From 5a7fcc9361d6677996338dd5958f06df80e481e7 Mon Sep 17 00:00:00 2001
From: "info@pi-farm.de" <pi-farm@noreply.git.pi-farm.de>
Date: Thu, 2 Apr 2026 10:47:45 +0000
Subject: [PATCH 01/65] Dockerfile aktualisiert

---
 Dockerfile | 105 +++++++++++++++++++++++++++++++++++++++++++++++------
 1 file changed, 94 insertions(+), 11 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 07bb5b9..7de6cd7 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,27 +1,110 @@
-# Example Dockerfile for amd64
-ARG BASE_IMAGE=alpine:latest
+ARG BASE_IMAGE=debian:bookworm
 
 FROM ${BASE_IMAGE}
 
 ARG MAINTAINER
 ARG TZ
 ARG APP_NAME
-ARG APP_USER
 
 LABEL maintainer="${MAINTAINER}"
 LABEL org.opencontainers.image.title="${APP_NAME}"
 
 ENV TZ=${TZ}
-ENV USER=${APP_USER}
+ENV DEBIAN_FRONTEND=noninteractive
+ENV LANG=de_DE.UTF-8
+ENV LANGUAGE=de_DE:de
+ENV LC_ALL=de_DE.UTF-8
 
-RUN apk add --no-cache tzdata ca-certificates
+RUN sed -i 's/^Types: deb$/Types: deb deb-src/' /etc/apt/sources.list.d/debian.sources && \
+    apt-get update && apt-get install -y \
+    xrdp \
+    sssd \
+    sssd-tools \
+    libpam-sss \
+    libnss-sss \
+    ldap-utils \
+    ca-certificates \
+    dbus-x11 \
+    xfce4 \
+    xfce4-terminal \
+    sudo \
+    firefox-esr \
+    firefox-esr-l10n-de \
+    thunderbird \
+    thunderbird-l10n-de \
+    locales \
+    tzdata \
+    keyboard-configuration \
+    x11-xkb-utils && \
+    apt-get install -y \
+    pulseaudio \
+    build-essential \
+    dpkg-dev \
+    git \
+    libpulse-dev \
+    meson \
+    ninja-build \
+    pkg-config \
+    autoconf \
+    libtool && \
+    apt-get build-dep -y pulseaudio && \
+    cd /tmp && \
+    apt-get source pulseaudio && \
+    PULSE_DIR=$(find /tmp -maxdepth 1 -type d -name "pulseaudio-*" | head -n 1) && \
+    cd $PULSE_DIR && \
+    meson setup build \
+        -Dman=false \
+        -Dtests=false \
+        -Ddoxygen=false && \
+    cd /tmp && \
+    git clone https://github.com/neutrinolabs/pulseaudio-module-xrdp.git && \
+    cd pulseaudio-module-xrdp && \
+    ./bootstrap && \
+    ./configure PULSE_DIR=$PULSE_DIR && \
+    make && \
+    make install && \
+    cd / && \
+    rm -rf /tmp/pulseaudio-* /tmp/pulseaudio-module-xrdp && \
+    apt-get remove -y build-essential dpkg-dev meson ninja-build autoconf libtool && \
+    apt-get autoremove -y && \
+    rm -rf /var/lib/apt/lists/* && \
+    sed -i 's/^# ${LANG} UTF-8/${LANG} UTF-8/' /etc/locale.gen && \
+    locale-gen && \
+    update-locale LANG=${LANG} LANGUAGE=${LANGUAGE} LC_ALL=${LC_ALL} && \
+    ln -fs /usr/share/zoneinfo/${TZ} /etc/localtime && \
+    dpkg-reconfigure -f noninteractive tzdata && \
+    cat > /etc/default/keyboard <<'EOF'
+XKBMODEL="pc105"
+XKBLAYOUT="de"
+XKBVARIANT=""
+XKBOPTIONS=""
+BACKSPACE="guess"
+EOF && \
+    dpkg-reconfigure -f noninteractive keyboard-configuration
 
-WORKDIR /app
-COPY ./config /app/config
-COPY ./data /app/data
+COPY config/pam/ /etc/pam.d/
+COPY config/nsswitch.conf /etc/nsswitch.conf
+COPY config/xrdp/ /etc/xrdp/
+COPY config/ldap/ /etc/ldap/
+COPY config/skel/ /etc/skel/
+COPY config/sudoers /etc/sudoers
 
-RUN adduser -D ${APP_USER} && chown -R ${APP_USER}:${APP_USER} /app
+RUN chmod 440 /etc/sudoers && \
+    mkdir -p /etc/sssd && chown root:root /etc/sssd && chmod 755 /etc/sssd && \
+    mkdir -p /home && chmod 755 /home && \
+    chown xrdp:xrdp /etc/xrdp/key.pem /etc/xrdp/cert.pem /etc/xrdp/rsakeys.ini && \
+    chmod 600 /etc/xrdp/key.pem /etc/xrdp/rsakeys.ini && \
+    chmod 644 /etc/xrdp/cert.pem && \
+    echo "LANG=${LANG}" >> /etc/environment && \
+    echo "LANGUAGE=${LANGUAGE}" >> /etc/environment && \
+    echo "LC_ALL=${LC_ALL}" >> /etc/environment && \
+    sed -i '1i export LANG=${LANG}\nexport LANGUAGE=${LANGUAGE}\nexport LC_ALL=${LC_ALL}' /etc/xrdp/startwm.sh && \
+    chmod +x /etc/xrdp/startwm.sh && \
+    mkdir -p /etc/xdg/xfce4 && \
+    echo "setxkbmap de" >> /etc/xdg/xfce4/xinitrc
 
-USER ${APP_USER}
+EXPOSE 3389
 
-CMD ["sh"]
\ No newline at end of file
+COPY entrypoint.sh /entrypoint.sh
+RUN chmod +x /entrypoint.sh
+CMD ["/entrypoint.sh"]
\ No newline at end of file
-- 
2.49.1


From ece3fbadfc9f4333af4b5ba142e2d1882b8aaa7a Mon Sep 17 00:00:00 2001
From: "info@pi-farm.de" <pi-farm@noreply.git.pi-farm.de>
Date: Thu, 2 Apr 2026 10:49:24 +0000
Subject: [PATCH 02/65] Dockerfile.aarch64 aktualisiert

---
 Dockerfile.aarch64 | 105 ++++++++++++++++++++++++++++++++++++++++-----
 1 file changed, 94 insertions(+), 11 deletions(-)

diff --git a/Dockerfile.aarch64 b/Dockerfile.aarch64
index f02657b..7de6cd7 100644
--- a/Dockerfile.aarch64
+++ b/Dockerfile.aarch64
@@ -1,27 +1,110 @@
-# Example Dockerfile for arm64
-ARG BASE_IMAGE=alpine:latest
+ARG BASE_IMAGE=debian:bookworm
 
 FROM ${BASE_IMAGE}
 
 ARG MAINTAINER
 ARG TZ
 ARG APP_NAME
-ARG APP_USER
 
 LABEL maintainer="${MAINTAINER}"
 LABEL org.opencontainers.image.title="${APP_NAME}"
 
 ENV TZ=${TZ}
-ENV USER=${APP_USER}
+ENV DEBIAN_FRONTEND=noninteractive
+ENV LANG=de_DE.UTF-8
+ENV LANGUAGE=de_DE:de
+ENV LC_ALL=de_DE.UTF-8
 
