diff --git a/14.0/unit/Dockerfile b/14.0/unit/Dockerfile
index 7a407b7..a13c751 100644
--- a/14.0/unit/Dockerfile
+++ b/14.0/unit/Dockerfile
@@ -196,27 +196,28 @@ RUN \
 	}
 
 ENV LDAP_ENABLE=false
+ENV LDAP_CONFIG_ID=s01
 ENV LDAP_HOST=
 ENV LDAP_PORT=389
 ENV LDAP_BACKUP_HOST=
 ENV LDAP_BACKUP_PORT=389
-ENV LDAP_DN=
+ENV LDAP_AGENT_NAME=
 ENV LDAP_AGENT_PASSWORD=
 ENV LDAP_BASE=
 ENV LDAP_BASE_USERS=
 ENV LDAP_BASE_GROUPS=
 # space-separated objectclass values
-ENV LDAP_USERFILTER_OBJECTCLASS=inetOrgPerson
-ENV LDAP_USERLIST_FILTER=
+ENV LDAP_USER_FILTER_OBJECTCLASS=inetOrgPerson
+ENV LDAP_USER_FILTER=
 ENV LDAP_LOGIN_FILTER=
-ENV LDAP_GROUPFILTER_OBJECTCLASS=organizationalRole
+ENV LDAP_GROUP_FILTER_OBJECTCLASS=organizationalRole
 ENV LDAP_GROUP_FILTER=
 ENV LDAP_GID_NUMBER=gidNumber
-ENV LDAP_DISPLAY_NAME=cn
+ENV LDAP_USER_DISPLAY_NAME=cn
 ENV LDAP_USER_DISPLAY_NAME_2=
 ENV LDAP_GROUP_DISPLAY_NAME=cn
-ENV LDAP_EMAIL_ATTR=mail
-ENV LDAP_GROUP_MEMBER_ASSOC_ATTRIBUTE=memberUid
+ENV LDAP_EMAIL_ATTRIBUTE=mail
+ENV LDAP_GROUP_MEMBER_ASSOC_ATTR=memberUid
 
 EXPOSE 9000 9001 9002 9003 9010 9011 9012 9013
 ENTRYPOINT ["/entrypoint.sh"]
diff --git a/14.0/unit/ldap_setup.sh b/14.0/unit/ldap_setup.sh
index 980be92..7af85e5 100755
--- a/14.0/unit/ldap_setup.sh
+++ b/14.0/unit/ldap_setup.sh
@@ -12,94 +12,103 @@ PREV_DIR=${PWD}
 cd /var/www/html
 php occ app:enable user_ldap
 
+LDAP_CONFIG_ID=${LDAP_CONFIG_ID:-s01}
+
+[[ "$(php occ ldap:create-empty-config --only-print-prefix)" > "${LDAP_CONFIG_ID}" ]] || {
+    # config does not yet exist, create it
+    php occ ldap:create-empty-config
+}
+
 [[ -z ${LDAP_HOST} ]] || {
-    php occ config:app:set user_ldap s01ldap_host --value ${LDAP_HOST}
-    php occ config:app:set user_ldap s01ldap_port --value ${LDAP_PORT:-389}
+    php occ ldap:set-config ${LDAP_CONFIG_ID} ldapHost ${LDAP_HOST}
+    php occ ldap:set-config ${LDAP_CONFIG_ID} ldapPort ${LDAP_PORT:-389}
 }
 [[ -z ${LDAP_BACKUP_HOST} ]] || {
-    php occ config:app:set user_ldap s01ldap_backup_host --value ${LDAP_BACKUP_HOST}
-    php occ config:app:set user_ldap s01ldap_backup_port --value ${LDAP_BACKUP_PORT:-389}
+    php occ ldap:set-config ${LDAP_CONFIG_ID} ldapBackupHost ${LDAP_BACKUP_HOST}
+    php occ ldap:set-config ${LDAP_CONFIG_ID} ldapBackupPort ${LDAP_BACKUP_PORT:-389}
 }
 
 # credentials for accessing LDAP directory
-[[ -z ${LDAP_DN} ]] || {
-    php occ config:app:set user_ldap s01ldap_dn --value ${LDAP_DN}
+[[ -z ${LDAP_AGENT_NAME} ]] || {
+    php occ ldap:set-config ${LDAP_CONFIG_ID} ldapAgentName ${LDAP_AGENT_NAME}
 }
 [[ -z ${LDAP_AGENT_PASSWORD} ]] || {
-    php occ config:app:set user_ldap s01ldap_agent_password --value ${LDAP_AGENT_PASSWORD}
+    php occ ldap:set-config ${LDAP_CONFIG_ID} ldapAgentPassword ${LDAP_AGENT_PASSWORD}
 }
 
 # search base
 [[ -z ${LDAP_BASE} ]] || {
-    php occ config:app:set user_ldap s01ldap_base --value ${LDAP_BASE}
-    php occ config:app:set user_ldap s01ldap_base_users --value ${LDAP_BASE_USERS:-ou=People,${LDAP_BASE}}
-    php occ config:app:set user_ldap s01ldap_base_groups --value ${LDAP_BASE_GROUPS:-ou=Group,${LDAP_BASE}}
+    php occ ldap:set-config ${LDAP_CONFIG_ID} ldapBase ${LDAP_BASE}
+    php occ ldap:set-config ${LDAP_CONFIG_ID} ldapBaseUsers ${LDAP_BASE_USERS:-ou=People,${LDAP_BASE}}
+    php occ ldap:set-config ${LDAP_CONFIG_ID} ldapBaseGroups ${LDAP_BASE_GROUPS:-ou=Group,${LDAP_BASE}}
 }
 
-LDAP_USERFILTER_OBJECTCLASS=${LDAP_USERFILTER_OBJECTCLASS:-inetOrgPerson}
-php occ config:app:set user_ldap s01ldap_userfilter_objectclass --value "$(echo ${LDAP_USERFILTER_OBJECTCLASS} | tr ' ' '\n')"
+LDAP_USER_FILTER_OBJECTCLASS=${LDAP_USER_FILTER_OBJECTCLASS:-inetOrgPerson}
+php occ ldap:set-config ${LDAP_CONFIG_ID} ldapUserFilterObjectclass "$(echo ${LDAP_USER_FILTER_OBJECTCLASS} | tr ' ' '\n')"
 
-DEFAULT_FILTER="(|(objectclass=${LDAP_USERFILTER_OBJECTCLASS// /)(objectclass=}))"
-LDAP_USERLIST_FILTER="${LDAP_USERLIST_FILTER:-${DEFAULT_FILTER}}"
-php occ config:app:set user_ldap s01ldap_userlist_filter --value "${LDAP_USERLIST_FILTER}"
+DEFAULT_FILTER="(|(objectclass=${LDAP_USER_FILTER_OBJECTCLASS// /)(objectclass=}))"
+LDAP_USER_FILTER="${LDAP_USER_FILTER:-${DEFAULT_FILTER}}"
+php occ ldap:set-config ${LDAP_CONFIG_ID} ldapUserFilter "${LDAP_USER_FILTER}"
 
-# ldap_user_filter_mode|0
-# ldap_userfilter_groups|
+# | ldapUserFilterGroups          |             |
+# | ldapUserFilterMode            | 0           |
 
 DEFAULT_LOGIN_FILTER="(&${DEFAULT_FILTER}(uid=%uid))"
-php occ config:app:set user_ldap s01ldap_login_filter --value "${LDAP_LOGIN_FILTER:-${DEFAULT_LOGIN_FILTER}}"
+php occ ldap:set-config ${LDAP_CONFIG_ID} ldapLoginFilter "${LDAP_LOGIN_FILTER:-${DEFAULT_LOGIN_FILTER}}"
 
-# ldap_login_filter_mode|0
-# ldap_loginfilter_email|0
-# ldap_loginfilter_username|1
-# ldap_loginfilter_attributes|
+# | ldapLoginFilterAttributes     |             |
+# | ldapLoginFilterEmail          | 0           |
+# | ldapLoginFilterMode           | 0           |
+# | ldapLoginFilterUsername       | 1           |
 
-LDAP_GROUPFILTER_OBJECTCLASS=${LDAP_GROUPFILTER_OBJECTCLASS:-organizationalRole}
-php occ config:app:set user_ldap s01ldap_groupfilter_objectclass --value "$(echo ${LDAP_GROUPFILTER_OBJECTCLASS} | tr ' ' '\n')"
+LDAP_GROUP_FILTER_OBJECTCLASS=${LDAP_GROUP_FILTER_OBJECTCLASS:-organizationalRole}
+php occ ldap:set-config ${LDAP_CONFIG_ID} ldapGroupFilterObjectclass "$(echo ${LDAP_GROUP_FILTER_OBJECTCLASS} | tr ' ' '\n')"
 
