--- services: traefik: networks: opencloud-net: opencloud: environment: # Ldap IDP specific configuration OC_LDAP_URI: ldaps://ldap-server:1636 OC_LDAP_INSECURE: "true" OC_LDAP_BIND_DN: "cn=admin,dc=opencloud,dc=eu" OC_LDAP_BIND_PASSWORD: ${LDAP_ADMIN_PASSWORD:-admin} OC_LDAP_GROUP_BASE_DN: "ou=groups,dc=opencloud,dc=eu" OC_LDAP_GROUP_SCHEMA_ID: "entryUUID" OC_LDAP_USER_BASE_DN: "ou=users,dc=opencloud,dc=eu" OC_LDAP_USER_FILTER: "(objectclass=inetOrgPerson)" OC_LDAP_USER_SCHEMA_ID: "entryUUID" OC_LDAP_DISABLE_USER_MECHANISM: "none" GRAPH_LDAP_SERVER_UUID: "true" GRAPH_LDAP_GROUP_CREATE_BASE_DN: "ou=custom,ou=groups,dc=opencloud,dc=eu" GRAPH_LDAP_REFINT_ENABLED: "true" # osixia has refint enabled. FRONTEND_READONLY_USER_ATTRIBUTES: "user.onPremisesSamAccountName,user.displayName,user.mail,user.passwordProfile,user.accountEnabled,user.appRoleAssignments" OC_LDAP_SERVER_WRITE_ENABLED: "false" # assuming the external ldap is not writable # OC_RUN_SERVICES specifies to start all services except glauth, idm and accounts. These are replaced by external services OC_EXCLUDE_RUN_SERVICES: idm ldap-server: image: bitnamilegacy/openldap:2.6 networks: opencloud-net: entrypoint: ["/bin/sh", "/opt/bitnami/scripts/openldap/docker-entrypoint-override.sh", "/opt/bitnami/scripts/openldap/run.sh" ] environment: BITNAMI_DEBUG: true LDAP_TLS_VERIFY_CLIENT: never LDAP_ENABLE_TLS: "yes" LDAP_TLS_CA_FILE: /opt/bitnami/openldap/share/openldap.crt LDAP_TLS_CERT_FILE: /opt/bitnami/openldap/share/openldap.crt LDAP_TLS_KEY_FILE: /opt/bitnami/openldap/share/openldap.key LDAP_ROOT: "dc=opencloud,dc=eu" LDAP_ADMIN_PASSWORD: ${LDAP_ADMIN_PASSWORD:-admin} ports: - "127.0.0.1:389:1389" - "127.0.0.1:636:1636" volumes: - ./config/ldap/ldif:/ldifs - ./config/ldap/docker-entrypoint-override.sh:/opt/bitnami/scripts/openldap/docker-entrypoint-override.sh - ldap-certs:/opt/bitnami/openldap/share - ldap-data:/bitnami/openldap logging: driver: ${LOG_DRIVER:-local} restart: always volumes: ldap-certs: ldap-data: networks: opencloud-net: