version: "3"

# For LDAPS with certificate validation:
# How to extract the TLS certificate from the OpenLDAP container, and encode it for the Dex config (`rootCAData`):
#   $ docker-compose exec ldap cat /container/run/service/slapd/assets/certs/ca.crt | base64 -w 0
# But note this issue: https://github.com/osixia/docker-openldap/issues/506

services:
  ldap:
    image: osixia/openldap:1.4.0
    # Copying is required because the entrypoint modifies the *.ldif files.
    # For verbose output, use:  command: ["--copy-service", "--loglevel", "debug"]
    command: ["--copy-service"]
    environment:
      # Required if using LDAPS:
      # Since Dex doesn't use a client TLS certificate, downgrade from "demand" to "try".
      LDAP_TLS_VERIFY_CLIENT: try
    # The hostname is required if using LDAPS with certificate validation.
    # In Dex, use the same hostname (with port) for `connectors[].config.host`.
    #hostname: YOUR-HOSTNAME
    #
    # https://github.com/osixia/docker-openldap#seed-ldap-database-with-ldif
    # Option 1: Add custom seed file -> mount to         /container/service/slapd/assets/config/bootstrap/ldif/custom/
    # Option 2: Overwrite default seed file -> mount to  /container/service/slapd/assets/config/bootstrap/ldif/
    volumes:
    - ./config-ldap.ldif:/container/service/slapd/assets/config/bootstrap/ldif/custom/config-ldap.ldif
    ports:
    - 389:389
    - 636:636