-DEFAULT_GFILTER="(|(objectclass=${LDAP_GROUPFILTER_OBJECTCLASS// /)(objectclass=}))"
+DEFAULT_GFILTER="(|(objectclass=${LDAP_GROUP_FILTER_OBJECTCLASS// /)(objectclass=}))"
 LDAP_GROUP_FILTER="${LDAP_GROUP_FILTER:-${DEFAULT_GFILTER}}"
-php occ config:app:set user_ldap s01ldap_group_filter --value "${LDAP_GROUP_FILTER}"
+php occ ldap:set-config ${LDAP_CONFIG_ID} ldapGroupFilter "${LDAP_GROUP_FILTER}"
 
-# ldap_group_filter_mode|0
-# ldap_groupfilter_groups|
+# | ldapGroupFilterGroups         |             |
+# | ldapGroupFilterMode           | 0           |
 
-php occ config:app:set user_ldap s01ldap_gid_number --value "${LDAP_GID_NUMBER:-gidNumber}"
+php occ ldap:set-config ${LDAP_CONFIG_ID} ldapGidNumber "${LDAP_GID_NUMBER:-gidNumber}"
 
-php occ config:app:set user_ldap s01ldap_display_name --value "${LDAP_DISPLAY_NAME:-cn}"
+php occ ldap:set-config ${LDAP_CONFIG_ID} ldapUserDisplayName "${LDAP_USER_DISPLAY_NAME:-cn}"
 [[ -z ${LDAP_USER_DISPLAY_NAME_2} ]] || {
-    php occ config:app:set user_ldap s01ldap_user_display_name_2 --value "${LDAP_USER_DISPLAY_NAME_2}"
+    php occ ldap:set-config ${LDAP_CONFIG_ID} ldapUserDisplayName2 "${LDAP_USER_DISPLAY_NAME_2}"
 }
-php occ config:app:set user_ldap s01ldap_group_display_name --value "${LDAP_GROUP_DISPLAY_NAME:-cn}"
+php occ ldap:set-config ${LDAP_CONFIG_ID} ldapGroupDisplayName "${LDAP_GROUP_DISPLAY_NAME:-cn}"
 
-# ldap_tls|0
-# ldap_quota_def|
-# ldap_quota_attr|
+# | ldapTLS                       | 0           |
+# | ldapQuotaAttribute            |             |
+# | ldapQuotaDefault              |             |
 
-php occ config:app:set user_ldap s01ldap_email_attr --value "${LDAP_EMAIL_ATTR:-mail}"
-php occ config:app:set user_ldap s01ldap_group_member_assoc_attribute --value "${LDAP_GROUP_MEMBER_ASSOC_ATTRIBUTE:-memberUid}"
+php occ ldap:set-config ${LDAP_CONFIG_ID} ldapEmailAttribute "${LDAP_EMAIL_ATTRIBUTE:-mail}"
+php occ ldap:set-config ${LDAP_CONFIG_ID} ldapGroupMemberAssocAttr "${LDAP_GROUP_MEMBER_ASSOC_ATTR:-memberUid}"
 
-# ldap_cache_ttl|600
-
-# home_folder_naming_rule|
-# ldap_turn_off_cert_check|0
-# ldap_attributes_for_user_search|
-# ldap_attributes_for_group_search|
-# ldap_expert_username_attr|
-# ldap_expert_uuid_user_attr|
-# ldap_expert_uuid_group_attr|
-# has_memberof_filter_support|0
-# use_memberof_to_detect_membership|1
-
-# last_jpegPhoto_lookup|0
-# ldap_nested_groups|0
-# ldap_paging_size|500
-# ldap_turn_on_pwd_change|0
-# ldap_experienced_admin|0
-# ldap_dynamic_group_member_url|
-# ldap_default_ppolicy_dn|
-# ldap_user_avatar_rule|default
-# ldap_ext_storage_home_attribute|
-# _lastChange|1570896933
+# | hasMemberOfFilterSupport      | 0           |
+# | homeFolderNamingRule          |             |
+# | lastJpegPhotoLookup           | 0           |
+# | ldapAttributesForGroupSearch  |             |
+# | ldapAttributesForUserSearch   |             |
+# | ldapCacheTTL                  | 600         |
+# | ldapConfigurationActive       | 0           |
+# | ldapDefaultPPolicyDN          |             |
+# | ldapDynamicGroupMemberURL     |             |
+# | ldapExperiencedAdmin          | 0           |
+# | ldapExpertUUIDGroupAttr       |             |
+# | ldapExpertUUIDUserAttr        |             |
+# | ldapExpertUsernameAttr        |             |
+# | ldapExtStorageHomeAttribute   |             |
+# | ldapIgnoreNamingRules         |             |
+# | ldapNestedGroups              | 0           |
+# | ldapOverrideMainServer        |             |
+# | ldapPagingSize                | 500         |
+# | ldapUserAvatarRule            | default     |
+# | ldapUuidGroupAttribute        | auto        |
+# | ldapUuidUserAttribute         | auto        |
+# | turnOffCertCheck              | 0           |
+# | turnOnPasswordChange          | 0           |
+# | useMemberOfToDetectMembership | 1           |
 
 cd ${PREV_DIR}
diff --git a/15.0/unit/Dockerfile b/15.0/unit/Dockerfile
index bb31b32..b2f55dc 100644
--- a/15.0/unit/Dockerfile
+++ b/15.0/unit/Dockerfile
@@ -196,27 +196,28 @@ RUN \
 	}
 
 ENV LDAP_ENABLE=false
+ENV LDAP_CONFIG_ID=s01
 ENV LDAP_HOST=
 ENV LDAP_PORT=389
 ENV LDAP_BACKUP_HOST=
 ENV LDAP_BACKUP_PORT=389
-ENV LDAP_DN=
+ENV LDAP_AGENT_NAME=
 ENV LDAP_AGENT_PASSWORD=
 ENV LDAP_BASE=
 ENV LDAP_BASE_USERS=
 ENV LDAP_BASE_GROUPS=
 # space-separated objectclass values
-ENV LDAP_USERFILTER_OBJECTCLASS=inetOrgPerson
-ENV LDAP_USERLIST_FILTER=
+ENV LDAP_USER_FILTER_OBJECTCLASS=inetOrgPerson
+ENV LDAP_USER_FILTER=
 ENV LDAP_LOGIN_FILTER=
-ENV LDAP_GROUPFILTER_OBJECTCLASS=organizationalRole
+ENV LDAP_GROUP_FILTER_OBJECTCLASS=organizationalRole
 ENV LDAP_GROUP_FILTER=
 ENV LDAP_GID_NUMBER=gidNumber
-ENV LDAP_DISPLAY_NAME=cn
+ENV LDAP_USER_DISPLAY_NAME=cn
 ENV LDAP_USER_DISPLAY_NAME_2=
 ENV LDAP_GROUP_DISPLAY_NAME=cn
-ENV LDAP_EMAIL_ATTR=mail
-ENV LDAP_GROUP_MEMBER_ASSOC_ATTRIBUTE=memberUid
+ENV LDAP_EMAIL_ATTRIBUTE=mail
+ENV LDAP_GROUP_MEMBER_ASSOC_ATTR=memberUid
 
 EXPOSE 9000 9001 9002 9003 9010 9011 9012 9013
 ENTRYPOINT ["/entrypoint.sh"]
diff --git a/15.0/unit/ldap_setup.sh b/15.0/unit/ldap_setup.sh
index 980be92..7af85e5 100755
--- a/15.0/unit/ldap_setup.sh
+++ b/15.0/unit/ldap_setup.sh
@@ -12,94 +12,103 @@ PREV_DIR=${PWD}
 cd /var/www/html
 php occ app:enable user_ldap
 
+LDAP_CONFIG_ID=${LDAP_CONFIG_ID:-s01}
+
+[[ "$(php occ ldap:create-empty-config --only-print-prefix)" > "${LDAP_CONFIG_ID}" ]] || {
+    # config does not yet exist, create it
+    php occ ldap:create-empty-config
+}
+
 [[ -z ${LDAP_HOST} ]] || {
-    php occ config:app:set user_ldap s01ldap_host --value ${LDAP_HOST}
-    php occ config:app:set user_ldap s01ldap_port --value ${LDAP_PORT:-389}
+    php occ ldap:set-config ${LDAP_CONFIG_ID} ldapHost ${LDAP_HOST}
+    php occ ldap:set-config ${LDAP_CONFIG_ID} ldapPort ${LDAP_PORT:-389}
 }
 [[ -z ${LDAP_BACKUP_HOST} ]] || {
-    php occ config:app:set user_ldap s01ldap_backup_host --value ${LDAP_BACKUP_HOST}
-    php occ config:app:set user_ldap s01ldap_backup_port --value ${LDAP_BACKUP_PORT:-389}
+    php occ ldap:set-config ${LDAP_CONFIG_ID} ldapBackupHost ${LDAP_BACKUP_HOST}
+    php occ ldap:set-config ${LDAP_CONFIG_ID} ldapBackupPort ${LDAP_BACKUP_PORT:-389}
 }
 
