• customize the behavior of existing backends without changing the backend code and without requiring one to write a new custom backend with complete functionality
• write functionality of general usefulness that can be applied to different backend types

Overlays are usually documented by separate specific man pages in section 5; the naming convention is

        slapo-<overlay name>

Official overlays are located in

        servers/slapd/overlays/

Contribware overlays are located in

        contrib/slapd-modules/<overlay name>/

Selected functionality of slapd is currently being re-engineered in form of overlays. The provider side of syncrepl, the database gluing, SLAPI and the DN rewriting/attribute mapping features are clear examples. The rationale behind this is to hide specific features from the base code, which becomes more streamlined, easy to maintain and efficient when those features are not used.

Overlays were introduced in OpenLDAP 2.2 by Howard Chu. Starting from OpenLDAP 2.3 they can be stacked on the frontend as well; this means that they can be executed after a request is parsed and validated, but right before the appropriate database is selected. The main purpose is to affect operations regardless of the database they will be handled by, and, in some cases, to influence the selection of the database by massaging the request DN.

Log accesses to the DSA: the "accesslog" overlay (OpenLDAP 2.3)

Log all writes to a file: the "auditlog" overlay (OpenLDAP 2.2, 2.3)

LDAP chaining: the "chain" overlay (OpenLDAP >= 2.2)

Collective attributes: the "collect" overlay (OpenLDAP 2.3)

Dynamic Directory Services: the "dds" overlay (OpenLDAP 2.4)

Disabling operations: the "denyop" overlay (OpenLDAP 2.3)

Compare on dynamic groups: the "dyngroup" overlay (OpenLDAP 2.2)

Dynamic merging of entries: the "dynlist" overlay (OpenLDAP 2.2, 2.3)

Subordinate database glueing: the "glue" overlay (OpenLDAP 2.3)

Keep track of last modification: the "lastmod" overlay (OpenLDAP 2.3)

Proxy caching: the "pcache" overlay (OpenLDAP 2.2)

Implementing server-side password policy: the "ppolicy" overlay (OpenLDAP 2.3)

Referential integrity: the "refint" overlay (OpenLDAP 2.3)

Forcing server-side errors for client testing: the "retcode" overlay (OpenLDAP 2.3; works with 2.2)

Rewrite/remap DNs, objectClasses, and attributeTypes: the "rwm" overlay (OpenLDAP 2.3)

Serialize concurrent writes: the "seqmod" overlay (OpenLDAP 2.3)

Content synchronization provisioning: the "syncprov" overlay (OpenLDAP 2.3)

Local modifications to proxied data: the "translucent" overlay (OpenLDAP 2.3)

Attribute value uniqueness across a subtree: the "unique" overlay (OpenLDAP 2.3)

Keep values sorted: the "valsort" overlay (OpenLDAP 2.3)

Contribware overlays:
Return all attributes including operational: the "allop" overlay (OpenLDAP 2.3)
Syncing credentials with Samba & Heimdal krb5: the "smbk5pwd" overlay (OpenLDAP 2.3)

Unofficial overlays:
Turn add into modify: the "addpartial" overlay (OpenLDAP 2.2.23)
Logging modifications: the "changelog" overlay (OpenLDAP 2.2.27)
Constraining attribute values: the "constraint" overlay (OpenLDAP 2.2.15)
Dynamic URL expansion: the "expandURL" overlay (OpenLDAP 2.2.20)

• official means that they are distributed with the source; as noted in the documentation and in the specific FAQ entries, many of the above overlays are experimental, or demonstrators of some capability and, as such, they're merely provided as examples to developers;
• unofficial means that they are provided by third parties and, if they comply with the OpenLDAP license, they may be distributed as contributions; or, a link to their location may be provided, without any warranty, endorsement or recommendation.