(Category) (Category) OpenLDAP Faq-O-Matic : (Category) OpenLDAP Software FAQ : (Category) Configuration : (Category) SLAPD Configuration : (Category) Overlays
Overlays are software components that provide hooks to functions analogous to those provided by backends, which can be stacked on top of the backend calls and as callbacks on top of backend responses to alter their behavior. Essentially they represent a means to:
  • customize the behavior of existing backends without changing the backend code and without requiring one to write a new custom backend with complete functionality
  • write functionality of general usefulness that can be applied to different backend types

Overlays are usually documented by separate specific man pages in section 5; the naming convention is

        slapo-<overlay name>
Not all distributed overlays have a man page yet. Feel free to contribute one, if you think you well understood the behavior of the component and the implications of all the related configuration directives.

Official overlays are located in

That directory also contains the file slapover.txt, which describes the rationale of the overlay implementation, and may serve as guideline for the development of custom overlays.

Contribware overlays are located in

        contrib/slapd-modules/<overlay name>/
along with other types of run-time loadable components; they are officially distributed, but not maintained by the project.

Selected functionality of slapd is currently being re-engineered in form of overlays. The provider side of syncrepl, the database gluing, SLAPI and the DN rewriting/attribute mapping features are clear examples. The rationale behind this is to hide specific features from the base code, which becomes more streamlined, easy to maintain and efficient when those features are not used.

Overlays were introduced in OpenLDAP 2.2 by Howard Chu. Starting from OpenLDAP 2.3 they can be stacked on the frontend as well; this means that they can be executed after a request is parsed and validated, but right before the appropriate database is selected. The main purpose is to affect operations regardless of the database they will be handled by, and, in some cases, to influence the selection of the database by massaging the request DN.

Officially distributed overlays:
(Answer) Log accesses to the DSA: the "accesslog" overlay (OpenLDAP 2.3)
(Answer) Log all writes to a file: the "auditlog" overlay (OpenLDAP 2.2, 2.3)
(Answer) LDAP chaining: the "chain" overlay (OpenLDAP >= 2.2)
(Answer) Collective attributes: the "collect" overlay (OpenLDAP 2.3)
(Answer) Dynamic Directory Services: the "dds" overlay (OpenLDAP 2.4)
(Answer) Disabling operations: the "denyop" overlay (OpenLDAP 2.3) [obsoleted; now built-in into slapd]
(Answer) Compare on dynamic groups: the "dyngroup" overlay (OpenLDAP 2.2)
(Answer) Dynamic merging of entries: the "dynlist" overlay (OpenLDAP 2.2, 2.3)
(Answer) Subordinate database glueing: the "glue" overlay (OpenLDAP 2.3) [obsoleted; now built-in into slapd]
(Answer) Keep track of last modification: the "lastmod" overlay (OpenLDAP 2.3)
(Answer) Proxy caching: the "pcache" overlay (OpenLDAP 2.2)
(Answer) Implementing server-side password policy: the "ppolicy" overlay (OpenLDAP 2.3)
(Answer) Referential integrity: the "refint" overlay (OpenLDAP 2.3)
(Answer) Forcing server-side errors for client testing: the "retcode" overlay (OpenLDAP 2.3; works with 2.2)
(Answer) Rewrite/remap DNs, objectClasses, and attributeTypes: the "rwm" overlay (OpenLDAP 2.3)
(Answer) Serialize concurrent writes: the "seqmod" overlay (OpenLDAP 2.3)
(Answer) Content synchronization provisioning: the "syncprov" overlay (OpenLDAP 2.3)
(Answer) Local modifications to proxied data: the "translucent" overlay (OpenLDAP 2.3)
(Answer) Attribute value uniqueness across a subtree: the "unique" overlay (OpenLDAP 2.3)
(Answer) Keep values sorted: the "valsort" overlay (OpenLDAP 2.3)

Contribware overlays:
(Answer) Return all attributes including operational: the "allop" overlay (OpenLDAP 2.3)
(Answer) Syncing credentials with Samba & Heimdal krb5: the "smbk5pwd" overlay (OpenLDAP 2.3)

Unofficial overlays:
(Answer) Turn add into modify: the "addpartial" overlay (OpenLDAP 2.2.23)
(Answer) Logging modifications: the "changelog" overlay (OpenLDAP 2.2.27)
(Answer) Constraining attribute values: the "constraint" overlay (OpenLDAP 2.2.15)
(Answer) Dynamic URL expansion: the "expandURL" overlay (OpenLDAP 2.2.20)

Note on the above listed overlays:
  • official means that they are distributed with the source; as noted in the documentation and in the specific FAQ entries, many of the above overlays are experimental, or demonstrators of some capability and, as such, they're merely provided as examples to developers;
  • unofficial means that they are provided by third parties and, if they comply with the OpenLDAP license, they may be distributed as contributions; or, a link to their location may be provided, without any warranty, endorsement or recommendation.

[New Answer in "Overlays"]
Previous: (Category) Backends
Next: (Category) Replication
This document is: http://www.openldap.org/faq/index.cgi?file=1169
[Search] [Appearance] [Show This Entire Category]
This is a Faq-O-Matic 2.721.test.
© Copyright 1998-2013, OpenLDAP Foundation, info@OpenLDAP.org