services:
  ldap:
    image: osixia/openldap:latest
    container_name: ldap
    environment:
      - LDAP_ORGANISATION=Uni Bremen
      - LDAP_DOMAIN=smime.uni-bremen.de
      - LDAP_BASE_DN=dc=smime,dc=uni-bremen,dc=de
      - LDAP_ADMIN_PASSWORD=${root_password}
      - LDAP_TLS_CRT_FILENAME=ca.pem
      - LDAP_TLS_KEY_FILENAME=key.pem
      - LDAP_TLS_CA_CRT_FILENAME=ca.pem
      - LDAP_TLS_DH_PARAM_FILE=dhparam.pem
      - LDAP_TLS_VERIFY_CLIENT=try
      - LDAP_TLS_CIPHER_SUITE=SECURE256:-VERS-SSL3.0
      - LDAP_TLS_PROTOCOL_MIN=3.1
      - LDAP_TLS=true
      - LDAP_FORCE_DOMAIN_ALLOW_MISMATCH=true
    ports:
      - "389:389"
      - "636:636"
    volumes:
      - ./certs:/container/service/slapd/assets/certs:z
      - ./ldap_data:/var/lib/ldap
      - ./ldap_config:/etc/ldap/slapd.d
      - ./acl:/acl
    command: --copy-service
    restart: always