What is chaining? It indicates the capability of a DSA to follow referrals on behalf of the client, so that distributed systems are viewed as a single virtual DSA by clients that are otherwise unable to "chase" (i.e. follow) referrals by themselves.

The chain overlay has significantly improved from OpenLDAP 2.2 to 2.3; the 2.3 version:

• chains the URI contained in the referral instead of a fixed URI;
• can use the identity assertion capability associated with known URIs;
• supports the chainingBehavior control (draft-sermersheim-ldap-chaining);
• can be used as global, thus allowing to chain the updateref returned by shadow databases, resulting in trasparent writes to slaves (either slurpd or syncrepl); note that writes to shadow databases actually get chained to the master on behalf of the client, and the result of the write operation that is sent back to the client represents the response of the master to that operation. Based on the replication policy and on replication processing time constraints, the modification may not immediately appear on the shadow DSA despite a successful result being returned to the client.

The chain overlay is built on top of the ldap backend; it is compiled by default when --enable-ldap.