slapd.overlays - overlays for slapd, the stand-alone LDAP daemon
The
slapd(8) daemon can use a variety of different overlays to alter or
extend the normal behavior of a database backend. Overlays may be compiled
statically into slapd, or when module support is enabled, they may be
dynamically loaded. Most of the overlays are only allowed to be configured on
individual databases, but some may also be configured globally.
Configuration options for each overlay are documented separately in the
corresponding
slapo-<overlay>(5) manual pages.
- accesslog
- Access Logging. This overlay can record accesses to a given
backend database on another database.
- auditlog
- Audit Logging. This overlay records changes on a given
backend database to an LDIF log file. By default it is not built.
- autoca
- Automatic Certificate Authority overlay. This overlay can
generate X.509 certificate/key pairs for entries in the directory if slapd
is linked to OpenSSL. By default it is not built.
- chain
- Chaining. This overlay allows automatic referral chasing
when a referral would have been returned, either when configured by the
server or when requested by the client.
- collect
- Collective Attributes. This overlay implements RFC 3671
collective attributes; these attributes share common values over all the
members of the collection as inherited from an ancestor entry.
- constraint
- Constraint. This overlay enforces a regular expression
constraint on all values of specified attributes. It is used to enforce a
more rigorous syntax when the underlying attribute syntax is too
general.
- dds
- Dynamic Directory Services. This overlay supports dynamic
objects, which have a limited life after which they expire and are
automatically deleted.
- deref
- Dereference Control. This overlay implements the draft
Dereference control. The overlay can be used with any backend or globally
for all backends.
- dyngroup
- Dynamic Group. This is a demo overlay which extends the
Compare operation to detect members of a dynamic group. It has no effect
on any other operations.
- dynlist
- Dynamic List. This overlay allows expansion of dynamic
groups and more.
- homedir
- Home Directory Provisioning. This overlay manages
creation/deletion of home directories for LDAP-based Unix accounts.
- memberof
- MemberOf. This overlay maintains automatic reverse group
membership values, typically stored in an attribute called memberOf. This
overlay is deprecated and should be replaced with dynlist.
- otp
- OATH One-Time Password module. This module allows
time-based one-time password, AKA "authenticator-style", and
HMAC-based one-time password authentication to be used in conjunction with
a standard LDAP password for two factor authentication.
- pbind
- Proxybind. This overlay forwards simple bind requests on a
local database to a remote LDAP server.
- pcache
- Proxycache. This overlay allows caching of LDAP search
requests in a local database. It is most often used with the
slapd-ldap(5) or slapd-meta(5) backends.
- ppolicy
- Password Policy. This overlay provides a variety of
password control mechanisms, e.g. password aging, password reuse and
duplication control, mandatory password resets, etc.
- refint
- Referential Integrity. This overlay can be used with a
backend database such as slapd-mdb(5) to maintain the cohesiveness
of a schema which utilizes reference attributes.
- remoteauth
- Remote Authentication. This overlay delegates
authentication requests to remote directories.
- retcode
- Return Code. This overlay is useful to test the behavior of
clients when server-generated erroneous and/or unusual responses
occur.
- rwm
- Rewrite/remap. This overlay is experimental. It performs
basic DN/data rewrite and objectClass/attributeType mapping.
- sssvlv
- Server Side Sorting and Virtual List Views. This overlay
implements the RFC2891 server-side sorting control and virtual list view
controls, and replaces the RFC2696 paged-results implementation to ensure
it works with the sorting technique.
- syncprov
- Syncrepl Provider. This overlay implements the
provider-side support for syncrepl replication, including
persistent search functionality.
- translucent
- Translucent Proxy. This overlay can be used with a backend
database such as slapd-mdb(5) to create a "translucent
proxy". Content of entries retrieved from a remote LDAP server can be
partially overridden by the database.
- unique
- Attribute Uniqueness. This overlay can be used with a
backend database such as slapd-mdb(5) to enforce the uniqueness of
some or all attributes within a subtree.
- valsort
- Value Sorting. This overlay can be used to enforce a
specific order for the values of an attribute when it is returned in a
search.
- /etc/ldap/slapd.conf
- default slapd configuration file
- /etc/ldap/slapd.d
- default slapd configuration directory
ldap(3),
slapo-accesslog(5),
slapo-auditlog(5),
slapo-autoca(5),
slapo-chain(5),
slapo-collect(5),
slapo-constraint(5),
slapo-dds(5),
slapo-deref(5),
slapo-dyngroup(5),
slapo-dynlist(5),
slapo-memberof(5),
slapo-pbind(5),
slapo-pcache(5),
slapo-ppolicy(5),
slapo-refint(5),
slapo-remoteauth(5),
slapo-retcode(5),
slapo-rwm(5),
slapo-sssvlv(5),
slapo-syncprov(5),
slapo-translucent(5),
slapo-unique(5).
slapo-valsort(5).
slapd-config(5),
slapd.conf(5),
slapd.backends(5),
slapd(8). "OpenLDAP Administrator's Guide"
(
http://www.OpenLDAP.org/doc/admin/)
OpenLDAP Software is developed and maintained by The OpenLDAP Project
<
http://www.openldap.org/>.
OpenLDAP Software is derived from the
University of Michigan LDAP 3.3 Release.