 # credentials for accessing LDAP directory
-[[ -z ${LDAP_DN} ]] || {
-    php occ config:app:set user_ldap s01ldap_dn --value ${LDAP_DN}
+[[ -z ${LDAP_AGENT_NAME} ]] || {
+    php occ ldap:set-config ${LDAP_CONFIG_ID} ldapAgentName ${LDAP_AGENT_NAME}
 }
 [[ -z ${LDAP_AGENT_PASSWORD} ]] || {
-    php occ config:app:set user_ldap s01ldap_agent_password --value ${LDAP_AGENT_PASSWORD}
+    php occ ldap:set-config ${LDAP_CONFIG_ID} ldapAgentPassword ${LDAP_AGENT_PASSWORD}
 }
 
 # search base
 [[ -z ${LDAP_BASE} ]] || {
-    php occ config:app:set user_ldap s01ldap_base --value ${LDAP_BASE}
-    php occ config:app:set user_ldap s01ldap_base_users --value ${LDAP_BASE_USERS:-ou=People,${LDAP_BASE}}
-    php occ config:app:set user_ldap s01ldap_base_groups --value ${LDAP_BASE_GROUPS:-ou=Group,${LDAP_BASE}}
+    php occ ldap:set-config ${LDAP_CONFIG_ID} ldapBase ${LDAP_BASE}
+    php occ ldap:set-config ${LDAP_CONFIG_ID} ldapBaseUsers ${LDAP_BASE_USERS:-ou=People,${LDAP_BASE}}
+    php occ ldap:set-config ${LDAP_CONFIG_ID} ldapBaseGroups ${LDAP_BASE_GROUPS:-ou=Group,${LDAP_BASE}}
 }
 
-LDAP_USERFILTER_OBJECTCLASS=${LDAP_USERFILTER_OBJECTCLASS:-inetOrgPerson}
-php occ config:app:set user_ldap s01ldap_userfilter_objectclass --value "$(echo ${LDAP_USERFILTER_OBJECTCLASS} | tr ' ' '\n')"
+LDAP_USER_FILTER_OBJECTCLASS=${LDAP_USER_FILTER_OBJECTCLASS:-inetOrgPerson}
+php occ ldap:set-config ${LDAP_CONFIG_ID} ldapUserFilterObjectclass "$(echo ${LDAP_USER_FILTER_OBJECTCLASS} | tr ' ' '\n')"
 
-DEFAULT_FILTER="(|(objectclass=${LDAP_USERFILTER_OBJECTCLASS// /)(objectclass=}))"
-LDAP_USERLIST_FILTER="${LDAP_USERLIST_FILTER:-${DEFAULT_FILTER}}"
-php occ config:app:set user_ldap s01ldap_userlist_filter --value "${LDAP_USERLIST_FILTER}"
+DEFAULT_FILTER="(|(objectclass=${LDAP_USER_FILTER_OBJECTCLASS// /)(objectclass=}))"
+LDAP_USER_FILTER="${LDAP_USER_FILTER:-${DEFAULT_FILTER}}"
+php occ ldap:set-config ${LDAP_CONFIG_ID} ldapUserFilter "${LDAP_USER_FILTER}"
 
-# ldap_user_filter_mode|0
-# ldap_userfilter_groups|
+# | ldapUserFilterGroups          |             |
+# | ldapUserFilterMode            | 0           |
 
 DEFAULT_LOGIN_FILTER="(&${DEFAULT_FILTER}(uid=%uid))"
-php occ config:app:set user_ldap s01ldap_login_filter --value "${LDAP_LOGIN_FILTER:-${DEFAULT_LOGIN_FILTER}}"
+php occ ldap:set-config ${LDAP_CONFIG_ID} ldapLoginFilter "${LDAP_LOGIN_FILTER:-${DEFAULT_LOGIN_FILTER}}"
 
-# ldap_login_filter_mode|0
-# ldap_loginfilter_email|0
-# ldap_loginfilter_username|1
-# ldap_loginfilter_attributes|
+# | ldapLoginFilterAttributes     |             |
+# | ldapLoginFilterEmail          | 0           |
+# | ldapLoginFilterMode           | 0           |
+# | ldapLoginFilterUsername       | 1           |
 
-LDAP_GROUPFILTER_OBJECTCLASS=${LDAP_GROUPFILTER_OBJECTCLASS:-organizationalRole}
-php occ config:app:set user_ldap s01ldap_groupfilter_objectclass --value "$(echo ${LDAP_GROUPFILTER_OBJECTCLASS} | tr ' ' '\n')"
+LDAP_GROUP_FILTER_OBJECTCLASS=${LDAP_GROUP_FILTER_OBJECTCLASS:-organizationalRole}
+php occ ldap:set-config ${LDAP_CONFIG_ID} ldapGroupFilterObjectclass "$(echo ${LDAP_GROUP_FILTER_OBJECTCLASS} | tr ' ' '\n')"
 
-DEFAULT_GFILTER="(|(objectclass=${LDAP_GROUPFILTER_OBJECTCLASS// /)(objectclass=}))"
+DEFAULT_GFILTER="(|(objectclass=${LDAP_GROUP_FILTER_OBJECTCLASS// /)(objectclass=}))"
 LDAP_GROUP_FILTER="${LDAP_GROUP_FILTER:-${DEFAULT_GFILTER}}"
-php occ config:app:set user_ldap s01ldap_group_filter --value "${LDAP_GROUP_FILTER}"
+php occ ldap:set-config ${LDAP_CONFIG_ID} ldapGroupFilter "${LDAP_GROUP_FILTER}"
 
-# ldap_group_filter_mode|0
-# ldap_groupfilter_groups|
+# | ldapGroupFilterGroups         |             |
+# | ldapGroupFilterMode           | 0           |
 
-php occ config:app:set user_ldap s01ldap_gid_number --value "${LDAP_GID_NUMBER:-gidNumber}"
+php occ ldap:set-config ${LDAP_CONFIG_ID} ldapGidNumber "${LDAP_GID_NUMBER:-gidNumber}"
 
-php occ config:app:set user_ldap s01ldap_display_name --value "${LDAP_DISPLAY_NAME:-cn}"
+php occ ldap:set-config ${LDAP_CONFIG_ID} ldapUserDisplayName "${LDAP_USER_DISPLAY_NAME:-cn}"
 [[ -z ${LDAP_USER_DISPLAY_NAME_2} ]] || {
-    php occ config:app:set user_ldap s01ldap_user_display_name_2 --value "${LDAP_USER_DISPLAY_NAME_2}"
+    php occ ldap:set-config ${LDAP_CONFIG_ID} ldapUserDisplayName2 "${LDAP_USER_DISPLAY_NAME_2}"
 }
-php occ config:app:set user_ldap s01ldap_group_display_name --value "${LDAP_GROUP_DISPLAY_NAME:-cn}"
+php occ ldap:set-config ${LDAP_CONFIG_ID} ldapGroupDisplayName "${LDAP_GROUP_DISPLAY_NAME:-cn}"
 
-# ldap_tls|0
-# ldap_quota_def|
-# ldap_quota_attr|
+# | ldapTLS                       | 0           |
+# | ldapQuotaAttribute            |             |
+# | ldapQuotaDefault              |             |
 
-php occ config:app:set user_ldap s01ldap_email_attr --value "${LDAP_EMAIL_ATTR:-mail}"
-php occ config:app:set user_ldap s01ldap_group_member_assoc_attribute --value "${LDAP_GROUP_MEMBER_ASSOC_ATTRIBUTE:-memberUid}"
+php occ ldap:set-config ${LDAP_CONFIG_ID} ldapEmailAttribute "${LDAP_EMAIL_ATTRIBUTE:-mail}"
+php occ ldap:set-config ${LDAP_CONFIG_ID} ldapGroupMemberAssocAttr "${LDAP_GROUP_MEMBER_ASSOC_ATTR:-memberUid}"
 