-RUN apk add --no-cache tzdata ca-certificates
+RUN sed -i 's/^Types: deb$/Types: deb deb-src/' /etc/apt/sources.list.d/debian.sources && \
+    apt-get update && apt-get install -y \
+    xrdp \
+    sssd \
+    sssd-tools \
+    libpam-sss \
+    libnss-sss \
+    ldap-utils \
+    ca-certificates \
+    dbus-x11 \
+    xfce4 \
+    xfce4-terminal \
+    sudo \
+    firefox-esr \
+    firefox-esr-l10n-de \
+    thunderbird \
+    thunderbird-l10n-de \
+    locales \
+    tzdata \
+    keyboard-configuration \
+    x11-xkb-utils && \
+    apt-get install -y \
+    pulseaudio \
+    build-essential \
+    dpkg-dev \
+    git \
+    libpulse-dev \
+    meson \
+    ninja-build \
+    pkg-config \
+    autoconf \
+    libtool && \
+    apt-get build-dep -y pulseaudio && \
+    cd /tmp && \
+    apt-get source pulseaudio && \
+    PULSE_DIR=$(find /tmp -maxdepth 1 -type d -name "pulseaudio-*" | head -n 1) && \
+    cd $PULSE_DIR && \
+    meson setup build \
+        -Dman=false \
+        -Dtests=false \
+        -Ddoxygen=false && \
+    cd /tmp && \
+    git clone https://github.com/neutrinolabs/pulseaudio-module-xrdp.git && \
+    cd pulseaudio-module-xrdp && \
+    ./bootstrap && \
+    ./configure PULSE_DIR=$PULSE_DIR && \
+    make && \
+    make install && \
+    cd / && \
+    rm -rf /tmp/pulseaudio-* /tmp/pulseaudio-module-xrdp && \
+    apt-get remove -y build-essential dpkg-dev meson ninja-build autoconf libtool && \
+    apt-get autoremove -y && \
+    rm -rf /var/lib/apt/lists/* && \
+    sed -i 's/^# ${LANG} UTF-8/${LANG} UTF-8/' /etc/locale.gen && \
+    locale-gen && \
+    update-locale LANG=${LANG} LANGUAGE=${LANGUAGE} LC_ALL=${LC_ALL} && \
+    ln -fs /usr/share/zoneinfo/${TZ} /etc/localtime && \
+    dpkg-reconfigure -f noninteractive tzdata && \
+    cat > /etc/default/keyboard <<'EOF'
+XKBMODEL="pc105"
+XKBLAYOUT="de"
+XKBVARIANT=""
+XKBOPTIONS=""
+BACKSPACE="guess"
+EOF && \
+    dpkg-reconfigure -f noninteractive keyboard-configuration
 
-WORKDIR /app
-COPY ./config /app/config
-COPY ./data /app/data
+COPY config/pam/ /etc/pam.d/
+COPY config/nsswitch.conf /etc/nsswitch.conf
+COPY config/xrdp/ /etc/xrdp/
+COPY config/ldap/ /etc/ldap/
+COPY config/skel/ /etc/skel/
+COPY config/sudoers /etc/sudoers
 
-RUN adduser -D ${APP_USER} && chown -R ${APP_USER}:${APP_USER} /app
+RUN chmod 440 /etc/sudoers && \
+    mkdir -p /etc/sssd && chown root:root /etc/sssd && chmod 755 /etc/sssd && \
+    mkdir -p /home && chmod 755 /home && \
+    chown xrdp:xrdp /etc/xrdp/key.pem /etc/xrdp/cert.pem /etc/xrdp/rsakeys.ini && \
+    chmod 600 /etc/xrdp/key.pem /etc/xrdp/rsakeys.ini && \
+    chmod 644 /etc/xrdp/cert.pem && \
+    echo "LANG=${LANG}" >> /etc/environment && \
+    echo "LANGUAGE=${LANGUAGE}" >> /etc/environment && \
+    echo "LC_ALL=${LC_ALL}" >> /etc/environment && \
+    sed -i '1i export LANG=${LANG}\nexport LANGUAGE=${LANGUAGE}\nexport LC_ALL=${LC_ALL}' /etc/xrdp/startwm.sh && \
+    chmod +x /etc/xrdp/startwm.sh && \
+    mkdir -p /etc/xdg/xfce4 && \
+    echo "setxkbmap de" >> /etc/xdg/xfce4/xinitrc
 
-USER ${APP_USER}
+EXPOSE 3389
 
-CMD ["sh"]
\ No newline at end of file
+COPY entrypoint.sh /entrypoint.sh
+RUN chmod +x /entrypoint.sh
+CMD ["/entrypoint.sh"]
\ No newline at end of file
-- 
2.49.1


From 29f63e1cd9b88809ed013008d828f344be0f7312 Mon Sep 17 00:00:00 2001
From: "info@pi-farm.de" <pi-farm@noreply.git.pi-farm.de>
Date: Thu, 2 Apr 2026 10:56:52 +0000
Subject: [PATCH 03/65] Dockerfile.aarch64 aktualisiert

---
 Dockerfile.aarch64 | 27 +++++++++++++++------------
 1 file changed, 15 insertions(+), 12 deletions(-)

diff --git a/Dockerfile.aarch64 b/Dockerfile.aarch64
index 7de6cd7..650604a 100644
--- a/Dockerfile.aarch64
+++ b/Dockerfile.aarch64
@@ -5,15 +5,19 @@ FROM ${BASE_IMAGE}
 ARG MAINTAINER
 ARG TZ
 ARG APP_NAME
+ARG LANG
+ARG LANGUAGE
+ARG LC_ALL
+ARG COUNTRY
 
 LABEL maintainer="${MAINTAINER}"
 LABEL org.opencontainers.image.title="${APP_NAME}"
 
 ENV TZ=${TZ}
-ENV DEBIAN_FRONTEND=noninteractive
-ENV LANG=de_DE.UTF-8
-ENV LANGUAGE=de_DE:de
-ENV LC_ALL=de_DE.UTF-8
+ENV LANG=${LANG}
+ENV LANGUAGE=${LANGUAGE}
+ENV LC_ALL=${LC_ALL}
+ENV COUNTRY=${COUNTRY}
 
 RUN sed -i 's/^Types: deb$/Types: deb deb-src/' /etc/apt/sources.list.d/debian.sources && \
     apt-get update && apt-get install -y \
@@ -29,14 +33,13 @@ RUN sed -i 's/^Types: deb$/Types: deb deb-src/' /etc/apt/sources.list.d/debian.s
     xfce4-terminal \
     sudo \
     firefox-esr \
-    firefox-esr-l10n-de \
+    firefox-esr-l10n-${COUNTRY} \
     thunderbird \
-    thunderbird-l10n-de \
+    thunderbird-l10n-${COUNTRY} \
     locales \
     tzdata \
     keyboard-configuration \
-    x11-xkb-utils && \
-    apt-get install -y \
+    x11-xkb-utils \
     pulseaudio \
     build-essential \
     dpkg-dev \
@@ -75,12 +78,12 @@ RUN sed -i 's/^Types: deb$/Types: deb deb-src/' /etc/apt/sources.list.d/debian.s
     dpkg-reconfigure -f noninteractive tzdata && \
     cat > /etc/default/keyboard <<'EOF'
 XKBMODEL="pc105"
-XKBLAYOUT="de"
+XKBLAYOUT="${COUNTRY}"
 XKBVARIANT=""
 XKBOPTIONS=""
 BACKSPACE="guess"
-EOF && \
-    dpkg-reconfigure -f noninteractive keyboard-configuration
+EOF \
+    && dpkg-reconfigure -f noninteractive keyboard-configuration
 
 COPY config/pam/ /etc/pam.d/
 COPY config/nsswitch.conf /etc/nsswitch.conf
@@ -101,7 +104,7 @@ RUN chmod 440 /etc/sudoers && \
     sed -i '1i export LANG=${LANG}\nexport LANGUAGE=${LANGUAGE}\nexport LC_ALL=${LC_ALL}' /etc/xrdp/startwm.sh && \
     chmod +x /etc/xrdp/startwm.sh && \
     mkdir -p /etc/xdg/xfce4 && \
-    echo "setxkbmap de" >> /etc/xdg/xfce4/xinitrc
+    echo "setxkbmap ${COUNTRY}" >> /etc/xdg/xfce4/xinitrc
 
 EXPOSE 3389
 
-- 
2.49.1


From 6d2e6aab61abcc5e7a0667cd50f197c9fc8c11e3 Mon Sep 17 00:00:00 2001
From: "info@pi-farm.de" <pi-farm@noreply.git.pi-farm.de>
Date: Thu, 2 Apr 2026 10:57:10 +0000
Subject: [PATCH 04/65] Dockerfile aktualisiert

