.6.3                    2022/07/14                 SLAPD.OVERLAYS(5)
Impressum