-# ldap_cache_ttl|600
-
-# home_folder_naming_rule|
-# ldap_turn_off_cert_check|0
-# ldap_attributes_for_user_search|
-# ldap_attributes_for_group_search|
-# ldap_expert_username_attr|
-# ldap_expert_uuid_user_attr|
-# ldap_expert_uuid_group_attr|
-# has_memberof_filter_support|0
-# use_memberof_to_detect_membership|1
-
-# last_jpegPhoto_lookup|0
-# ldap_nested_groups|0
-# ldap_paging_size|500
-# ldap_turn_on_pwd_change|0
-# ldap_experienced_admin|0
-# ldap_dynamic_group_member_url|
-# ldap_default_ppolicy_dn|
-# ldap_user_avatar_rule|default
-# ldap_ext_storage_home_attribute|
-# _lastChange|1570896933
+# | hasMemberOfFilterSupport      | 0           |
+# | homeFolderNamingRule          |             |
+# | lastJpegPhotoLookup           | 0           |
+# | ldapAttributesForGroupSearch  |             |
+# | ldapAttributesForUserSearch   |             |
+# | ldapCacheTTL                  | 600         |
+# | ldapConfigurationActive       | 0           |
+# | ldapDefaultPPolicyDN          |             |
+# | ldapDynamicGroupMemberURL     |             |
+# | ldapExperiencedAdmin          | 0           |
+# | ldapExpertUUIDGroupAttr       |             |
+# | ldapExpertUUIDUserAttr        |             |
+# | ldapExpertUsernameAttr        |             |
+# | ldapExtStorageHomeAttribute   |             |
+# | ldapIgnoreNamingRules         |             |
+# | ldapNestedGroups              | 0           |
+# | ldapOverrideMainServer        |             |
+# | ldapPagingSize                | 500         |
+# | ldapUserAvatarRule            | default     |
+# | ldapUuidGroupAttribute        | auto        |
+# | ldapUuidUserAttribute         | auto        |
+# | turnOffCertCheck              | 0           |
+# | turnOnPasswordChange          | 0           |
+# | useMemberOfToDetectMembership | 1           |
 
 cd ${PREV_DIR}
diff --git a/16.0/unit/Dockerfile b/16.0/unit/Dockerfile
index 78cf1a3..967ceea 100644
--- a/16.0/unit/Dockerfile
+++ b/16.0/unit/Dockerfile
@@ -196,27 +196,28 @@ RUN \
 	}
 
 ENV LDAP_ENABLE=false
+ENV LDAP_CONFIG_ID=s01
 ENV LDAP_HOST=
 ENV LDAP_PORT=389
 ENV LDAP_BACKUP_HOST=
 ENV LDAP_BACKUP_PORT=389
-ENV LDAP_DN=
+ENV LDAP_AGENT_NAME=
 ENV LDAP_AGENT_PASSWORD=
 ENV LDAP_BASE=
 ENV LDAP_BASE_USERS=
 ENV LDAP_BASE_GROUPS=
 # space-separated objectclass values
-ENV LDAP_USERFILTER_OBJECTCLASS=inetOrgPerson
-ENV LDAP_USERLIST_FILTER=
+ENV LDAP_USER_FILTER_OBJECTCLASS=inetOrgPerson
+ENV LDAP_USER_FILTER=
 ENV LDAP_LOGIN_FILTER=
-ENV LDAP_GROUPFILTER_OBJECTCLASS=organizationalRole
+ENV LDAP_GROUP_FILTER_OBJECTCLASS=organizationalRole
 ENV LDAP_GROUP_FILTER=
 ENV LDAP_GID_NUMBER=gidNumber
-ENV LDAP_DISPLAY_NAME=cn
+ENV LDAP_USER_DISPLAY_NAME=cn
 ENV LDAP_USER_DISPLAY_NAME_2=
 ENV LDAP_GROUP_DISPLAY_NAME=cn
-ENV LDAP_EMAIL_ATTR=mail
-ENV LDAP_GROUP_MEMBER_ASSOC_ATTRIBUTE=memberUid
+ENV LDAP_EMAIL_ATTRIBUTE=mail
+ENV LDAP_GROUP_MEMBER_ASSOC_ATTR=memberUid
 
 EXPOSE 9000 9001 9002 9003 9010 9011 9012 9013
 ENTRYPOINT ["/entrypoint.sh"]
diff --git a/16.0/unit/ldap_setup.sh b/16.0/unit/ldap_setup.sh
index 980be92..7af85e5 100755
--- a/16.0/unit/ldap_setup.sh
+++ b/16.0/unit/ldap_setup.sh
@@ -12,94 +12,103 @@ PREV_DIR=${PWD}
 cd /var/www/html
 php occ app:enable user_ldap
 
+LDAP_CONFIG_ID=${LDAP_CONFIG_ID:-s01}
+
+[[ "$(php occ ldap:create-empty-config --only-print-prefix)" > "${LDAP_CONFIG_ID}" ]] || {
+    # config does not yet exist, create it
+    php occ ldap:create-empty-config
+}
+
 [[ -z ${LDAP_HOST} ]] || {
-    php occ config:app:set user_ldap s01ldap_host --value ${LDAP_HOST}
-    php occ config:app:set user_ldap s01ldap_port --value ${LDAP_PORT:-389}
+    php occ ldap:set-config ${LDAP_CONFIG_ID} ldapHost ${LDAP_HOST}
+    php occ ldap:set-config ${LDAP_CONFIG_ID} ldapPort ${LDAP_PORT:-389}
 }
 [[ -z ${LDAP_BACKUP_HOST} ]] || {
-    php occ config:app:set user_ldap s01ldap_backup_host --value ${LDAP_BACKUP_HOST}
-    php occ config:app:set user_ldap s01ldap_backup_port --value ${LDAP_BACKUP_PORT:-389}
+    php occ ldap:set-config ${LDAP_CONFIG_ID} ldapBackupHost ${LDAP_BACKUP_HOST}
+    php occ ldap:set-config ${LDAP_CONFIG_ID} ldapBackupPort ${LDAP_BACKUP_PORT:-389}
 }
 
 # credentials for accessing LDAP directory
-[[ -z ${LDAP_DN} ]] || {
-    php occ config:app:set user_ldap s01ldap_dn --value ${LDAP_DN}
+[[ -z ${LDAP_AGENT_NAME} ]] || {
+    php occ ldap:set-config ${LDAP_CONFIG_ID} ldapAgentName ${LDAP_AGENT_NAME}
 }
 [[ -z ${LDAP_AGENT_PASSWORD} ]] || {
-    php occ config:app:set user_ldap s01ldap_agent_password --value ${LDAP_AGENT_PASSWORD}
+    php occ ldap:set-config ${LDAP_CONFIG_ID} ldapAgentPassword ${LDAP_AGENT_PASSWORD}
 }
 
 # search base
 [[ -z ${LDAP_BASE} ]] || {
-    php occ config:app:set user_ldap s01ldap_base --value ${LDAP_BASE}
-    php occ config:app:set user_ldap s01ldap_base_users --value ${LDAP_BASE_USERS:-ou=People,${LDAP_BASE}}
-    php occ config:app:set user_ldap s01ldap_base_groups --value ${LDAP_BASE_GROUPS:-ou=Group,${LDAP_BASE}}
+    php occ ldap:set-config ${LDAP_CONFIG_ID} ldapBase ${LDAP_BASE}
+    php occ ldap:set-config ${LDAP_CONFIG_ID} ldapBaseUsers ${LDAP_BASE_USERS:-ou=People,${LDAP_BASE}}
+    php occ ldap:set-config ${LDAP_CONFIG_ID} ldapBaseGroups ${LDAP_BASE_GROUPS:-ou=Group,${LDAP_BASE}}
 }
 
-LDAP_USERFILTER_OBJECTCLASS=${LDAP_USERFILTER_OBJECTCLASS:-inetOrgPerson}
-php occ config:app:set user_ldap s01ldap_userfilter_objectclass --value "$(echo ${LDAP_USERFILTER_OBJECTCLASS} | tr ' ' '\n')"
+LDAP_USER_FILTER_OBJECTCLASS=${LDAP_USER_FILTER_OBJECTCLASS:-inetOrgPerson}
+php occ ldap:set-config ${LDAP_CONFIG_ID} ldapUserFilterObjectclass "$(echo ${LDAP_USER_FILTER_OBJECTCLASS} | tr ' ' '\n')"
 
-DEFAULT_FILTER="(|(objectclass=${LDAP_USERFILTER_OBJECTCLASS// /)(objectclass=}))"
-LDAP_USERLIST_FILTER="${LDAP_USERLIST_FILTER:-${DEFAULT_FILTER}}"
-php occ config:app:set user_ldap s01ldap_userlist_filter --value "${LDAP_USERLIST_FILTER}"
+DEFAULT_FILTER="(|(objectclass=${LDAP_USER_FILTER_OBJECTCLASS// /)(objectclass=}))"
+LDAP_USER_FILTER="${LDAP_USER_FILTER:-${DEFAULT_FILTER}}"
+php occ ldap:set-config ${LDAP_CONFIG_ID} ldapUserFilter "${LDAP_USER_FILTER}"
 