---
 Dockerfile | 27 +++++++++++++++------------
 1 file changed, 15 insertions(+), 12 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 7de6cd7..650604a 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -5,15 +5,19 @@ FROM ${BASE_IMAGE}
 ARG MAINTAINER
 ARG TZ
 ARG APP_NAME
+ARG LANG
+ARG LANGUAGE
+ARG LC_ALL
+ARG COUNTRY
 
 LABEL maintainer="${MAINTAINER}"
 LABEL org.opencontainers.image.title="${APP_NAME}"
 
 ENV TZ=${TZ}
-ENV DEBIAN_FRONTEND=noninteractive
-ENV LANG=de_DE.UTF-8
-ENV LANGUAGE=de_DE:de
-ENV LC_ALL=de_DE.UTF-8
+ENV LANG=${LANG}
+ENV LANGUAGE=${LANGUAGE}
+ENV LC_ALL=${LC_ALL}
+ENV COUNTRY=${COUNTRY}
 
 RUN sed -i 's/^Types: deb$/Types: deb deb-src/' /etc/apt/sources.list.d/debian.sources && \
     apt-get update && apt-get install -y \
@@ -29,14 +33,13 @@ RUN sed -i 's/^Types: deb$/Types: deb deb-src/' /etc/apt/sources.list.d/debian.s
     xfce4-terminal \
     sudo \
     firefox-esr \
-    firefox-esr-l10n-de \
+    firefox-esr-l10n-${COUNTRY} \
     thunderbird \
-    thunderbird-l10n-de \
+    thunderbird-l10n-${COUNTRY} \
     locales \
     tzdata \
     keyboard-configuration \
-    x11-xkb-utils && \
-    apt-get install -y \
+    x11-xkb-utils \
     pulseaudio \
     build-essential \
     dpkg-dev \
@@ -75,12 +78,12 @@ RUN sed -i 's/^Types: deb$/Types: deb deb-src/' /etc/apt/sources.list.d/debian.s
     dpkg-reconfigure -f noninteractive tzdata && \
     cat > /etc/default/keyboard <<'EOF'
 XKBMODEL="pc105"
-XKBLAYOUT="de"
+XKBLAYOUT="${COUNTRY}"
 XKBVARIANT=""
 XKBOPTIONS=""
 BACKSPACE="guess"
-EOF && \
-    dpkg-reconfigure -f noninteractive keyboard-configuration
+EOF \
+    && dpkg-reconfigure -f noninteractive keyboard-configuration
 
 COPY config/pam/ /etc/pam.d/
 COPY config/nsswitch.conf /etc/nsswitch.conf
@@ -101,7 +104,7 @@ RUN chmod 440 /etc/sudoers && \
     sed -i '1i export LANG=${LANG}\nexport LANGUAGE=${LANGUAGE}\nexport LC_ALL=${LC_ALL}' /etc/xrdp/startwm.sh && \
     chmod +x /etc/xrdp/startwm.sh && \
     mkdir -p /etc/xdg/xfce4 && \
-    echo "setxkbmap de" >> /etc/xdg/xfce4/xinitrc
+    echo "setxkbmap ${COUNTRY}" >> /etc/xdg/xfce4/xinitrc
 
 EXPOSE 3389
 
-- 
2.49.1


From 1ccd4a17953c7ee4f000237c472483a2a821bb37 Mon Sep 17 00:00:00 2001
From: "info@pi-farm.de" <pi-farm@noreply.git.pi-farm.de>
Date: Thu, 2 Apr 2026 11:26:07 +0000
Subject: [PATCH 05/65] buildargs.env aktualisiert

---
 buildargs.env | 40 ++++++++++++++++------------------------
 1 file changed, 16 insertions(+), 24 deletions(-)

diff --git a/buildargs.env b/buildargs.env
index dad5f2a..15df8ed 100644
--- a/buildargs.env
+++ b/buildargs.env
@@ -1,26 +1,18 @@
 ## BUILD STAGE
-BUILD_TAG=1.00
-BUILD_BASE_IMAGE=alpine:${BUILD_TAG}
-## Examples for BUILD_BASE_IMAGE
-# alpine:${BUILD_TAG}
-# git.pi-farm.de/pi-farm/docker-baseimage-alpine:v${BUILD_TAG}
-#BUILD_ALPINE_ARCH_AMD64=x86_64
-#BUILD_ALPINE_ARCH_AARCH64=aarch64
-#BUILD_S6_ARCH_amd64=x86_64
-#BUILD_S6_ARCH_aarch64=aarch64
-#BUILD_S6_OVERLAY_VERSION=3.2.0.2
-#BUILD_MAINTAINER=pi-farm
-#BUILD_APP_VERSION=v${BUILD_TAG}
-#BUILD_APP_NAME=basimage-alpine
-#BUILD_APP_USER=pi
-#BUILD_APP_GID=1000
+BUILD_TAG=bookworm
+BUILD_TAG_LATEST=n
+BUILD_COUNTRY=de
+BUILD_LANG=
+BUILD_LANGUAGE=
+BUILD_LC_ALL=
+BUILD_TZ=Europe/Berlin
+BUILD_BASE_IMAGE=debian:${BUILD_TAG}
+BUILD_MAINTAINER=pi-farm
+BUILD_APP_NAME=baseimage-debian-rdp-ldap
+BUILD_APP_VERSION=${BUILD_TAG}-${COUNTRY}
 ## ENV STAGE
-ENV_TZ=Europe/Berlin
-ENV_PUID=1000
-ENV_PGID=1000
-# VOL_CONFIG=./config:/config
-# VOL_DATA=./data:/data
-# PORT_WEB=8080:80
-#PUSH=gitea,dockerhub
-DESCRIPTION="Example example example"
-
+VOL_CONFIG=./sssd.conf:/etc/sssd/sssd.conf:ro
+VOL_HOME=./home:/home
+PORT_WEB=3889
+PUSH=gitea
+DESCRIPTION="Debian Desktop with LDAP-Auth to use with Guacamole as RDP-destination"
\ No newline at end of file
-- 
2.49.1


From ffb03bd85e69a088b1671b4617297bdc1b33f63e Mon Sep 17 00:00:00 2001
From: "info@pi-farm.de" <pi-farm@noreply.git.pi-farm.de>
Date: Thu, 2 Apr 2026 11:32:04 +0000
Subject: [PATCH 06/65] Dockerfile aktualisiert

---
 Dockerfile | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Dockerfile b/Dockerfile
index 650604a..a2c01bd 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -18,6 +18,7 @@ ENV LANG=${LANG}
 ENV LANGUAGE=${LANGUAGE}
 ENV LC_ALL=${LC_ALL}
 ENV COUNTRY=${COUNTRY}
+ENV DEBIAN_FRONTEND=noninteractive
 
 RUN sed -i 's/^Types: deb$/Types: deb deb-src/' /etc/apt/sources.list.d/debian.sources && \
     apt-get update && apt-get install -y \
-- 
2.49.1


From acd16340dcdd9dab1469a1b92ed8e3e94abc60d9 Mon Sep 17 00:00:00 2001
From: "info@pi-farm.de" <pi-farm@noreply.git.pi-farm.de>
Date: Thu, 2 Apr 2026 11:32:21 +0000
Subject: [PATCH 07/65] Dockerfile.aarch64 aktualisiert

---
 Dockerfile.aarch64 | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Dockerfile.aarch64 b/Dockerfile.aarch64
index 650604a..a2c01bd 100644
--- a/Dockerfile.aarch64
+++ b/Dockerfile.aarch64
@@ -18,6 +18,7 @@ ENV LANG=${LANG}
 ENV LANGUAGE=${LANGUAGE}
 ENV LC_ALL=${LC_ALL}
 ENV COUNTRY=${COUNTRY}
+ENV DEBIAN_FRONTEND=noninteractive
 
 RUN sed -i 's/^Types: deb$/Types: deb deb-src/' /etc/apt/sources.list.d/debian.sources && \
     apt-get update && apt-get install -y \
-- 
2.49.1


From f43f7d412646b782248d056319f2ffc04e411d0d Mon Sep 17 00:00:00 2001
From: "info@pi-farm.de" <pi-farm@noreply.git.pi-farm.de>
Date: Thu, 2 Apr 2026 11:35:46 +0000
Subject: [PATCH 08/65] Dockerfile aktualisiert

