# vim: ft=yaml.docker-compose
version: "3.8"

services:
  app:
    image: osixia/openldap:{{ services.openldap.version }}
    restart: unless-stopped
    tty: true
    stdin_open: true
    volumes:
      - "./var/lib/ldap:/var/lib/ldap"
      - "./etc/slapd.d:/etc/ldap/slapd.d"
      - "./certs:/container/service/slapd/assets/certs/"
    ports:
      - "389:389"
      - "636:636"
    hostname: "{{ services.openldap.domain }}"
    domainname: "{{ services.openldap.domain }}" # important: same as hostname
    environment:
      LDAP_LOG_LEVEL: "256"
      LDAP_ORGANISATION: "{{ base_domain }}"
      LDAP_DOMAIN: "{{ base_domain }}"
      LDAP_BASE_DN: ""
      LDAP_ADMIN_PASSWORD: "{{ ldap_admin_password }}"
      LDAP_CONFIG_PASSWORD: "{{ ldap_config_password }}"
      LDAP_READONLY_USER: false
      LDAP_RFC2307BIS_SCHEMA: false
      LDAP_BACKEND: mdb
      LDAP_TLS: true
      LDAP_TLS_CRT_FILENAME: ldap.crt
      LDAP_TLS_KEY_FILENAME: ldap.key
      LDAP_TLS_CA_CRT_FILENAME: ca.crt
      LDAP_TLS_ENFORCE: false
      LDAP_TLS_CIPHER_SUITE: SECURE256:-VERS-SSL3.0
      LDAP_TLS_PROTOCOL_MIN: "3.1"
      LDAP_TLS_VERIFY_CLIENT: demand
      LDAP_REPLICATION: false
      KEEP_EXISTING_CONFIG: false
      LDAP_REMOVE_CONFIG_AFTER_SETUP: true
      LDAP_SSL_HELPER_PREFIX: ldap

  admin:
    image: osixia/phpldapadmin:{{ services.openldap.phpldapadmin_version }}
    restart: unless-stopped
    networks:
      - default
      - external_services
    environment:
      PHPLDAPADMIN_LDAP_HOSTS: app
      PHPLDAPADMIN_HTTPS: false
      PHPLDAPADMIN_TRUST_PROXY_SSL: true
      VIRTUAL_HOST: "{{ services.openldap.domain }}"
      LETSENCRYPT_HOST: "{{ services.openldap.domain }}"
      LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"

networks:
  external_services:
    external: true