-# ldap_user_filter_mode|0
-# ldap_userfilter_groups|
+# | ldapUserFilterGroups          |             |
+# | ldapUserFilterMode            | 0           |
 
 DEFAULT_LOGIN_FILTER="(&${DEFAULT_FILTER}(uid=%uid))"
-php occ config:app:set user_ldap s01ldap_login_filter --value "${LDAP_LOGIN_FILTER:-${DEFAULT_LOGIN_FILTER}}"
+php occ ldap:set-config ${LDAP_CONFIG_ID} ldapLoginFilter "${LDAP_LOGIN_FILTER:-${DEFAULT_LOGIN_FILTER}}"
 
-# ldap_login_filter_mode|0
-# ldap_loginfilter_email|0
-# ldap_loginfilter_username|1
-# ldap_loginfilter_attributes|
+# | ldapLoginFilterAttributes     |             |
+# | ldapLoginFilterEmail          | 0           |
+# | ldapLoginFilterMode           | 0           |
+# | ldapLoginFilterUsername       | 1           |
 
-LDAP_GROUPFILTER_OBJECTCLASS=${LDAP_GROUPFILTER_OBJECTCLASS:-organizationalRole}
-php occ config:app:set user_ldap s01ldap_groupfilter_objectclass --value "$(echo ${LDAP_GROUPFILTER_OBJECTCLASS} | tr ' ' '\n')"
+LDAP_GROUP_FILTER_OBJECTCLASS=${LDAP_GROUP_FILTER_OBJECTCLASS:-organizationalRole}
+php occ ldap:set-config ${LDAP_CONFIG_ID} ldapGroupFilterObjectclass "$(echo ${LDAP_GROUP_FILTER_OBJECTCLASS} | tr ' ' '\n')"
 
-DEFAULT_GFILTER="(|(objectclass=${LDAP_GROUPFILTER_OBJECTCLASS// /)(objectclass=}))"
+DEFAULT_GFILTER="(|(objectclass=${LDAP_GROUP_FILTER_OBJECTCLASS// /)(objectclass=}))"
 LDAP_GROUP_FILTER="${LDAP_GROUP_FILTER:-${DEFAULT_GFILTER}}"
-php occ config:app:set user_ldap s01ldap_group_filter --value "${LDAP_GROUP_FILTER}"
+php occ ldap:set-config ${LDAP_CONFIG_ID} ldapGroupFilter "${LDAP_GROUP_FILTER}"
 
-# ldap_group_filter_mode|0
-# ldap_groupfilter_groups|
+# | ldapGroupFilterGroups         |             |
+# | ldapGroupFilterMode           | 0           |
 
-php occ config:app:set user_ldap s01ldap_gid_number --value "${LDAP_GID_NUMBER:-gidNumber}"
+php occ ldap:set-config ${LDAP_CONFIG_ID} ldapGidNumber "${LDAP_GID_NUMBER:-gidNumber}"
 
-php occ config:app:set user_ldap s01ldap_display_name --value "${LDAP_DISPLAY_NAME:-cn}"
+php occ ldap:set-config ${LDAP_CONFIG_ID} ldapUserDisplayName "${LDAP_USER_DISPLAY_NAME:-cn}"
 [[ -z ${LDAP_USER_DISPLAY_NAME_2} ]] || {
-    php occ config:app:set user_ldap s01ldap_user_display_name_2 --value "${LDAP_USER_DISPLAY_NAME_2}"
+    php occ ldap:set-config ${LDAP_CONFIG_ID} ldapUserDisplayName2 "${LDAP_USER_DISPLAY_NAME_2}"
 }
-php occ config:app:set user_ldap s01ldap_group_display_name --value "${LDAP_GROUP_DISPLAY_NAME:-cn}"
+php occ ldap:set-config ${LDAP_CONFIG_ID} ldapGroupDisplayName "${LDAP_GROUP_DISPLAY_NAME:-cn}"
 
-# ldap_tls|0
-# ldap_quota_def|
-# ldap_quota_attr|
+# | ldapTLS                       | 0           |
+# | ldapQuotaAttribute            |             |
+# | ldapQuotaDefault              |             |
 
-php occ config:app:set user_ldap s01ldap_email_attr --value "${LDAP_EMAIL_ATTR:-mail}"
-php occ config:app:set user_ldap s01ldap_group_member_assoc_attribute --value "${LDAP_GROUP_MEMBER_ASSOC_ATTRIBUTE:-memberUid}"
+php occ ldap:set-config ${LDAP_CONFIG_ID} ldapEmailAttribute "${LDAP_EMAIL_ATTRIBUTE:-mail}"
+php occ ldap:set-config ${LDAP_CONFIG_ID} ldapGroupMemberAssocAttr "${LDAP_GROUP_MEMBER_ASSOC_ATTR:-memberUid}"
 
-# ldap_cache_ttl|600
-
-# home_folder_naming_rule|
-# ldap_turn_off_cert_check|0
-# ldap_attributes_for_user_search|
-# ldap_attributes_for_group_search|
-# ldap_expert_username_attr|
-# ldap_expert_uuid_user_attr|
-# ldap_expert_uuid_group_attr|
-# has_memberof_filter_support|0
-# use_memberof_to_detect_membership|1
-
-# last_jpegPhoto_lookup|0
-# ldap_nested_groups|0
-# ldap_paging_size|500
-# ldap_turn_on_pwd_change|0
-# ldap_experienced_admin|0
-# ldap_dynamic_group_member_url|
-# ldap_default_ppolicy_dn|
-# ldap_user_avatar_rule|default
-# ldap_ext_storage_home_attribute|
-# _lastChange|1570896933
+# | hasMemberOfFilterSupport      | 0           |
+# | homeFolderNamingRule          |             |
+# | lastJpegPhotoLookup           | 0           |
+# | ldapAttributesForGroupSearch  |             |
+# | ldapAttributesForUserSearch   |             |
+# | ldapCacheTTL                  | 600         |
+# | ldapConfigurationActive       | 0           |
+# | ldapDefaultPPolicyDN          |             |
+# | ldapDynamicGroupMemberURL     |             |
+# | ldapExperiencedAdmin          | 0           |
+# | ldapExpertUUIDGroupAttr       |             |
+# | ldapExpertUUIDUserAttr        |             |
+# | ldapExpertUsernameAttr        |             |
+# | ldapExtStorageHomeAttribute   |             |
+# | ldapIgnoreNamingRules         |             |
+# | ldapNestedGroups              | 0           |
+# | ldapOverrideMainServer        |             |
+# | ldapPagingSize                | 500         |
+# | ldapUserAvatarRule            | default     |
+# | ldapUuidGroupAttribute        | auto        |
+# | ldapUuidUserAttribute         | auto        |
+# | turnOffCertCheck              | 0           |
+# | turnOnPasswordChange          | 0           |
+# | useMemberOfToDetectMembership | 1           |
 
 cd ${PREV_DIR}
diff --git a/17.0/unit/Dockerfile b/17.0/unit/Dockerfile
index 34715a2..cc47f02 100644
--- a/17.0/unit/Dockerfile
+++ b/17.0/unit/Dockerfile
@@ -196,27 +196,28 @@ RUN \
 	}
 
 ENV LDAP_ENABLE=false
+ENV LDAP_CONFIG_ID=s01
 ENV LDAP_HOST=
 ENV LDAP_PORT=389
 ENV LDAP_BACKUP_HOST=
 ENV LDAP_BACKUP_PORT=389
-ENV LDAP_DN=
+ENV LDAP_AGENT_NAME=
 ENV LDAP_AGENT_PASSWORD=
 ENV LDAP_BASE=
 ENV LDAP_BASE_USERS=
 ENV LDAP_BASE_GROUPS=
 # space-separated objectclass values
-ENV LDAP_USERFILTER_OBJECTCLASS=inetOrgPerson
-ENV LDAP_USERLIST_FILTER=
+ENV LDAP_USER_FILTER_OBJECTCLASS=inetOrgPerson
+ENV LDAP_USER_FILTER=
 ENV LDAP_LOGIN_FILTER=
-ENV LDAP_GROUPFILTER_OBJECTCLASS=organizationalRole
+ENV LDAP_GROUP_FILTER_OBJECTCLASS=organizationalRole
 ENV LDAP_GROUP_FILTER=
 ENV LDAP_GID_NUMBER=gidNumber
-ENV LDAP_DISPLAY_NAME=cn
+ENV LDAP_USER_DISPLAY_NAME=cn
 ENV LDAP_USER_DISPLAY_NAME_2=
 ENV LDAP_GROUP_DISPLAY_NAME=cn
-ENV LDAP_EMAIL_ATTR=mail
-ENV LDAP_GROUP_MEMBER_ASSOC_ATTRIBUTE=memberUid
+ENV LDAP_EMAIL_ATTRIBUTE=mail
+ENV LDAP_GROUP_MEMBER_ASSOC_ATTR=memberUid
 