---
 Dockerfile | 32 ++++++++++++++++----------------
 1 file changed, 16 insertions(+), 16 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index a2c01bd..08ad64a 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,23 +1,23 @@
-ARG BASE_IMAGE=debian:bookworm
+ARG BUILD_BASE_IMAGE=debian:bookworm
 
-FROM ${BASE_IMAGE}
+FROM ${BUILD_BASE_IMAGE}
 
-ARG MAINTAINER
-ARG TZ
-ARG APP_NAME
-ARG LANG
-ARG LANGUAGE
-ARG LC_ALL
-ARG COUNTRY
+ARG BUILD_MAINTAINER
+ARG BUILD_TZ
+ARG BUILD_APP_NAME
+ARG BUILD_LANG
+ARG BUILD_LANGUAGE
+ARG BUILD_LC_ALL
+ARG BUILD_COUNTRY
 
-LABEL maintainer="${MAINTAINER}"
-LABEL org.opencontainers.image.title="${APP_NAME}"
+LABEL maintainer="${BUILD_MAINTAINER}"
+LABEL org.opencontainers.image.title="${BUILD_APP_NAME}"
 
-ENV TZ=${TZ}
-ENV LANG=${LANG}
-ENV LANGUAGE=${LANGUAGE}
-ENV LC_ALL=${LC_ALL}
-ENV COUNTRY=${COUNTRY}
+ENV TZ=${BUILD_TZ}
+ENV LANG=${BUILD_LANG}
+ENV LANGUAGE=${BUILD_LANGUAGE}
+ENV LC_ALL=${BUILD_LC_ALL}
+ENV COUNTRY=${BUILD_COUNTRY}
 ENV DEBIAN_FRONTEND=noninteractive
 
 RUN sed -i 's/^Types: deb$/Types: deb deb-src/' /etc/apt/sources.list.d/debian.sources && \
-- 
2.49.1


From 7e2122d58a9796a68d953621ce1a36c415ecf00e Mon Sep 17 00:00:00 2001
From: "info@pi-farm.de" <pi-farm@noreply.git.pi-farm.de>
Date: Thu, 2 Apr 2026 11:36:07 +0000
Subject: [PATCH 09/65] Dockerfile.aarch64 aktualisiert

---
 Dockerfile.aarch64 | 32 ++++++++++++++++----------------
 1 file changed, 16 insertions(+), 16 deletions(-)

diff --git a/Dockerfile.aarch64 b/Dockerfile.aarch64
index a2c01bd..08ad64a 100644
--- a/Dockerfile.aarch64
+++ b/Dockerfile.aarch64
@@ -1,23 +1,23 @@
-ARG BASE_IMAGE=debian:bookworm
+ARG BUILD_BASE_IMAGE=debian:bookworm
 
-FROM ${BASE_IMAGE}
+FROM ${BUILD_BASE_IMAGE}
 
-ARG MAINTAINER
-ARG TZ
-ARG APP_NAME
-ARG LANG
-ARG LANGUAGE
-ARG LC_ALL
-ARG COUNTRY
+ARG BUILD_MAINTAINER
+ARG BUILD_TZ
+ARG BUILD_APP_NAME
+ARG BUILD_LANG
+ARG BUILD_LANGUAGE
+ARG BUILD_LC_ALL
+ARG BUILD_COUNTRY
 
-LABEL maintainer="${MAINTAINER}"
-LABEL org.opencontainers.image.title="${APP_NAME}"
+LABEL maintainer="${BUILD_MAINTAINER}"
+LABEL org.opencontainers.image.title="${BUILD_APP_NAME}"
 
-ENV TZ=${TZ}
-ENV LANG=${LANG}
-ENV LANGUAGE=${LANGUAGE}
-ENV LC_ALL=${LC_ALL}
-ENV COUNTRY=${COUNTRY}
+ENV TZ=${BUILD_TZ}
+ENV LANG=${BUILD_LANG}
+ENV LANGUAGE=${BUILD_LANGUAGE}
+ENV LC_ALL=${BUILD_LC_ALL}
+ENV COUNTRY=${BUILD_COUNTRY}
 ENV DEBIAN_FRONTEND=noninteractive
 
 RUN sed -i 's/^Types: deb$/Types: deb deb-src/' /etc/apt/sources.list.d/debian.sources && \
-- 
2.49.1


From b6440422b81047889a3d5fb5b3a9fa00b9cc5d6d Mon Sep 17 00:00:00 2001
From: "info@pi-farm.de" <pi-farm@noreply.git.pi-farm.de>
Date: Thu, 2 Apr 2026 11:41:38 +0000
Subject: [PATCH 10/65] =?UTF-8?q?entrypoint.sh=20hinzugef=C3=BCgt?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 entrypoint.sh | 8 ++++++++
 1 file changed, 8 insertions(+)
 create mode 100644 entrypoint.sh

diff --git a/entrypoint.sh b/entrypoint.sh
new file mode 100644
index 0000000..6a22a5e
--- /dev/null
+++ b/entrypoint.sh
@@ -0,0 +1,8 @@
+#!/bin/sh
+service dbus start
+rm -f /var/lib/sss/db/*
+sssd -i &
+xrdp-sesman --nodaemon &
+xrdp --nodaemon &
+#service xrdp start
+tail -f /var/log/xrdp.log
-- 
2.49.1


From 31ff1fba2124612f2ebaa5c758c4ff89933bbb98 Mon Sep 17 00:00:00 2001
From: "info@pi-farm.de" <pi-farm@noreply.git.pi-farm.de>
Date: Thu, 2 Apr 2026 11:42:39 +0000
Subject: [PATCH 11/65] Dockerfile aktualisiert

---
 Dockerfile | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 08ad64a..a18bf82 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -86,12 +86,12 @@ BACKSPACE="guess"
 EOF \
     && dpkg-reconfigure -f noninteractive keyboard-configuration
 
-COPY config/pam/ /etc/pam.d/
-COPY config/nsswitch.conf /etc/nsswitch.conf
-COPY config/xrdp/ /etc/xrdp/
-COPY config/ldap/ /etc/ldap/
-COPY config/skel/ /etc/skel/
-COPY config/sudoers /etc/sudoers
+#COPY config/pam/ /etc/pam.d/
+#COPY config/nsswitch.conf /etc/nsswitch.conf
+#COPY config/xrdp/ /etc/xrdp/
+#COPY config/ldap/ /etc/ldap/
+#COPY config/skel/ /etc/skel/
+#COPY config/sudoers /etc/sudoers
 
 RUN chmod 440 /etc/sudoers && \
     mkdir -p /etc/sssd && chown root:root /etc/sssd && chmod 755 /etc/sssd && \
-- 
2.49.1


From 5d7049129c99a136c5c3cde8832bdc2a5f1a9ae8 Mon Sep 17 00:00:00 2001
From: "info@pi-farm.de" <pi-farm@noreply.git.pi-farm.de>
Date: Thu, 2 Apr 2026 11:42:50 +0000
Subject: [PATCH 12/65] Dockerfile.aarch64 aktualisiert

---
 Dockerfile.aarch64 | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/Dockerfile.aarch64 b/Dockerfile.aarch64
index 08ad64a..a18bf82 100644
--- a/Dockerfile.aarch64
+++ b/Dockerfile.aarch64
@@ -86,12 +86,12 @@ BACKSPACE="guess"
 EOF \
     && dpkg-reconfigure -f noninteractive keyboard-configuration
 
-COPY config/pam/ /etc/pam.d/
-COPY config/nsswitch.conf /etc/nsswitch.conf
-COPY config/xrdp/ /etc/xrdp/
-COPY config/ldap/ /etc/ldap/
-COPY config/skel/ /etc/skel/
-COPY config/sudoers /etc/sudoers
+#COPY config/pam/ /etc/pam.d/
+#COPY config/nsswitch.conf /etc/nsswitch.conf
+#COPY config/xrdp/ /etc/xrdp/
+#COPY config/ldap/ /etc/ldap/
+#COPY config/skel/ /etc/skel/
+#COPY config/sudoers /etc/sudoers
 
 RUN chmod 440 /etc/sudoers && \
     mkdir -p /etc/sssd && chown root:root /etc/sssd && chmod 755 /etc/sssd && \
-- 
2.49.1


