slapd.overlays(5) — Linux manual page


SLAPD.OVERLAYS(5)          File Formats Manual         SLAPD.OVERLAYS(5)

NAME         top

       slapd.overlays - overlays for slapd, the stand-alone LDAP daemon

DESCRIPTION         top

       The slapd(8) daemon can use a variety of different overlays to
       alter or extend the normal behavior of a database backend.
       Overlays may be compiled statically into slapd, or when module
       support is enabled, they may be dynamically loaded. Most of the
       overlays are only allowed to be configured on individual
       databases, but some may also be configured globally.

       Configuration options for each overlay are documented separately
       in the corresponding slapo-<overlay>(5) manual pages.

              Access Logging.  This overlay can record accesses to a
              given backend database on another database.

              Audit Logging.  This overlay records changes on a given
              backend database to an LDIF log file.  By default it is
              not built.

       autoca Automatic Certificate Authority overlay.  This overlay can
              generate X.509 certificate/key pairs for entries in the
              directory if slapd is linked to OpenSSL.  By default it is
              not built.

       chain  Chaining.  This overlay allows automatic referral chasing
              when a referral would have been returned, either when
              configured by the server or when requested by the client.

              Collective Attributes.  This overlay implements RFC 3671
              collective attributes; these attributes share common
              values over all the members of the collection as inherited
              from an ancestor entry.

              Constraint.  This overlay enforces a regular expression
              constraint on all values of specified attributes. It is
              used to enforce a more rigorous syntax when the underlying
              attribute syntax is too general.

       dds    Dynamic Directory Services.  This overlay supports dynamic
              objects, which have a limited life after which they expire
              and are automatically deleted.

       deref  Dereference Control.  This overlay implements the draft
              Dereference control. The overlay can be used with any
              backend or globally for all backends.

              Dynamic Group.  This is a demo overlay which extends the
              Compare operation to detect members of a dynamic group.
              It has no effect on any other operations.

              Dynamic List.  This overlay allows expansion of dynamic
              groups and more.

              Home Directory Provisioning.  This overlay manages
              creation/deletion of home directories for LDAP-based Unix

              MemberOf.  This overlay maintains automatic reverse group
              membership values, typically stored in an attribute called
              memberOf. This overlay is deprecated and should be
              replaced with dynlist.

       otp    OATH One-Time Password module.  This module allows time-
              based one-time password, AKA "authenticator-style", and
              HMAC-based one-time password authentication to be used in
              conjunction with a standard LDAP password for two factor

       pbind  Proxybind.  This overlay forwards simple bind requests on
              a local database to a remote LDAP server.

       pcache Proxycache.  This overlay allows caching of LDAP search
              requests in a local database.  It is most often used with
              the slapd-ldap(5) or slapd-meta(5) backends.

              Password Policy.  This overlay provides a variety of
              password control mechanisms, e.g. password aging, password
              reuse and duplication control, mandatory password resets,

       refint Referential Integrity.  This overlay can be used with a
              backend database such as slapd-mdb(5) to maintain the
              cohesiveness of a schema which utilizes reference

              Remote Authentication.  This overlay delegates
              authentication requests to remote directories.

              Return Code.  This overlay is useful to test the behavior
              of clients when server-generated erroneous and/or unusual
              responses occur.

       rwm    Rewrite/remap.  This overlay is experimental.  It performs
              basic DN/data rewrite and objectClass/attributeType

       sssvlv Server Side Sorting and Virtual List Views.  This overlay
              implements the RFC2891 server-side sorting control and
              virtual list view controls, and replaces the RFC2696
              paged-results implementation to ensure it works with the
              sorting technique.

              Syncrepl Provider.  This overlay implements the provider-
              side support for syncrepl replication, including
              persistent search functionality.

              Translucent Proxy.  This overlay can be used with a
              backend database such as slapd-mdb(5) to create a
              "translucent proxy".  Content of entries retrieved from a
              remote LDAP server can be partially overridden by the

       unique Attribute Uniqueness.  This overlay can be used with a
              backend database such as slapd-mdb(5) to enforce the
              uniqueness of some or all attributes within a subtree.

              Value Sorting.  This overlay can be used to enforce a
              specific order for the values of an attribute when it is
              returned in a search.

FILES         top

              default slapd configuration file

              default slapd configuration directory

SEE ALSO         top

       ldap(3), slapo-accesslog(5), slapo-auditlog(5), slapo-autoca(5),
       slapo-chain(5), slapo-collect(5), slapo-constraint(5),
       slapo-dds(5), slapo-deref(5), slapo-dyngroup(5),
       slapo-dynlist(5), slapo-memberof(5), slapo-pbind(5),
       slapo-pcache(5), slapo-ppolicy(5), slapo-refint(5),
       slapo-remoteauth(5), slapo-retcode(5), slapo-rwm(5),
       slapo-sssvlv(5), slapo-syncprov(5), slapo-translucent(5),
       slapo-unique(5).  slapo-valsort(5).  slapd-config(5),
       slapd.conf(5), slapd.backends(5), slapd(8).  "OpenLDAP
       Administrator's Guide" (


       OpenLDAP Software is developed and maintained by The OpenLDAP
       Project <>.  OpenLDAP Software is derived
       from the University of Michigan LDAP 3.3 Release.

COLOPHON         top

       This page is part of the OpenLDAP (an open source implementation
       of the Lightweight Directory Access Protocol) project.
       Information about the project can be found at 
       ⟨⟩.  If you have a bug report for this
       manual page, see ⟨⟩.  This page was
       obtained from the project's upstream Git repository
       ⟨⟩ on 2021-08-27.
       (At that time, the date of the most recent commit that was found
       in the repository was 2021-08-26.)  If you discover any rendering
       problems in this HTML version of the page, or you believe there
       is a better or more up-to-date source for the page, or you have
       corrections or improvements to the information in this COLOPHON
       (which is not part of the original manual page), send a mail to


Pages that refer to this page: slapd.backends(5)slapd.conf(5)slapd-config(5)