slapd.overlays.5 5.78 KB
Newer Older
1
.TH SLAPD.OVERLAYS 5 "RELEASEDATE" "OpenLDAP LDVERSION"
Quanah Gibson-Mount's avatar
Quanah Gibson-Mount committed
2
.\" Copyright 2006-2021 The OpenLDAP Foundation All Rights Reserved.
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.\" $OpenLDAP$
.SH NAME
slapd.overlays \- overlays for slapd, the stand-alone LDAP daemon
.SH DESCRIPTION
The
.BR slapd (8)
daemon can use a variety of different overlays to alter or extend
the normal behavior of a database backend.
Overlays may be compiled statically into slapd, or when module support
is enabled, they may be dynamically loaded. Most of the overlays
are only allowed to be configured on individual databases, but some
may also be configured globally.

Configuration options for each overlay are documented separately in the
corresponding
Howard Chu's avatar
Howard Chu committed
19
.BR slapo\-<overlay> (5)
20
21
22
23
24
25
26
27
28
29
30
31
32
manual pages.
.TP
.B accesslog
Access Logging.
This overlay can record accesses to a given backend database on another
database.
.TP
.B auditlog
Audit Logging.
This overlay records changes on a given backend database to an LDIF log
file.
By default it is not built.
.TP
33
34
35
36
37
38
.B autoca
Automatic Certificate Authority overlay.
This overlay can generate X.509 certificate/key pairs for
entries in the directory if slapd is linked to OpenSSL.
By default it is not built.
.TP
39
40
41
42
43
44
.B chain
Chaining.
This overlay allows automatic referral chasing when a referral would
have been returned, either when configured by the server or when 
requested by the client.
.TP
Emily Backes's avatar
Emily Backes committed
45
46
47
48
49
50
.B collect
Collective Attributes.
This overlay implements RFC 3671 collective attributes; these
attributes share common values over all the members of the collection
as inherited from an ancestor entry.
.TP
Howard Chu's avatar
Howard Chu committed
51
52
53
.B constraint
Constraint.
This overlay enforces a regular expression constraint on all values
Howard Chu's avatar
Howard Chu committed
54
of specified attributes. It is used to enforce a more rigorous
Howard Chu's avatar
Howard Chu committed
55
56
57
58
59
60
61
syntax when the underlying attribute syntax is too general.
.TP
.B dds
Dynamic Directory Services.
This overlay supports dynamic objects, which have a limited life after
which they expire and are automatically deleted.
.TP
62
63
64
65
66
.B deref
Dereference Control.
This overlay implements the draft Dereference control. The overlay can be
used with any backend or globally for all backends.
.TP
67
68
69
70
71
72
73
74
75
76
.B dyngroup
Dynamic Group.
This is a demo overlay which extends the Compare operation to detect
members of a dynamic group.
It has no effect on any other operations.
.TP
.B dynlist
Dynamic List.
This overlay allows expansion of dynamic groups and more.
.TP
77
78
79
80
81
.B homedir
Home Directory Provisioning.
This overlay manages creation/deletion of home directories for LDAP-based
Unix accounts.
.TP
Emily Backes's avatar
Emily Backes committed
82
83
84
.B memberof
MemberOf.
This overlay maintains automatic reverse group membership values,
85
86
typically stored in an attribute called memberOf. This overlay
is deprecated and should be replaced with dynlist.
Emily Backes's avatar
Emily Backes committed
87
.TP
88
89
90
91
92
93
.B otp_2fa
Two factor authentication module.
This module allows time-based one-time password, AKA "authenticator-style",
and HMAC-based one-time password authentication to be used in applications
that use LDAP for authentication.
.TP
Emily Backes's avatar
Emily Backes committed
94
95
96
97
98
.B pbind
Proxybind.
This overlay forwards simple bind requests on a local database to a
remote LDAP server.
.TP
99
100
101
102
.B pcache
Proxycache.
This overlay allows caching of LDAP search requests in a local database.