From 6f3faf974182d7829b3461ed5226f1f0e217894b Mon Sep 17 00:00:00 2001
From: "info@pi-farm.de" <pi-farm@noreply.git.pi-farm.de>
Date: Thu, 2 Apr 2026 11:47:14 +0000
Subject: [PATCH 13/65] buildargs.env aktualisiert

---
 buildargs.env | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/buildargs.env b/buildargs.env
index 15df8ed..dce50c7 100644
--- a/buildargs.env
+++ b/buildargs.env
@@ -2,9 +2,9 @@
 BUILD_TAG=bookworm
 BUILD_TAG_LATEST=n
 BUILD_COUNTRY=de
-BUILD_LANG=
-BUILD_LANGUAGE=
-BUILD_LC_ALL=
+BUILD_LANG=de_DE.UTF-8
+BUILD_LANGUAGE=de_DE:de
+BUILD_LC_ALL=de_DE.UTF-8
 BUILD_TZ=Europe/Berlin
 BUILD_BASE_IMAGE=debian:${BUILD_TAG}
 BUILD_MAINTAINER=pi-farm
-- 
2.49.1


From 6d86cd3cb27187dc5d59467573e1c5dceb559488 Mon Sep 17 00:00:00 2001
From: "info@pi-farm.de" <pi-farm@noreply.git.pi-farm.de>
Date: Thu, 2 Apr 2026 11:50:54 +0000
Subject: [PATCH 14/65] Dockerfile aktualisiert

---
 Dockerfile | 10 ++--------
 1 file changed, 2 insertions(+), 8 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index a18bf82..d2ccecd 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -77,14 +77,8 @@ RUN sed -i 's/^Types: deb$/Types: deb deb-src/' /etc/apt/sources.list.d/debian.s
     update-locale LANG=${LANG} LANGUAGE=${LANGUAGE} LC_ALL=${LC_ALL} && \
     ln -fs /usr/share/zoneinfo/${TZ} /etc/localtime && \
     dpkg-reconfigure -f noninteractive tzdata && \
-    cat > /etc/default/keyboard <<'EOF'
-XKBMODEL="pc105"
-XKBLAYOUT="${COUNTRY}"
-XKBVARIANT=""
-XKBOPTIONS=""
-BACKSPACE="guess"
-EOF \
-    && dpkg-reconfigure -f noninteractive keyboard-configuration
+    printf 'XKBMODEL="pc105"\nXKBLAYOUT="%s"\nXKBVARIANT=""\nXKBOPTIONS=""\nBACKSPACE="guess"\n' "${COUNTRY}" > /etc/default/keyboard && \
+    dpkg-reconfigure -f noninteractive keyboard-configuration
 
 #COPY config/pam/ /etc/pam.d/
 #COPY config/nsswitch.conf /etc/nsswitch.conf
-- 
2.49.1


From fe021d16d3b4be69594119cf242f8fd912d16bbf Mon Sep 17 00:00:00 2001
From: "info@pi-farm.de" <pi-farm@noreply.git.pi-farm.de>
Date: Thu, 2 Apr 2026 11:51:25 +0000
Subject: [PATCH 15/65] Dockerfile.aarch64 aktualisiert

---
 Dockerfile.aarch64 | 10 ++--------
 1 file changed, 2 insertions(+), 8 deletions(-)

diff --git a/Dockerfile.aarch64 b/Dockerfile.aarch64
index a18bf82..d2ccecd 100644
--- a/Dockerfile.aarch64
+++ b/Dockerfile.aarch64
@@ -77,14 +77,8 @@ RUN sed -i 's/^Types: deb$/Types: deb deb-src/' /etc/apt/sources.list.d/debian.s
     update-locale LANG=${LANG} LANGUAGE=${LANGUAGE} LC_ALL=${LC_ALL} && \
     ln -fs /usr/share/zoneinfo/${TZ} /etc/localtime && \
     dpkg-reconfigure -f noninteractive tzdata && \
-    cat > /etc/default/keyboard <<'EOF'
-XKBMODEL="pc105"
-XKBLAYOUT="${COUNTRY}"
-XKBVARIANT=""
-XKBOPTIONS=""
-BACKSPACE="guess"
-EOF \
-    && dpkg-reconfigure -f noninteractive keyboard-configuration
+    printf 'XKBMODEL="pc105"\nXKBLAYOUT="%s"\nXKBVARIANT=""\nXKBOPTIONS=""\nBACKSPACE="guess"\n' "${COUNTRY}" > /etc/default/keyboard && \
+    dpkg-reconfigure -f noninteractive keyboard-configuration
 
 #COPY config/pam/ /etc/pam.d/
 #COPY config/nsswitch.conf /etc/nsswitch.conf
-- 
2.49.1


From 974c13c2f44db905c1433b77e312b5549986ccb6 Mon Sep 17 00:00:00 2001
From: "info@pi-farm.de" <pi-farm@noreply.git.pi-farm.de>
Date: Thu, 2 Apr 2026 11:58:09 +0000
Subject: [PATCH 16/65] Dockerfile aktualisiert

---
 Dockerfile | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index d2ccecd..4e63613 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -72,9 +72,9 @@ RUN sed -i 's/^Types: deb$/Types: deb deb-src/' /etc/apt/sources.list.d/debian.s
     apt-get remove -y build-essential dpkg-dev meson ninja-build autoconf libtool && \
     apt-get autoremove -y && \
     rm -rf /var/lib/apt/lists/* && \
-    sed -i 's/^# ${LANG} UTF-8/${LANG} UTF-8/' /etc/locale.gen && \
-    locale-gen && \
-    update-locale LANG=${LANG} LANGUAGE=${LANGUAGE} LC_ALL=${LC_ALL} && \
+    echo "${LANG} UTF-8" > /etc/locale.gen && \
+    locale-gen ${LANG} && \
+    update-locale LANG=${LANG} LANGUAGE=${LANGUAGE} && \
     ln -fs /usr/share/zoneinfo/${TZ} /etc/localtime && \
     dpkg-reconfigure -f noninteractive tzdata && \
     printf 'XKBMODEL="pc105"\nXKBLAYOUT="%s"\nXKBVARIANT=""\nXKBOPTIONS=""\nBACKSPACE="guess"\n' "${COUNTRY}" > /etc/default/keyboard && \
-- 
2.49.1


From 8f54a9d35c161d50f86f18c5b523958bf6ca24eb Mon Sep 17 00:00:00 2001
From: "info@pi-farm.de" <pi-farm@noreply.git.pi-farm.de>
Date: Thu, 2 Apr 2026 11:58:21 +0000
Subject: [PATCH 17/65] Dockerfile.aarch64 aktualisiert

---
 Dockerfile.aarch64 | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/Dockerfile.aarch64 b/Dockerfile.aarch64
index d2ccecd..4e63613 100644
--- a/Dockerfile.aarch64
+++ b/Dockerfile.aarch64
@@ -72,9 +72,9 @@ RUN sed -i 's/^Types: deb$/Types: deb deb-src/' /etc/apt/sources.list.d/debian.s
     apt-get remove -y build-essential dpkg-dev meson ninja-build autoconf libtool && \
     apt-get autoremove -y && \
     rm -rf /var/lib/apt/lists/* && \
-    sed -i 's/^# ${LANG} UTF-8/${LANG} UTF-8/' /etc/locale.gen && \
-    locale-gen && \
-    update-locale LANG=${LANG} LANGUAGE=${LANGUAGE} LC_ALL=${LC_ALL} && \
+    echo "${LANG} UTF-8" > /etc/locale.gen && \
+    locale-gen ${LANG} && \
+    update-locale LANG=${LANG} LANGUAGE=${LANGUAGE} && \
     ln -fs /usr/share/zoneinfo/${TZ} /etc/localtime && \
     dpkg-reconfigure -f noninteractive tzdata && \
     printf 'XKBMODEL="pc105"\nXKBLAYOUT="%s"\nXKBVARIANT=""\nXKBOPTIONS=""\nBACKSPACE="guess"\n' "${COUNTRY}" > /etc/default/keyboard && \
-- 
2.49.1


