docker-compose.yml

version: '3.7'
services:

  openldap-app:
    hostname: ldap.example.org
    image: tiredofit/openldap
    container_name: openldap-app
    ports:
      - 389:389
      - 636:636
    volumes:
      - ./backup:/data/backup
      - ./data:/var/lib/openldap
      - ./config:/etc/openldap/slapd.d
      - ./certs:/certs
    environment:
      - HOSTNAME=ldap.example.org
      - LOG_LEVEL=256
      - DOMAIN=example.org
      - BASE_DN=dc=example,dc=org
      - ADMIN_PASS=admin
      - CONFIG_PASS=config
      - DEBUG_MODE=FALSE

      - ENABLE_READONLY_USER=FALSE
      - READONLY_USER_USER=reader
      - READONLY_USER_PASS=reader

      - ENABLE_TLS=TRUE
      - TLS_CRT_FILENAME=cert.pem
      - TLS_KEY_FILENAME=key.pem
      - TLS_ENFORCE=FALSE
      - TLS_CIPHER_SUITE=ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:-DHE-DSS:-RSA:!aNULL:!MD5:!DSS:!SHA
      - TLS_VERIFY_CLIENT=never
      - SSL_HELPER_PREFIX=ldap

      - ENABLE_REPLICATION=FALSE
      - REPLICATION_CONFIG_SYNCPROV=binddn="cn=admin,cn=config" bindmethod=simple credentials="admin" searchbase="cn=config" type=refreshAndPersist retry="5 5 60 +" timeout=1
      - REPLICATION_DB_SYNCPROV=binddn="cn=admin,dc=example,dc=org" bindmethod=simple credentials="admin" searchbase="dc=example,dc=org" type=refreshAndPersist interval=00:00:00:10 retry="5 5 60 +" timeout=1
      - REPLICATION_HOSTS=ldap://ldap1.example.com ldap://ldap2.example.com ldap://ldap3.example.com
      - REMOVE_CONFIG_AFTER_SETUP=false

      - ENABLE_BACKUP=TRUE
      - BACKUP_INTERVAL=0400
      - BACKUP_RETENTION=10080

      - ENABLE_ZABBIX=TRUE
      - ZABBIX_HOSTNAME=openldap-app

    networks:
      - internal
      - services
    restart: always

networks:
  internal:
    external: false
  services:
    external: true