 EXPOSE 9000 9001 9002 9003 9010 9011 9012 9013
 ENTRYPOINT ["/entrypoint.sh"]
diff --git a/17.0/unit/ldap_setup.sh b/17.0/unit/ldap_setup.sh
index 980be92..7af85e5 100755
--- a/17.0/unit/ldap_setup.sh
+++ b/17.0/unit/ldap_setup.sh
@@ -12,94 +12,103 @@ PREV_DIR=${PWD}
 cd /var/www/html
 php occ app:enable user_ldap
 
+LDAP_CONFIG_ID=${LDAP_CONFIG_ID:-s01}
+
+[[ "$(php occ ldap:create-empty-config --only-print-prefix)" > "${LDAP_CONFIG_ID}" ]] || {
+    # config does not yet exist, create it
+    php occ ldap:create-empty-config
+}
+
 [[ -z ${LDAP_HOST} ]] || {
-    php occ config:app:set user_ldap s01ldap_host --value ${LDAP_HOST}
-    php occ config:app:set user_ldap s01ldap_port --value ${LDAP_PORT:-389}
+    php occ ldap:set-config ${LDAP_CONFIG_ID} ldapHost ${LDAP_HOST}
+    php occ ldap:set-config ${LDAP_CONFIG_ID} ldapPort ${LDAP_PORT:-389}
 }
 [[ -z ${LDAP_BACKUP_HOST} ]] || {
-    php occ config:app:set user_ldap s01ldap_backup_host --value ${LDAP_BACKUP_HOST}
-    php occ config:app:set user_ldap s01ldap_backup_port --value ${LDAP_BACKUP_PORT:-389}
+    php occ ldap:set-config ${LDAP_CONFIG_ID} ldapBackupHost ${LDAP_BACKUP_HOST}
+    php occ ldap:set-config ${LDAP_CONFIG_ID} ldapBackupPort ${LDAP_BACKUP_PORT:-389}
 }
 
 # credentials for accessing LDAP directory
-[[ -z ${LDAP_DN} ]] || {
-    php occ config:app:set user_ldap s01ldap_dn --value ${LDAP_DN}
+[[ -z ${LDAP_AGENT_NAME} ]] || {
+    php occ ldap:set-config ${LDAP_CONFIG_ID} ldapAgentName ${LDAP_AGENT_NAME}
 }
 [[ -z ${LDAP_AGENT_PASSWORD} ]] || {
-    php occ config:app:set user_ldap s01ldap_agent_password --value ${LDAP_AGENT_PASSWORD}
+    php occ ldap:set-config ${LDAP_CONFIG_ID} ldapAgentPassword ${LDAP_AGENT_PASSWORD}
 }
 
 # search base
 [[ -z ${LDAP_BASE} ]] || {
-    php occ config:app:set user_ldap s01ldap_base --value ${LDAP_BASE}
-    php occ config:app:set user_ldap s01ldap_base_users --value ${LDAP_BASE_USERS:-ou=People,${LDAP_BASE}}
-    php occ config:app:set user_ldap s01ldap_base_groups --value ${LDAP_BASE_GROUPS:-ou=Group,${LDAP_BASE}}
+    php occ ldap:set-config ${LDAP_CONFIG_ID} ldapBase ${LDAP_BASE}
+    php occ ldap:set-config ${LDAP_CONFIG_ID} ldapBaseUsers ${LDAP_BASE_USERS:-ou=People,${LDAP_BASE}}
+    php occ ldap:set-config ${LDAP_CONFIG_ID} ldapBaseGroups ${LDAP_BASE_GROUPS:-ou=Group,${LDAP_BASE}}
 }
 
-LDAP_USERFILTER_OBJECTCLASS=${LDAP_USERFILTER_OBJECTCLASS:-inetOrgPerson}
-php occ config:app:set user_ldap s01ldap_userfilter_objectclass --value "$(echo ${LDAP_USERFILTER_OBJECTCLASS} | tr ' ' '\n')"
+LDAP_USER_FILTER_OBJECTCLASS=${LDAP_USER_FILTER_OBJECTCLASS:-inetOrgPerson}
+php occ ldap:set-config ${LDAP_CONFIG_ID} ldapUserFilterObjectclass "$(echo ${LDAP_USER_FILTER_OBJECTCLASS} | tr ' ' '\n')"
 
-DEFAULT_FILTER="(|(objectclass=${LDAP_USERFILTER_OBJECTCLASS// /)(objectclass=}))"
-LDAP_USERLIST_FILTER="${LDAP_USERLIST_FILTER:-${DEFAULT_FILTER}}"
-php occ config:app:set user_ldap s01ldap_userlist_filter --value "${LDAP_USERLIST_FILTER}"
+DEFAULT_FILTER="(|(objectclass=${LDAP_USER_FILTER_OBJECTCLASS// /)(objectclass=}))"
+LDAP_USER_FILTER="${LDAP_USER_FILTER:-${DEFAULT_FILTER}}"
+php occ ldap:set-config ${LDAP_CONFIG_ID} ldapUserFilter "${LDAP_USER_FILTER}"
 
-# ldap_user_filter_mode|0
-# ldap_userfilter_groups|
+# | ldapUserFilterGroups          |             |
+# | ldapUserFilterMode            | 0           |
 
 DEFAULT_LOGIN_FILTER="(&${DEFAULT_FILTER}(uid=%uid))"
-php occ config:app:set user_ldap s01ldap_login_filter --value "${LDAP_LOGIN_FILTER:-${DEFAULT_LOGIN_FILTER}}"
+php occ ldap:set-config ${LDAP_CONFIG_ID} ldapLoginFilter "${LDAP_LOGIN_FILTER:-${DEFAULT_LOGIN_FILTER}}"
 
-# ldap_login_filter_mode|0
-# ldap_loginfilter_email|0
-# ldap_loginfilter_username|1
-# ldap_loginfilter_attributes|
+# | ldapLoginFilterAttributes     |             |
+# | ldapLoginFilterEmail          | 0           |
+# | ldapLoginFilterMode           | 0           |
+# | ldapLoginFilterUsername       | 1           |
 
-LDAP_GROUPFILTER_OBJECTCLASS=${LDAP_GROUPFILTER_OBJECTCLASS:-organizationalRole}
-php occ config:app:set user_ldap s01ldap_groupfilter_objectclass --value "$(echo ${LDAP_GROUPFILTER_OBJECTCLASS} | tr ' ' '\n')"
+LDAP_GROUP_FILTER_OBJECTCLASS=${LDAP_GROUP_FILTER_OBJECTCLASS:-organizationalRole}
+php occ ldap:set-config ${LDAP_CONFIG_ID} ldapGroupFilterObjectclass "$(echo ${LDAP_GROUP_FILTER_OBJECTCLASS} | tr ' ' '\n')"
 
-DEFAULT_GFILTER="(|(objectclass=${LDAP_GROUPFILTER_OBJECTCLASS// /)(objectclass=}))"
+DEFAULT_GFILTER="(|(objectclass=${LDAP_GROUP_FILTER_OBJECTCLASS// /)(objectclass=}))"
 LDAP_GROUP_FILTER="${LDAP_GROUP_FILTER:-${DEFAULT_GFILTER}}"
-php occ config:app:set user_ldap s01ldap_group_filter --value "${LDAP_GROUP_FILTER}"
+php occ ldap:set-config ${LDAP_CONFIG_ID} ldapGroupFilter "${LDAP_GROUP_FILTER}"
 
-# ldap_group_filter_mode|0
-# ldap_groupfilter_groups|
+# | ldapGroupFilterGroups         |             |
+# | ldapGroupFilterMode           | 0           |
 
-php occ config:app:set user_ldap s01ldap_gid_number --value "${LDAP_GID_NUMBER:-gidNumber}"
+php occ ldap:set-config ${LDAP_CONFIG_ID} ldapGidNumber "${LDAP_GID_NUMBER:-gidNumber}"
 
