FROM eumau/debian:bookworm-slim

# admin CN => dn: cn=%%ADMIN_CN%%,%%DOMAIN_DN%%
ENV LDAP_ADMIN_CN="admin"
# password for cn=%%ADMIN_DN%%,%%DOMAIN_DN%%
ENV LDAP_ADMIN_PASSWORD="admin"
# password for cn=admin,cn=config
ENV LDAP_CONFIG_PASSWORD="${LDAP_ADMIN_PASSWORD}"
# domain name (example.org)
ENV LDAP_DOMAIN=""
# olcDbAccess attribute for domain entry (newline-separated)
ENV LDAP_DOMAIN_ACCESS="{0}to attrs=userPassword by self write by anonymous auth by * none\n{1}to attrs=shadowLastChange by self write by * read\n{2}to * by * read"
# domain DN (dc=example,dc=org)
ENV LDAP_DOMAIN_DN=""
# olcDbIndex attribute for domain entry (newline-separated)
ENV LDAP_DOMAIN_INDEX="cn,uid eq\nmember,memberUid eq\nobjectClass eq\nuidNumber,gidNumber eq"
# domain OUs (space-separated)
ENV LDAP_DOMAIN_OUS="People Alias Group"
# enable memberOf module
ENV LDAP_MEMBEROF="true"
# space-separated list of schemas to load
ENV LDAP_SCHEMAS="core cosine inetorgperson misc nis"

RUN apt-get update \
	&& DEBIAN_FRONTEND=noninteractive apt-get install -y \
	slapd \
        ldap-utils && \
	apt-get clean && \
	rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*

ADD setup /start.d
ADD confd /etc/confd/
ADD entrypoint.sh /
ADD ldap_backup ldap_restore /usr/local/sbin/

EXPOSE 389

VOLUME ["/etc/ldap/schema", "/etc/ldap/slapd.d", "/var/lib/ldap", "/var/backups/ldap"]

# log level info:
CMD ["slapd", "-d", "32768", "-u", "openldap", "-g", "openldap"]