It is most often used with the
Howard Chu's avatar
Howard Chu committed
103
.BR slapd\-ldap (5)
104
or
Howard Chu's avatar
Howard Chu committed
105
.BR slapd\-meta (5)
106
107
108
109
110
111
112
113
114
115
116
backends.
.TP
.B ppolicy
Password Policy.
This overlay provides a variety of password control mechanisms,
e.g. password aging, password reuse and duplication control, mandatory
password resets, etc.
.TP
.B refint
Referential Integrity.
This overlay can be used with a backend database such as
117
.BR slapd\-mdb (5)
118
119
120
to maintain the cohesiveness of a schema which utilizes reference
attributes.
.TP
121
122
123
124
.B remoteauth
Remote Authentication.
This overlay delegates authentication requests to remote directories.
.TP
125
126
127
128
129
130
131
132
133
134
135
.B retcode
Return Code.
This overlay is useful to test the behavior of clients when
server-generated erroneous and/or unusual responses occur.
.TP
.B rwm
Rewrite/remap.
This overlay is experimental.
It performs basic DN/data rewrite and
objectClass/attributeType mapping.
.TP
Emily Backes's avatar
Emily Backes committed
136
137
138
139
140
141
.B sssvlv
Server Side Sorting and Virtual List Views.
This overlay implements the RFC2891 server-side sorting control and
virtual list view controls, and replaces the RFC2696 paged-results
implementation to ensure it works with the sorting technique.
.TP
142
143
144
145
146
147
148
149
150
.B syncprov
Syncrepl Provider.
This overlay implements the provider-side support for
.B syncrepl
replication, including persistent search functionality.
.TP
.B translucent
Translucent Proxy.
This overlay can be used with a backend database such as
151
.BR slapd\-mdb (5)
152
153
154
155
156
157
158
to create a "translucent proxy".
Content of entries retrieved from a remote LDAP server can be partially
overridden by the database.
.TP
.B unique
Attribute Uniqueness.
This overlay can be used with a backend database such as
159
.BR slapd\-mdb (5)
160
to enforce the uniqueness of some or all attributes within a subtree.
Howard Chu's avatar
Howard Chu committed
161
162
163
164
165
.TP
.B valsort
Value Sorting.
This overlay can be used to enforce a specific order for the values
of an attribute when it is returned in a search.
166
167
168
169
170
171
172
173
174
175
176
.SH FILES
.TP
ETCDIR/slapd.conf
default slapd configuration file
.TP
ETCDIR/slapd.d
default slapd configuration directory
.SH SEE ALSO
.BR ldap (3),
.BR slapo\-accesslog (5),
.BR slapo\-auditlog (5),
177
.BR slapo\-autoca (5),
178
.BR slapo\-chain (5),
Emily Backes's avatar
Emily Backes committed
179
.BR slapo\-collect (5),
Howard Chu's avatar
Howard Chu committed
180
181
.BR slapo\-constraint (5),
.BR slapo\-dds (5),
182
.BR slapo\-deref (5),
Howard Chu's avatar
Howard Chu committed
183
.BR slapo\-dyngroup (5),
184
.BR slapo\-dynlist (5),
Emily Backes's avatar
Emily Backes committed
185
186
.BR slapo\-memberof (5),
.BR slapo\-pbind (5),
187
188
189
.BR slapo\-pcache (5),
.BR slapo\-ppolicy (5),
.BR slapo\-refint (5),
190
.BR slapo\-remoteauth (5),
191
192
.BR slapo\-retcode (5),
.BR slapo\-rwm (5),
Emily Backes's avatar
Emily Backes committed
193
.BR slapo\-sssvlv (5),
194
195
196
.BR slapo\-syncprov (5),
.BR slapo\-translucent (5),
.BR slapo\-unique (5).
Howard Chu's avatar
Howard Chu committed
197
.BR slapo\-valsort (5).
198
199
200
201
202
203
.BR slapd\-config (5),
.BR slapd.conf (5),
.BR slapd.backends (5),
.BR slapd (8).
"OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)
.SH ACKNOWLEDGEMENTS
Kurt Zeilenga's avatar
Kurt Zeilenga committed
204
.so ../Project