# {{ ansible_managed }}

services:
  openldap:
    image: bitnami/openldap:{{ docker_openldap_version }}
    environment:
      LDAP_ROOT: "{{ docker_openldap_rootdn }}"
      LDAP_ADMIN_USERNAME: "{{ docker_openldap_admin_username }}"
      LDAP_ADMIN_PASSWORD: "{{ docker_openldap_admin_password }}"
      LDAP_CONFIG_ADMIN_ENABLED: "yes"
      LDAP_CONFIG_ADMIN_USERNAME: "{{ docker_openldap_config_username }}"
      LDAP_CONFIG_ADMIN_PASSWORD: "{{ docker_openldap_config_password }}"
      LDAP_USER_DC: users
      LDAP_CONFIGURE_PPOLICY: "{{ docker_openldap_configure_ppolicy }}"
      LDAP_PPOLICY_HASH_CLEARTEXT: "{{ docker_openldap_ppolicy_hash_cleartext }}"
      LDAP_ENABLE_TLS: "{{ docker_openldap_enable_tls }}"
      LDAP_REQUIRE_TLS: "{{ docker_openldap_require_tls }}"
      LDAP_ALLOW_ANON_BINDING: "{{ docker_openldap_allow_anon_binding }}"
      LDAP_CUSTOM_SCHEMA_DIR: /bitnami/custom-schemas
      LDAP_EXTRA_SCHEMAS: cosine, inetorgperson
{% if docker_openldap_enable_tls == "yes" %}
      LDAP_TLS_CERT_FILE: /bitnami/certs/pubcert.pem
      LDAP_TLS_KEY_FILE: /bitnami/certs/privkey.pem
      LDAP_TLS_CA_FILE: /bitnami/certs/chain.pem
{% endif %}
    restart: always
    volumes:
      - {{ docker_openldap_data_dir }}/{{ docker_openldap_service_id }}/ldap:/bitnami/openldap
      - ./certs:/bitnami/certs
      - ./custom-schemas:/bitnami/custom-schemas
    ports:
      - {{ docker_openldap_port }}:1389
      - {{ docker_openldap_port_tls }}:1636