-php occ config:app:set user_ldap s01ldap_display_name --value "${LDAP_DISPLAY_NAME:-cn}"
+php occ ldap:set-config ${LDAP_CONFIG_ID} ldapUserDisplayName "${LDAP_USER_DISPLAY_NAME:-cn}"
 [[ -z ${LDAP_USER_DISPLAY_NAME_2} ]] || {
-    php occ config:app:set user_ldap s01ldap_user_display_name_2 --value "${LDAP_USER_DISPLAY_NAME_2}"
+    php occ ldap:set-config ${LDAP_CONFIG_ID} ldapUserDisplayName2 "${LDAP_USER_DISPLAY_NAME_2}"
 }
-php occ config:app:set user_ldap s01ldap_group_display_name --value "${LDAP_GROUP_DISPLAY_NAME:-cn}"
+php occ ldap:set-config ${LDAP_CONFIG_ID} ldapGroupDisplayName "${LDAP_GROUP_DISPLAY_NAME:-cn}"
 
-# ldap_tls|0
-# ldap_quota_def|
-# ldap_quota_attr|
+# | ldapTLS                       | 0           |
+# | ldapQuotaAttribute            |             |
+# | ldapQuotaDefault              |             |
 
-php occ config:app:set user_ldap s01ldap_email_attr --value "${LDAP_EMAIL_ATTR:-mail}"
-php occ config:app:set user_ldap s01ldap_group_member_assoc_attribute --value "${LDAP_GROUP_MEMBER_ASSOC_ATTRIBUTE:-memberUid}"
+php occ ldap:set-config ${LDAP_CONFIG_ID} ldapEmailAttribute "${LDAP_EMAIL_ATTRIBUTE:-mail}"
+php occ ldap:set-config ${LDAP_CONFIG_ID} ldapGroupMemberAssocAttr "${LDAP_GROUP_MEMBER_ASSOC_ATTR:-memberUid}"
 
-# ldap_cache_ttl|600
-
-# home_folder_naming_rule|
-# ldap_turn_off_cert_check|0
-# ldap_attributes_for_user_search|
-# ldap_attributes_for_group_search|
-# ldap_expert_username_attr|
-# ldap_expert_uuid_user_attr|
-# ldap_expert_uuid_group_attr|
-# has_memberof_filter_support|0
-# use_memberof_to_detect_membership|1
-
-# last_jpegPhoto_lookup|0
-# ldap_nested_groups|0
-# ldap_paging_size|500
-# ldap_turn_on_pwd_change|0
-# ldap_experienced_admin|0
-# ldap_dynamic_group_member_url|
-# ldap_default_ppolicy_dn|
-# ldap_user_avatar_rule|default
-# ldap_ext_storage_home_attribute|
-# _lastChange|1570896933
+# | hasMemberOfFilterSupport      | 0           |
+# | homeFolderNamingRule          |             |
+# | lastJpegPhotoLookup           | 0           |
+# | ldapAttributesForGroupSearch  |             |
+# | ldapAttributesForUserSearch   |             |
+# | ldapCacheTTL                  | 600         |
+# | ldapConfigurationActive       | 0           |
+# | ldapDefaultPPolicyDN          |             |
+# | ldapDynamicGroupMemberURL     |             |
+# | ldapExperiencedAdmin          | 0           |
+# | ldapExpertUUIDGroupAttr       |             |
+# | ldapExpertUUIDUserAttr        |             |
+# | ldapExpertUsernameAttr        |             |
+# | ldapExtStorageHomeAttribute   |             |
+# | ldapIgnoreNamingRules         |             |
+# | ldapNestedGroups              | 0           |
+# | ldapOverrideMainServer        |             |
+# | ldapPagingSize                | 500         |
+# | ldapUserAvatarRule            | default     |
+# | ldapUuidGroupAttribute        | auto        |
+# | ldapUuidUserAttribute         | auto        |
+# | turnOffCertCheck              | 0           |
+# | turnOnPasswordChange          | 0           |
+# | useMemberOfToDetectMembership | 1           |
 
 cd ${PREV_DIR}
diff --git a/Dockerfile-unit.template b/Dockerfile-unit.template
index 659ed98..fb26b2e 100644
--- a/Dockerfile-unit.template
+++ b/Dockerfile-unit.template
@@ -195,27 +195,28 @@ RUN \
 	}
 
 ENV LDAP_ENABLE=false
+ENV LDAP_CONFIG_ID=s01
 ENV LDAP_HOST=
 ENV LDAP_PORT=389
 ENV LDAP_BACKUP_HOST=
 ENV LDAP_BACKUP_PORT=389
-ENV LDAP_DN=
+ENV LDAP_AGENT_NAME=
 ENV LDAP_AGENT_PASSWORD=
 ENV LDAP_BASE=
 ENV LDAP_BASE_USERS=
 ENV LDAP_BASE_GROUPS=
 # space-separated objectclass values
-ENV LDAP_USERFILTER_OBJECTCLASS=inetOrgPerson
-ENV LDAP_USERLIST_FILTER=
+ENV LDAP_USER_FILTER_OBJECTCLASS=inetOrgPerson
+ENV LDAP_USER_FILTER=
 ENV LDAP_LOGIN_FILTER=
-ENV LDAP_GROUPFILTER_OBJECTCLASS=organizationalRole
+ENV LDAP_GROUP_FILTER_OBJECTCLASS=organizationalRole
 ENV LDAP_GROUP_FILTER=
 ENV LDAP_GID_NUMBER=gidNumber
-ENV LDAP_DISPLAY_NAME=cn
+ENV LDAP_USER_DISPLAY_NAME=cn
 ENV LDAP_USER_DISPLAY_NAME_2=
 ENV LDAP_GROUP_DISPLAY_NAME=cn
-ENV LDAP_EMAIL_ATTR=mail
-ENV LDAP_GROUP_MEMBER_ASSOC_ATTRIBUTE=memberUid
+ENV LDAP_EMAIL_ATTRIBUTE=mail
+ENV LDAP_GROUP_MEMBER_ASSOC_ATTR=memberUid
 
 EXPOSE 9000 9001 9002 9003 9010 9011 9012 9013
 ENTRYPOINT ["/entrypoint.sh"]
diff --git a/docker-ldap_setup.sh b/docker-ldap_setup.sh
index 980be92..7af85e5 100755
--- a/docker-ldap_setup.sh
+++ b/docker-ldap_setup.sh
@@ -12,94 +12,103 @@ PREV_DIR=${PWD}
 cd /var/www/html
 php occ app:enable user_ldap
 
+LDAP_CONFIG_ID=${LDAP_CONFIG_ID:-s01}
+
+[[ "$(php occ ldap:create-empty-config --only-print-prefix)" > "${LDAP_CONFIG_ID}" ]] || {
+    # config does not yet exist, create it
+    php occ ldap:create-empty-config
+}
+
 [[ -z ${LDAP_HOST} ]] || {
-    php occ config:app:set user_ldap s01ldap_host --value ${LDAP_HOST}
-    php occ config:app:set user_ldap s01ldap_port --value ${LDAP_PORT:-389}
+    php occ ldap:set-config ${LDAP_CONFIG_ID} ldapHost ${LDAP_HOST}
+    php occ ldap:set-config ${LDAP_CONFIG_ID} ldapPort ${LDAP_PORT:-389}
 }
 [[ -z ${LDAP_BACKUP_HOST} ]] || {
-    php occ config:app:set user_ldap s01ldap_backup_host --value ${LDAP_BACKUP_HOST}
-    php occ config:app:set user_ldap s01ldap_backup_port --value ${LDAP_BACKUP_PORT:-389}
+    php occ ldap:set-config ${LDAP_CONFIG_ID} ldapBackupHost ${LDAP_BACKUP_HOST}
+    php occ ldap:set-config ${LDAP_CONFIG_ID} ldapBackupPort ${LDAP_BACKUP_PORT:-389}
 }
 
 # credentials for accessing LDAP directory
-[[ -z ${LDAP_DN} ]] || {
-    php occ config:app:set user_ldap s01ldap_dn --value ${LDAP_DN}
+[[ -z ${LDAP_AGENT_NAME} ]] || {
+    php occ ldap:set-config ${LDAP_CONFIG_ID} ldapAgentName ${LDAP_AGENT_NAME}
 }
 [[ -z ${LDAP_AGENT_PASSWORD} ]] || {
-    php occ config:app:set user_ldap s01ldap_agent_password --value ${LDAP_AGENT_PASSWORD}
+    php occ ldap:set-config ${LDAP_CONFIG_ID} ldapAgentPassword ${LDAP_AGENT_PASSWORD}
 }
 
 # search base
 [[ -z ${LDAP_BASE} ]] || {
-    php occ config:app:set user_ldap s01ldap_base --value ${LDAP_BASE}
-    php occ config:app:set user_ldap s01ldap_base_users --value ${LDAP_BASE_USERS:-ou=People,${LDAP_BASE}}
-    php occ config:app:set user_ldap s01ldap_base_groups --value ${LDAP_BASE_GROUPS:-ou=Group,${LDAP_BASE}}
+    php occ ldap:set-config ${LDAP_CONFIG_ID} ldapBase ${LDAP_BASE}
+    php occ ldap:set-config ${LDAP_CONFIG_ID} ldapBaseUsers ${LDAP_BASE_USERS:-ou=People,${LDAP_BASE}}
+    php occ ldap:set-config ${LDAP_CONFIG_ID} ldapBaseGroups ${LDAP_BASE_GROUPS:-ou=Group,${LDAP_BASE}}
 }
 
