1SLAPD.OVERLAYS(5) File Formats Manual SLAPD.OVERLAYS(5)
2
3
4
6 slapd.overlays - overlays for slapd, the stand-alone LDAP daemon
7
9 The slapd(8) daemon can use a variety of different overlays to alter or
10 extend the normal behavior of a database backend. Overlays may be com‐
11 piled statically into slapd, or when module support is enabled, they
12 may be dynamically loaded. Most of the overlays are only allowed to be
13 configured on individual databases, but some may also be configured
14 globally.
15
16 Configuration options for each overlay are documented separately in the
17 corresponding slapo-<overlay>[22m(5) manual pages.
18
19 accesslog
20 Access Logging. This overlay can record accesses to a given
21 backend database on another database.
22
23 auditlog
24 Audit Logging. This overlay records changes on a given backend
25 database to an LDIF log file. By default it is not built.
26
27 autoca Automatic Certificate Authority overlay. This overlay can gen‐
28 erate X.509 certificate/key pairs for entries in the directory
29 if slapd is linked to OpenSSL. By default it is not built.
30
31 chain Chaining. This overlay allows automatic referral chasing when a
32 referral would have been returned, either when configured by the
33 server or when requested by the client.
34
35 collect
36 Collective Attributes. This overlay implements RFC 3671 collec‐
37 tive attributes; these attributes share common values over all
38 the members of the collection as inherited from an ancestor en‐
39 try.
40
41 constraint
42 Constraint. This overlay enforces a regular expression con‐
43 straint on all values of specified attributes. It is used to en‐
44 force a more rigorous syntax when the underlying attribute syn‐
45 tax is too general.
46
47 dds Dynamic Directory Services. This overlay supports dynamic ob‐
48 jects, which have a limited life after which they expire and are
49 automatically deleted.
50
51 deref Dereference Control. This overlay implements the draft Derefer‐
52 ence control. The overlay can be used with any backend or glob‐
53 ally for all backends.
54
55 dyngroup
56 Dynamic Group. This is a demo overlay which extends the Compare
57 operation to detect members of a dynamic group. It has no ef‐
58 fect on any other operations.
59
60 dynlist
61 Dynamic List. This overlay allows expansion of dynamic groups
62 and more.
63
64 homedir
65 Home Directory Provisioning. This overlay manages cre‐
66 ation/deletion of home directories for LDAP-based Unix accounts.
67
68 memberof
69 MemberOf. This overlay maintains automatic reverse group mem‐
70 bership values, typically stored in an attribute called mem‐
71 berOf. This overlay is deprecated and should be replaced with
72 dynlist.
73
74 otp OATH One-Time Password module. This module allows time-based
75 one-time password, AKA "authenticator-style", and HMAC-based
76 one-time password authentication to be used in conjunction with
77 a standard LDAP password for two factor authentication.
78
79 pbind Proxybind. This overlay forwards simple bind requests on a lo‐
80 cal database to a remote LDAP server.
81
82 pcache Proxycache. This overlay allows caching of LDAP search requests
83 in a local database. It is most often used with the
84 slapd-ldap(5) or slapd-meta(5) backends.
85
86 ppolicy
87 Password Policy. This overlay provides a variety of password
88 control mechanisms, e.g. password aging, password reuse and du‐
89 plication control, mandatory password resets, etc.
90
91 refint Referential Integrity. This overlay can be used with a backend
92 database such as slapd-mdb(5) to maintain the cohesiveness of a
93 schema which utilizes reference attributes.
94
95 remoteauth
96 Remote Authentication. This overlay delegates authentication
97 requests to remote directories.
98
99 retcode
100 Return Code. This overlay is useful to test the behavior of
101 clients when server-generated erroneous and/or unusual responses
102 occur.
103
104 rwm Rewrite/remap. This overlay is experimental. It performs basic
105 DN/data rewrite and objectClass/attributeType mapping.
106
107 sssvlv Server Side Sorting and Virtual List Views. This overlay imple‐
108 ments the RFC2891 server-side sorting control and virtual list
109 view controls, and replaces the RFC2696 paged-results implemen‐
110 tation to ensure it works with the sorting technique.
111
112 syncprov
113 Syncrepl Provider. This overlay implements the provider-side
114 support for syncrepl replication, including persistent search
115 functionality.
116
117 translucent
118 Translucent Proxy. This overlay can be used with a backend
119 database such as slapd-mdb(5) to create a "translucent proxy".
120 Content of entries retrieved from a remote LDAP server can be
121 partially overridden by the database.
122
123 unique Attribute Uniqueness. This overlay can be used with a backend
124 database such as slapd-mdb(5) to enforce the uniqueness of some
125 or all attributes within a subtree.
126
127 valsort
128 Value Sorting. This overlay can be used to enforce a specific
129 order for the values of an attribute when it is returned in a
130 search.
131
133 /etc/openldap/slapd.conf
134 default slapd configuration file
135
136 /etc/openldap/slapd.d
137 default slapd configuration directory
138
140 ldap(3), slapo-accesslog(5), slapo-auditlog(5), slapo-autoca(5),
141 slapo-chain(5), slapo-collect(5), slapo-constraint(5), slapo-dds(5),
142 slapo-deref(5), slapo-dyngroup(5), slapo-dynlist(5), slapo-memberof(5),
143 slapo-pbind(5), slapo-pcache(5), slapo-ppolicy(5), slapo-refint(5),
144 slapo-remoteauth(5), slapo-retcode(5), slapo-rwm(5), slapo-sssvlv(5),
145 slapo-syncprov(5), slapo-translucent(5), slapo-unique(5). slapo-val‐
146 sort(5). slapd-config(5), slapd.conf(5), slapd.backends(5), slapd(8).
147 "OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)
148
150 OpenLDAP Software is developed and maintained by The OpenLDAP Project
151 <http://www.openldap.org/>. OpenLDAP Software is derived from the Uni‐
152 versity of Michigan LDAP 3.3 Release.
153
154
155
156OpenLDAP 2.6.6 2023/07/31 SLAPD.OVERLAYS(5)