SLAPD.OVERLAYS(5) File Formats Manual SLAPD.OVERLAYS(5)
NAME
slapd.overlays - overlays for slapd, the stand-alone LDAP daemon
DESCRIPTION
The slapd(8) daemon can use a variety of different overlays to alter or
extend the normal behavior of a database backend. Overlays may be com-
piled statically into slapd, or when module support is enabled, they may
be dynamically loaded. Most of the overlays are only allowed to be con-
figured on individual databases, but some may also be configured glob-
ally.
Configuration options for each overlay are documented separately in the
corresponding slapo-<overlay>(5) manual pages.
accesslog
Access Logging. This overlay can record accesses to a given
backend database on another database.
auditlog
Audit Logging. This overlay records changes on a given backend
database to an LDIF log file. By default it is not built.
autoca Automatic Certificate Authority overlay. This overlay can gener-
ate X.509 certificate/key pairs for entries in the directory if
slapd is linked to OpenSSL. By default it is not built.
chain Chaining. This overlay allows automatic referral chasing when a
referral would have been returned, either when configured by the
server or when requested by the client.
collect
Collective Attributes. This overlay implements RFC 3671 collec-
tive attributes; these attributes share common values over all
the members of the collection as inherited from an ancestor en-
try.
constraint
Constraint. This overlay enforces a regular expression con-
straint on all values of specified attributes. It is used to en-
force a more rigorous syntax when the underlying attribute syntax
is too general.
dds Dynamic Directory Services. This overlay supports dynamic ob-
jects, which have a limited life after which they expire and are
automatically deleted.
deref Dereference Control. This overlay implements the draft Derefer-
ence control. The overlay can be used with any backend or glob-
ally for all backends.
dyngroup
Dynamic Group. This is a demo overlay which extends the Compare
operation to detect members of a dynamic group. It has no effect
on any other operations.
dynlist
Dynamic List. This overlay allows expansion of dynamic groups
and more.
homedir
Home Directory Provisioning. This overlay manages creation/dele-
tion of home directories for LDAP-based Unix accounts.
memberof
MemberOf. This overlay maintains automatic reverse group member-
ship values, typically stored in an attribute called memberOf.
This overlay is deprecated and should be replaced with dynlist.
otp OATH One-Time Password module. This module allows time-based
one-time password, AKA "authenticator-style", and HMAC-based one-
time password authentication to be used in conjunction with a
standard LDAP password for two factor authentication.
pbind Proxybind. This overlay forwards simple bind requests on a local
database to a remote LDAP server.
pcache Proxycache. This overlay allows caching of LDAP search requests
in a local database. It is most often used with the
slapd-ldap(5) or slapd-meta(5) backends.
ppolicy
Password Policy. This overlay provides a variety of password
control mechanisms, e.g. password aging, password reuse and du-
plication control, mandatory password resets, etc.
refint Referential Integrity. This overlay can be used with a backend
database such as slapd-mdb(5) to maintain the cohesiveness of a
schema which utilizes reference attributes.
remoteauth
Remote Authentication. This overlay delegates authentication re-
quests to remote directories.
retcode
Return Code. This overlay is useful to test the behavior of
clients when server-generated erroneous and/or unusual responses
occur.
rwm Rewrite/remap. This overlay is experimental. It performs basic
DN/data rewrite and objectClass/attributeType mapping.
sssvlv Server Side Sorting and Virtual List Views. This overlay imple-
ments the RFC2891 server-side sorting control and virtual list
view controls, and replaces the RFC2696 paged-results implementa-
tion to ensure it works with the sorting technique.
syncprov
Syncrepl Provider. This overlay implements the provider-side
support for syncrepl replication, including persistent search
functionality.
translucent
Translucent Proxy. This overlay can be used with a backend data-
base such as slapd-mdb(5) to create a "translucent proxy". Con-
tent of entries retrieved from a remote LDAP server can be par-
tially overridden by the database.
unique Attribute Uniqueness. This overlay can be used with a backend
database such as slapd-mdb(5) to enforce the uniqueness of some
or all attributes within a subtree.
valsort
Value Sorting. This overlay can be used to enforce a specific
order for the values of an attribute when it is returned in a
search.
FILES
/etc/ldap/slapd.conf
default slapd configuration file
/etc/ldap/slapd.d
default slapd configuration directory
SEE ALSO
ldap(3), slapo-accesslog(5), slapo-auditlog(5), slapo-autoca(5),
slapo-chain(5), slapo-collect(5), slapo-constraint(5), slapo-dds(5),
slapo-deref(5), slapo-dyngroup(5), slapo-dynlist(5), slapo-memberof(5),
slapo-pbind(5), slapo-pcache(5), slapo-ppolicy(5), slapo-refint(5),
slapo-remoteauth(5), slapo-retcode(5), slapo-rwm(5), slapo-sssvlv(5),
slapo-syncprov(5), slapo-translucent(5), slapo-unique(5). slapo-val-
sort(5). slapd-config(5), slapd.conf(5), slapd.backends(5), slapd(8).
"OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)
ACKNOWLEDGEMENTS
OpenLDAP Software is developed and maintained by The OpenLDAP Project
<http://www.openldap.org/>. OpenLDAP Software is derived from the Uni-
versity of Michigan LDAP 3.3 Release.
OpenLDAP 2.6.10+dfsg-1 2025/05/22 SLAPD.OVERLAYS(5)
Generated by dwww version 1.16 on Tue Dec 16 04:46:28 CET 2025.