+{{slapd}}(8) is an LDAP directory server that runs on many different
+platforms. You can use it to provide a directory service of your
+very own. Your directory can contain pretty much anything you want
+to put in it. You can connect it to the global LDAP directory
+service, or run a service all by yourself. Some of slapd's more
+interesting features and capabilities include:
+
+{{B:LDAPv3}}: {{slapd}} implements version 3 of {{TERM[expand]LDAP}}.
+{{slapd}} supports LDAP over both IPv4 and IPv6.
+
+{{B:{{TERM[expand]SASL}}}}: {{slapd}} supports strong authentication
+services through the use of SASL. {{slapd}}'s SASL implementation
+utilizes {{PRD:Cyrus}} {{PRD:SASL}} software which supports a number
+of mechanisms including DIGEST-MD5, EXTERNAL, and GSSAPI.
+
+{{B:{{TERM[expand]TLS}}}}: {{slapd}} provides privacy and integrity
+protections through the use of TLS (or SSL). {{slapd}}'s TLS
+implementation utilizes {{PRD:OpenSSL}} software.
+
+{{B:Topology control}}: {{slapd}} allows one to restrict access to
+the server based upon network topology. This feature utilizes
+{{TCP wrappers}}.
+
+{{B:Access control}}: {{slapd}} provides a rich and powerful access
+control facility, allowing you to control access to the information
+in your database(s). You can control access to entries based on
+LDAP authorization information, {{TERM:IP}} address, domain name
+and other criteria. {{slapd}} supports both {{static}} and
+{{dynamic}} access control information.
+
+{{B:Internationalization}}: {{slapd}} supports Unicode and language
+tags.
+
+{{B:Choice of database backends}}: {{slapd}} comes with a variety
+of different database backends you can choose from. They include
+{{TERM:BDB}}, a high-performance transactional database backend;
+{{TERM:LDBM}}, a lightweight DBM based backend; {{SHELL}}, a backend
+interface to arbitrary shell scripts; and PASSWD, a simple backend
+interface to the {{passwd}}(5) file. BDB utilizes {{ORG:Sleepycat}}
+{{PRD:Berkeley DB}}. LDBM utilizes either {{PRD:Berkeley DB}} or
+{{PRD:GDBM}}.
+
+{{B:Multiple database instances}}: {{slapd}} can be configured to
+serve multiple databases at the same time. This means that a single
+{{slapd}} server can respond to requests for many logically different
+portions of the LDAP tree, using the same or different database
+backends.
+
+{{B:Generic modules API}}: If you require even more customization,
+{{slapd}} lets you write your own modules easily. {{slapd}} consists
+of two distinct parts: a front end that handles protocol communication
+with LDAP clients; and modules which handle specific tasks such as
+database operations. Because these two pieces communicate via a
+well-defined {{TERM:C}} {{TERM:API}}, you can write your own
+customized modules which extend {{slapd}} in numerous ways. Also,
+a number of {{programmable database}} modules are provided. These
+allow you to expose external data sources to {{slapd}} using popular
+programming languages ({{PRD:Perl}}, {{shell}}, {{PRD:SQL}}, and
+{{PRD:TCL}}).
+
+{{B:Threads}}: {{slapd}} is threaded for high performance. A single
+multi-threaded {{slapd}} process handles all incoming requests
+using a pool of threads. This reduces the amount of system overhead
+required while providing high performance.
+
+{{B:Replication}}: {{slapd}} can be configured to maintain replica
+copies of its database. This {{single-master/multiple-slave}}
+replication scheme is vital in high-volume environments where a
+single {{slapd}} just doesn't provide the necessary availability
+or reliability. {{slapd}} also includes experimental support for
+{{multi-master}} replication.
+
+{{B:Configuration}}: {{slapd}} is highly configurable through a
+single configuration file which allows you to change just about
+everything you'd ever want to change. Configuration options have
+reasonable defaults, making your job much easier.
+
+{{slapd}} also has its limitations, of course. The main BDB
+backend does not handle range queries or negation queries
+very well.