-LDAP_USERFILTER_OBJECTCLASS=${LDAP_USERFILTER_OBJECTCLASS:-inetOrgPerson}
-php occ config:app:set user_ldap s01ldap_userfilter_objectclass --value "$(echo ${LDAP_USERFILTER_OBJECTCLASS} | tr ' ' '\n')"
+LDAP_USER_FILTER_OBJECTCLASS=${LDAP_USER_FILTER_OBJECTCLASS:-inetOrgPerson}
+php occ ldap:set-config ${LDAP_CONFIG_ID} ldapUserFilterObjectclass "$(echo ${LDAP_USER_FILTER_OBJECTCLASS} | tr ' ' '\n')"
 
-DEFAULT_FILTER="(|(objectclass=${LDAP_USERFILTER_OBJECTCLASS// /)(objectclass=}))"
-LDAP_USERLIST_FILTER="${LDAP_USERLIST_FILTER:-${DEFAULT_FILTER}}"
-php occ config:app:set user_ldap s01ldap_userlist_filter --value "${LDAP_USERLIST_FILTER}"
+DEFAULT_FILTER="(|(objectclass=${LDAP_USER_FILTER_OBJECTCLASS// /)(objectclass=}))"
+LDAP_USER_FILTER="${LDAP_USER_FILTER:-${DEFAULT_FILTER}}"
+php occ ldap:set-config ${LDAP_CONFIG_ID} ldapUserFilter "${LDAP_USER_FILTER}"
 
-# ldap_user_filter_mode|0
-# ldap_userfilter_groups|
+# | ldapUserFilterGroups          |             |
+# | ldapUserFilterMode            | 0           |
 
 DEFAULT_LOGIN_FILTER="(&${DEFAULT_FILTER}(uid=%uid))"
-php occ config:app:set user_ldap s01ldap_login_filter --value "${LDAP_LOGIN_FILTER:-${DEFAULT_LOGIN_FILTER}}"
+php occ ldap:set-config ${LDAP_CONFIG_ID} ldapLoginFilter "${LDAP_LOGIN_FILTER:-${DEFAULT_LOGIN_FILTER}}"
 
-# ldap_login_filter_mode|0
-# ldap_loginfilter_email|0
-# ldap_loginfilter_username|1
-# ldap_loginfilter_attributes|
+# | ldapLoginFilterAttributes     |             |
+# | ldapLoginFilterEmail          | 0           |
+# | ldapLoginFilterMode           | 0           |
+# | ldapLoginFilterUsername       | 1           |
 
-LDAP_GROUPFILTER_OBJECTCLASS=${LDAP_GROUPFILTER_OBJECTCLASS:-organizationalRole}
-php occ config:app:set user_ldap s01ldap_groupfilter_objectclass --value "$(echo ${LDAP_GROUPFILTER_OBJECTCLASS} | tr ' ' '\n')"
+LDAP_GROUP_FILTER_OBJECTCLASS=${LDAP_GROUP_FILTER_OBJECTCLASS:-organizationalRole}
+php occ ldap:set-config ${LDAP_CONFIG_ID} ldapGroupFilterObjectclass "$(echo ${LDAP_GROUP_FILTER_OBJECTCLASS} | tr ' ' '\n')"
 
-DEFAULT_GFILTER="(|(objectclass=${LDAP_GROUPFILTER_OBJECTCLASS// /)(objectclass=}))"
+DEFAULT_GFILTER="(|(objectclass=${LDAP_GROUP_FILTER_OBJECTCLASS// /)(objectclass=}))"
 LDAP_GROUP_FILTER="${LDAP_GROUP_FILTER:-${DEFAULT_GFILTER}}"
-php occ config:app:set user_ldap s01ldap_group_filter --value "${LDAP_GROUP_FILTER}"
+php occ ldap:set-config ${LDAP_CONFIG_ID} ldapGroupFilter "${LDAP_GROUP_FILTER}"
 
-# ldap_group_filter_mode|0
-# ldap_groupfilter_groups|
+# | ldapGroupFilterGroups         |             |
+# | ldapGroupFilterMode           | 0           |
 
-php occ config:app:set user_ldap s01ldap_gid_number --value "${LDAP_GID_NUMBER:-gidNumber}"
+php occ ldap:set-config ${LDAP_CONFIG_ID} ldapGidNumber "${LDAP_GID_NUMBER:-gidNumber}"
 
-php occ config:app:set user_ldap s01ldap_display_name --value "${LDAP_DISPLAY_NAME:-cn}"
+php occ ldap:set-config ${LDAP_CONFIG_ID} ldapUserDisplayName "${LDAP_USER_DISPLAY_NAME:-cn}"
 [[ -z ${LDAP_USER_DISPLAY_NAME_2} ]] || {
-    php occ config:app:set user_ldap s01ldap_user_display_name_2 --value "${LDAP_USER_DISPLAY_NAME_2}"
+    php occ ldap:set-config ${LDAP_CONFIG_ID} ldapUserDisplayName2 "${LDAP_USER_DISPLAY_NAME_2}"
 }
-php occ config:app:set user_ldap s01ldap_group_display_name --value "${LDAP_GROUP_DISPLAY_NAME:-cn}"
+php occ ldap:set-config ${LDAP_CONFIG_ID} ldapGroupDisplayName "${LDAP_GROUP_DISPLAY_NAME:-cn}"
 
-# ldap_tls|0
-# ldap_quota_def|
-# ldap_quota_attr|
+# | ldapTLS                       | 0           |
+# | ldapQuotaAttribute            |             |
+# | ldapQuotaDefault              |             |
 
-php occ config:app:set user_ldap s01ldap_email_attr --value "${LDAP_EMAIL_ATTR:-mail}"
-php occ config:app:set user_ldap s01ldap_group_member_assoc_attribute --value "${LDAP_GROUP_MEMBER_ASSOC_ATTRIBUTE:-memberUid}"
+php occ ldap:set-config ${LDAP_CONFIG_ID} ldapEmailAttribute "${LDAP_EMAIL_ATTRIBUTE:-mail}"
+php occ ldap:set-config ${LDAP_CONFIG_ID} ldapGroupMemberAssocAttr "${LDAP_GROUP_MEMBER_ASSOC_ATTR:-memberUid}"
 
-# ldap_cache_ttl|600
-
-# home_folder_naming_rule|
-# ldap_turn_off_cert_check|0
-# ldap_attributes_for_user_search|
-# ldap_attributes_for_group_search|
-# ldap_expert_username_attr|
-# ldap_expert_uuid_user_attr|
-# ldap_expert_uuid_group_attr|
-# has_memberof_filter_support|0
-# use_memberof_to_detect_membership|1
-
-# last_jpegPhoto_lookup|0
-# ldap_nested_groups|0
-# ldap_paging_size|500
-# ldap_turn_on_pwd_change|0
-# ldap_experienced_admin|0
-# ldap_dynamic_group_member_url|
-# ldap_default_ppolicy_dn|
-# ldap_user_avatar_rule|default
-# ldap_ext_storage_home_attribute|
-# _lastChange|1570896933
+# | hasMemberOfFilterSupport      | 0           |
+# | homeFolderNamingRule          |             |
+# | lastJpegPhotoLookup           | 0           |
+# | ldapAttributesForGroupSearch  |             |
+# | ldapAttributesForUserSearch   |             |
+# | ldapCacheTTL                  | 600         |
+# | ldapConfigurationActive       | 0           |
+# | ldapDefaultPPolicyDN          |             |
+# | ldapDynamicGroupMemberURL     |             |
+# | ldapExperiencedAdmin          | 0           |
+# | ldapExpertUUIDGroupAttr       |             |
+# | ldapExpertUUIDUserAttr        |             |
+# | ldapExpertUsernameAttr        |             |
+# | ldapExtStorageHomeAttribute   |             |
+# | ldapIgnoreNamingRules         |             |
+# | ldapNestedGroups              | 0           |
+# | ldapOverrideMainServer        |             |
+# | ldapPagingSize                | 500         |
+# | ldapUserAvatarRule            | default     |
+# | ldapUuidGroupAttribute        | auto        |
+# | ldapUuidUserAttribute         | auto        |
+# | turnOffCertCheck              | 0           |
+# | turnOnPasswordChange          | 0           |
+# | useMemberOfToDetectMembership | 1           |
 
 cd ${PREV_DIR}