From d23afb58ce81eb333eda8815da84da208f5d5c79 Mon Sep 17 00:00:00 2001
From: Gitea Action <action@pi-farm.de>
Date: Thu, 2 Apr 2026 12:15:23 +0000
Subject: [PATCH 18/65]  [skip ci]

---
 README.md          | 55 +++++++++++++++++++++++++++++++++++++---------
 VERSION.history    |  1 +
 docker-compose.yml | 10 +++++++++
 3 files changed, 56 insertions(+), 10 deletions(-)

diff --git a/README.md b/README.md
index f452a48..eb62436 100644
--- a/README.md
+++ b/README.md
@@ -1,16 +1,51 @@
-# Projekt: {{.RepoName}} [![Build Status](https://git.pi-farm.de/{{.Owner.Name}}/{{.RepoName}}/actions/workflows/build-and-push.yaml/badge.svg)](https://git.pi-farm.de/{{.Owner.Name}}/{{.RepoName}}/actions)
+# baseimage-debian-rdp-ldap
+Debian Desktop with LDAP-Auth to use with Guacamole as RDP-destination
+
+[![Build Status](https://git.pi-farm.de/pi-farm/baseimage-debian-rdp-ldap/actions/workflows/build-and-push.yaml/badge.svg)](https://git.pi-farm.de/pi-farm/baseimage-debian-rdp-ldap/actions)
+[![Gitea Repo](https://img.shields.io/badge/gitea-repository-blue?logo=gitea&logoColor=white)](__REPO_URL__)
 
 This repository is built and pushed automatically.
 
-### 🏗️ Platform Support
-| Architecture | Status | Base-Image |
-| :--- | :--- | :--- |
-| **x86_64** (amd64) | ✅ Active | `__BASE_IMAGE__` |
-| **aarch64** (arm64) | __ARM_STATUS__ | `__BASE_IMAGE__` |
 
-### 🚀 Docker Pull Command
+
+### 🏗️ Platform Support
+| Architecture | Status | Base Image | Build Date |
+| :--- | :--- | :--- | :--- |
+| x86_64 (amd64) | ✅ Active | debian:bookworm | 02.04.2026 14:15 |
+| aarch64 (arm64) | ✅ Active | debian:bookworm | 02.04.2026 14:15 |
+
+### 🚀 Docker Pull
 ```bash
-docker pull git.pi-farm.de/{{.Owner.Name}}/{{.RepoName}}:latest
+docker pull git.pi-farm.de/pi-farm/baseimage-debian-rdp-ldap:bookworm
 ```
----
-*Last updated on: __DATE__*
+### 🚀 Docker Compose
+```yaml
+services:
+  baseimage-debian-rdp-ldap:
+    image: git.pi-farm.de/pi-farm/baseimage-debian-rdp-ldap:bookworm
+    container_name: baseimage-debian-rdp-ldap
+    restart: unless-stopped
+    ports:
+      - 3889
+
+    volumes:
+      - ./sssd.conf:/etc/sssd/sssd.conf:ro
+      - ./home:/home
+```
+### 🚀 Docker Run
+```bash
+docker run -d \
+  --name baseimage-debian-rdp-ldap \
+  --restart unless-stopped \
+  -v ./sssd.conf:/etc/sssd/sssd.conf:ro \
+  -v ./home:/home \
+  -p 3889 \
+  git.pi-farm.de/pi-farm/baseimage-debian-rdp-ldap:bookworm
+```
+
+*Last updated on: 02.04.2026 14:15*
+
+### 📜 Version History
+| Version | Date | Status |
+| :--- | :--- | :--- |
+| **bookworm** | 02.04.2026 14:15 |  ✅ |
diff --git a/VERSION.history b/VERSION.history
index e69de29..4aeeb29 100644
--- a/VERSION.history
+++ b/VERSION.history
@@ -0,0 +1 @@
+| **bookworm** | 02.04.2026 14:15 |  ✅ |
diff --git a/docker-compose.yml b/docker-compose.yml
index 8b13789..f71140c 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1 +1,11 @@
+services:
+  baseimage-debian-rdp-ldap:
+    image: git.pi-farm.de/pi-farm/baseimage-debian-rdp-ldap:bookworm
+    container_name: baseimage-debian-rdp-ldap
+    restart: unless-stopped
+    ports:
+      - 3889
 
+    volumes:
+      - ./sssd.conf:/etc/sssd/sssd.conf:ro
+      - ./home:/home
-- 
2.49.1


From 3b7766e17b52cdf3d471eda9e032e77756157830 Mon Sep 17 00:00:00 2001
From: "info@pi-farm.de" <pi-farm@noreply.git.pi-farm.de>
Date: Thu, 2 Apr 2026 13:15:16 +0000
Subject: [PATCH 19/65] buildargs.env aktualisiert

---
 buildargs.env | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/buildargs.env b/buildargs.env
index dce50c7..249879e 100644
--- a/buildargs.env
+++ b/buildargs.env
@@ -1,12 +1,12 @@
 ## BUILD STAGE
-BUILD_TAG=bookworm
-BUILD_TAG_LATEST=n
+BUILD_BASE_IMAGE=debian:bookworm
 BUILD_COUNTRY=de
+BUILD_TAG=bookworm-${BUILD_COUNTRY}
+BUILD_TAG_LATEST=n
 BUILD_LANG=de_DE.UTF-8
 BUILD_LANGUAGE=de_DE:de
 BUILD_LC_ALL=de_DE.UTF-8
 BUILD_TZ=Europe/Berlin
-BUILD_BASE_IMAGE=debian:${BUILD_TAG}
 BUILD_MAINTAINER=pi-farm
 BUILD_APP_NAME=baseimage-debian-rdp-ldap
 BUILD_APP_VERSION=${BUILD_TAG}-${COUNTRY}
-- 
2.49.1


From 0fb3a0e28d5d385ae47dce7cacbbd13eff17c8f0 Mon Sep 17 00:00:00 2001
From: Gitea Action <action@pi-farm.de>
Date: Thu, 2 Apr 2026 13:37:53 +0000
Subject: [PATCH 20/65]  [skip ci]

---
 README.md          | 13 +++++++------
 VERSION.history    |  1 +
 docker-compose.yml |  2 +-
 3 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/README.md b/README.md
index eb62436..d35cb17 100644
--- a/README.md
+++ b/README.md
@@ -11,18 +11,18 @@ This repository is built and pushed automatically.
 ### 🏗️ Platform Support
 | Architecture | Status | Base Image | Build Date |
 | :--- | :--- | :--- | :--- |
-| x86_64 (amd64) | ✅ Active | debian:bookworm | 02.04.2026 14:15 |
-| aarch64 (arm64) | ✅ Active | debian:bookworm | 02.04.2026 14:15 |
+| x86_64 (amd64) | ✅ Active | debian:bookworm | 02.04.2026 15:37 |
+| aarch64 (arm64) | ✅ Active | debian:bookworm | 02.04.2026 15:37 |
 
 ### 🚀 Docker Pull
 ```bash
-docker pull git.pi-farm.de/pi-farm/baseimage-debian-rdp-ldap:bookworm
+docker pull git.pi-farm.de/pi-farm/baseimage-debian-rdp-ldap:bookworm-de
 ```
 ### 🚀 Docker Compose
 ```yaml
 services:
   baseimage-debian-rdp-ldap:
-    image: git.pi-farm.de/pi-farm/baseimage-debian-rdp-ldap:bookworm
+    image: git.pi-farm.de/pi-farm/baseimage-debian-rdp-ldap:bookworm-de
     container_name: baseimage-debian-rdp-ldap
     restart: unless-stopped
     ports:
@@ -40,12 +40,13 @@ docker run -d \
   -v ./sssd.conf:/etc/sssd/sssd.conf:ro \
   -v ./home:/home \
   -p 3889 \
-  git.pi-farm.de/pi-farm/baseimage-debian-rdp-ldap:bookworm
+  git.pi-farm.de/pi-farm/baseimage-debian-rdp-ldap:bookworm-de
 ```
 
-*Last updated on: 02.04.2026 14:15*
+*Last updated on: 02.04.2026 15:37*
 
 ### 📜 Version History
 | Version | Date | Status |
 | :--- | :--- | :--- |
+| **bookworm-de** | 02.04.2026 15:37 |  ✅ |
 | **bookworm** | 02.04.2026 14:15 |  ✅ |
diff --git a/VERSION.history b/VERSION.history
index 4aeeb29..92ba601 100644
--- a/VERSION.history
+++ b/VERSION.history
@@ -1 +1,2 @@
+| **bookworm-de** | 02.04.2026 15:37 |  ✅ |
 | **bookworm** | 02.04.2026 14:15 |  ✅ |
diff --git a/docker-compose.yml b/docker-compose.yml
index f71140c..2a21bce 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,6 +1,6 @@
 services:
   baseimage-debian-rdp-ldap:
-    image: git.pi-farm.de/pi-farm/baseimage-debian-rdp-ldap:bookworm
+    image: git.pi-farm.de/pi-farm/baseimage-debian-rdp-ldap:bookworm-de
     container_name: baseimage-debian-rdp-ldap
     restart: unless-stopped
     ports:
-- 
2.49.1


From d89a2251fda17b24a9f9f35205be356860fbd63a Mon Sep 17 00:00:00 2001
From: "info@pi-farm.de" <pi-farm@noreply.git.pi-farm.de>
Date: Thu, 2 Apr 2026 13:38:51 +0000
Subject: [PATCH 21/65] =?UTF-8?q?sssd.conf=20hinzugef=C3=BCgt?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 sssd.conf | 35 +++++++++++++++++++++++++++++++++++
 1 file changed, 35 insertions(+)
 create mode 100644 sssd.conf

diff --git a/sssd.conf b/sssd.conf
new file mode 100644
index 0000000..75cccd8
--- /dev/null
+++ b/sssd.conf
@@ -0,0 +1,35 @@
+[sssd]
+domains = LDAP
+services = nss, pam
+config_file_version = 2
+debug_level = 9
+
+[domain/LDAP]
+id_provider = ldap
+auth_provider = ldap
+chpass_provider = ldap
+ldap_schema = $(LDAP_SCHEMA)
+ldap_auth_disable_tls_never_use_in_production = $(LDAP_AUTH_DISABLE_TLS)
+autofs_provider = ldap
+access_provider = simple
+
+ldap_uri = ldap://$(LDAP_URI)
+ldap_default_bind_dn = cn=$(LDAP_BIND_USER),$(LDAP_DOMAIN_DC)
+ldap_default_authtok = $(LDAP_BIND_PASSWORD)
+
+ldap_search_base = $(LDAP_SEARCH_BASE)
+ldap_user_search_base = $(LDAP_USER_SEARCH_BASE)
+ldap_group_search_base = $(LDAP_GROUP_SEARCH_BASE)
+ldap_user_password_attribute = $(LDAP_USER_PASSWORD_ATTRIBUTE)
+ldap_user_object_class = $(LDAP_USER_OBJECT_CLASS)
+ldap_user_name = $(LDAP_USER_NAME)
+ldap_user_dn_attribute = $(LDAP_USER_DN_ATTRIBUTE)
+ldap_group_object_class = $(LDAP_GROUP_OBJECTS_CLASS)
+ldap_id_use_start_tls = $(LDAP_ID_USE_START_TLS)
+ldap_auth_use_start_tls = $(LDAP_AUTH_USE_START_TLS)
+ldap_tls_reqcert = $(LDAP_TLS_REQCERT)
+
+simple_allow_groups = $(LDAP_SIMPLE_ALLOW_GROUPS)
+
+enumerate = True
+cache_credentials = True
\ No newline at end of file
-- 
2.49.1


From 2440afaebf319f1db3c23bc7d311e8859ff1706f Mon Sep 17 00:00:00 2001
From: "info@pi-farm.de" <pi-farm@noreply.git.pi-farm.de>
Date: Thu, 2 Apr 2026 13:40:16 +0000
Subject: [PATCH 22/65] sssd.conf aktualisiert

---
 sssd.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sssd.conf b/sssd.conf
index 75cccd8..05e1925 100644
--- a/sssd.conf
+++ b/sssd.conf
@@ -2,7 +2,7 @@
 domains = LDAP
 services = nss, pam
 config_file_version = 2
-debug_level = 9
+debug_level = $(SSSD_DEBUG_LEVEL)
 
 [domain/LDAP]
 id_provider = ldap
-- 
2.49.1


From b3381074becfc398caa78c673d3dda8ef88b6bc1 Mon Sep 17 00:00:00 2001
From: "info@pi-farm.de" <pi-farm@noreply.git.pi-farm.de>
Date: Thu, 2 Apr 2026 13:46:00 +0000
Subject: [PATCH 23/65] buildargs.env aktualisiert

---
 buildargs.env | 21 ++++++++++++++++++++-
 1 file changed, 20 insertions(+), 1 deletion(-)

diff --git a/buildargs.env b/buildargs.env
index 249879e..d2129ad 100644
--- a/buildargs.env
+++ b/buildargs.env
@@ -10,9 +10,28 @@ BUILD_TZ=Europe/Berlin
 BUILD_MAINTAINER=pi-farm
 BUILD_APP_NAME=baseimage-debian-rdp-ldap
 BUILD_APP_VERSION=${BUILD_TAG}-${COUNTRY}
+PUSH=gitea
 ## ENV STAGE
+ENV_SSSD_DEBUG_LEVEL
+ENV_LDAP_SCHEMA
+ENV_LDAP_AUTH_DISABLE_TLS
+ENV_LDAP_SERVER_URI
+ENV_LDAP_BIND_USER
+ENV_LDAP_DOMAIN_DC
+ENV_LDAP_BIND_PASSWORD
+ENV_LDAP_SEARCH_BASE
+ENV_LDAP_USER_SEARCH_BASE
+ENV_LDAP_GROUP_SEARCH_BASE
+ENV_LDAP_USER_PASSWORD_ATTRIBUTE
+ENV_LDAP_USER_OBJECT_CLASS
+ENV_LDAP_USER_NAME
+ENV_LDAP_USER_DN_ATTRIBUTE
+ENV_LDAP_GROUP_OBJECTS_CLASS
+ENV_LDAP_ID_USE_START_TLS
+ENV_LDAP_AUTH_USE_START_TLS
+ENV_LDAP_TLS_REQCERT
+ENV_LDAP_SIMPLE_ALLOW_GROUPS
 VOL_CONFIG=./sssd.conf:/etc/sssd/sssd.conf:ro
 VOL_HOME=./home:/home
 PORT_WEB=3889
-PUSH=gitea
 DESCRIPTION="Debian Desktop with LDAP-Auth to use with Guacamole as RDP-destination"
\ No newline at end of file
-- 
2.49.1


From 73a6ca5177e169130432f0bf7fc50756da29fdf6 Mon Sep 17 00:00:00 2001
From: "info@pi-farm.de" <pi-farm@noreply.git.pi-farm.de>
Date: Thu, 2 Apr 2026 14:14:47 +0000
Subject: [PATCH 24/65] .gitea/workflows/build-and-push.yaml aktualisiert

---
 .gitea/workflows/build-and-push.yaml | 31 ++++++++++++++++------------
 1 file changed, 18 insertions(+), 13 deletions(-)

diff --git a/.gitea/workflows/build-and-push.yaml b/.gitea/workflows/build-and-push.yaml
index 2bf286d..7351697 100644
--- a/.gitea/workflows/build-and-push.yaml
+++ b/.gitea/workflows/build-and-push.yaml
@@ -129,32 +129,37 @@ jobs:
           
           BASE_SHA=$(docker buildx imagetools inspect $BASE --format '{{json .Manifest.Digest}}' 2>/dev/null | tr -d '"' || echo "unknown")
 
-          AMD_TAGS=("-t" "$IMAGE_GITEA:tmp-amd64")
-          ARM_TAGS=("-t" "$IMAGE_GITEA:tmp-arm64")
-
-          if [[ "$PUSH" == *"dockerhub"* ]]; then
-            DOCKERHUB_REPO="${{ secrets.DOCKERHUB_USERNAME }}/$REPO_PURE"
-            AMD_TAGS+=("-t" "$DOCKERHUB_REPO:tmp-amd64")
-            ARM_TAGS+=("-t" "$DOCKERHUB_REPO:tmp-arm64")
-          fi
-
-          docker buildx build "${DOCKER_ARGS[@]}" "${AMD_TAGS[@]}" \
+          # 1. Architektur-spezifische Builds pushen
+          docker buildx build "${DOCKER_ARGS[@]}" -t "$IMAGE_GITEA:tmp-amd64" \
             --pull --platform linux/amd64 -f Dockerfile \
             --label "pi_farm.base_digest=$BASE_SHA" --label "pi_farm.args_hash=$ARGS_HASH" --push .
           
-          docker buildx build "${DOCKER_ARGS[@]}" "${ARM_TAGS[@]}" \
+          docker buildx build "${DOCKER_ARGS[@]}" -t "$IMAGE_GITEA:tmp-arm64" \
             --pull --platform linux/arm64 -f Dockerfile.aarch64 \
             --label "pi_farm.base_digest=$BASE_SHA" --label "pi_farm.args_hash=$ARGS_HASH" --push .
           
+          # 2. Multi-Arch Manifest für Gitea erstellen
+          # Wir bauen ein Array für die Tags
+          GITEA_MANIFEST_TAGS=("-t" "$IMAGE_GITEA:$TAG")
+          if [[ "$BUILD_TAG_LATEST" == "y" ]]; then
+            GITEA_MANIFEST_TAGS+=("-t" "$IMAGE_GITEA:latest")
+          fi
+
           docker buildx imagetools create \
             --annotation "index:pi_farm.base_digest=$BASE_SHA" --annotation "index:pi_farm.args_hash=$ARGS_HASH" \
-            -t $IMAGE_GITEA:$TAG -t $IMAGE_GITEA:latest $IMAGE_GITEA:tmp-amd64 $IMAGE_GITEA:tmp-arm64
+            "${GITEA_MANIFEST_TAGS[@]}" $IMAGE_GITEA:tmp-amd64 $IMAGE_GITEA:tmp-arm64
 
+          # 3. Multi-Arch Manifest für Docker Hub (optional)
           if [[ "$PUSH" == *"dockerhub"* ]]; then
             DOCKERHUB_REPO="${{ secrets.DOCKERHUB_USERNAME }}/$REPO_PURE"
+            DH_MANIFEST_TAGS=("-t" "$DOCKERHUB_REPO:$TAG")
+            if [[ "$BUILD_TAG_LATEST" == "y" ]]; then
+              DH_MANIFEST_TAGS+=("-t" "$DOCKERHUB_REPO:latest")
+            fi
+
             docker buildx imagetools create \
               --annotation "index:pi_farm.base_digest=$BASE_SHA" --annotation "index:pi_farm.args_hash=$ARGS_HASH" \
-              -t $DOCKERHUB_REPO:$TAG -t $DOCKERHUB_REPO:latest $IMAGE_GITEA:tmp-amd64 $IMAGE_GITEA:tmp-arm64
+              "${DH_MANIFEST_TAGS[@]}" $IMAGE_GITEA:tmp-amd64 $IMAGE_GITEA:tmp-arm64
           fi
 
       - name: Update Documentation and Compose
-- 
2.49.1


From b6947ba441e6cbb317a84656713ba7106b19ed91 Mon Sep 17 00:00:00 2001
From: "info@pi-farm.de" <pi-farm@noreply.git.pi-farm.de>
Date: Thu, 2 Apr 2026 14:25:38 +0000
Subject: [PATCH 25/65] buildargs.env aktualisiert

---
 buildargs.env | 38 +++++++++++++++++++-------------------
 1 file changed, 19 insertions(+), 19 deletions(-)

diff --git a/buildargs.env b/buildargs.env
index d2129ad..13d3d5c 100644
--- a/buildargs.env
+++ b/buildargs.env
@@ -12,25 +12,25 @@ BUILD_APP_NAME=baseimage-debian-rdp-ldap
 BUILD_APP_VERSION=${BUILD_TAG}-${COUNTRY}
 PUSH=gitea
 ## ENV STAGE
-ENV_SSSD_DEBUG_LEVEL
-ENV_LDAP_SCHEMA
-ENV_LDAP_AUTH_DISABLE_TLS
-ENV_LDAP_SERVER_URI
-ENV_LDAP_BIND_USER
-ENV_LDAP_DOMAIN_DC
-ENV_LDAP_BIND_PASSWORD
-ENV_LDAP_SEARCH_BASE
-ENV_LDAP_USER_SEARCH_BASE
-ENV_LDAP_GROUP_SEARCH_BASE
-ENV_LDAP_USER_PASSWORD_ATTRIBUTE
-ENV_LDAP_USER_OBJECT_CLASS
-ENV_LDAP_USER_NAME
-ENV_LDAP_USER_DN_ATTRIBUTE
-ENV_LDAP_GROUP_OBJECTS_CLASS
-ENV_LDAP_ID_USE_START_TLS
-ENV_LDAP_AUTH_USE_START_TLS
-ENV_LDAP_TLS_REQCERT
-ENV_LDAP_SIMPLE_ALLOW_GROUPS
+ENV_SSSD_DEBUG_LEVEL=9
+ENV_LDAP_SCHEMA=rfc2307
+ENV_LDAP_AUTH_DISABLE_TLS=true
+ENV_LDAP_SERVER_URI=URL-OF-YOUR-LDAP-SERVER
+ENV_LDAP_BIND_USER=admin
+ENV_LDAP_DOMAIN_DC=dc=YOUR-DOMAIN,dc=COM
+ENV_LDAP_BIND_PASSWORD=YOUR-SUPER-SECRET-PASSWORD
+ENV_LDAP_SEARCH_BASE=dc=YOUR-DOMAIN,dc=COM
+ENV_LDAP_USER_SEARCH_BASE=ou=users,dc=YOUR-DOMAIN,dc=COM
+ENV_LDAP_GROUP_SEARCH_BASE=dc=YOUR-DOMAIN,dc=COM
+ENV_LDAP_USER_PASSWORD_ATTRIBUTE=userPassword
+ENV_LDAP_USER_OBJECT_CLASS=posixAccount
+ENV_LDAP_USER_NAME=uid
+ENV_LDAP_USER_DN_ATTRIBUTE=cn
+ENV_LDAP_GROUP_OBJECTS_CLASS=posixGroup
+ENV_LDAP_ID_USE_START_TLS=false
+ENV_LDAP_AUTH_USE_START_TLS=false
+ENV_LDAP_TLS_REQCERT=never
+ENV_LDAP_SIMPLE_ALLOW_GROUPS=users
 VOL_CONFIG=./sssd.conf:/etc/sssd/sssd.conf:ro
 VOL_HOME=./home:/home
 PORT_WEB=3889
-- 
2.49.1


From a8d1cff764567afe932ce0f3df4b8287ab604d06 Mon Sep 17 00:00:00 2001
From: Gitea Action <action@pi-farm.de>
Date: Thu, 2 Apr 2026 14:44:14 +0000
Subject: [PATCH 26/65]  [skip ci]

---
 README.md          | 47 ++++++++++++++++++++++++++++++++++++++++++----
 VERSION.history    |  1 +
 docker-compose.yml | 21 ++++++++++++++++++++-
 3 files changed, 64 insertions(+), 5 deletions(-)

diff --git a/README.md b/README.md
index d35cb17..40f5de8 100644
--- a/README.md
+++ b/README.md
@@ -11,8 +11,8 @@ This repository is built and pushed automatically.
 ### 🏗️ Platform Support
 | Architecture | Status | Base Image | Build Date |
 | :--- | :--- | :--- | :--- |
-| x86_64 (amd64) | ✅ Active | debian:bookworm | 02.04.2026 15:37 |
-| aarch64 (arm64) | ✅ Active | debian:bookworm | 02.04.2026 15:37 |
+| x86_64 (amd64) | ✅ Active | debian:bookworm | 02.04.2026 16:44 |
+| aarch64 (arm64) | ✅ Active | debian:bookworm | 02.04.2026 16:44 |
 
 ### 🚀 Docker Pull
 ```bash
@@ -27,7 +27,26 @@ services:
     restart: unless-stopped
     ports:
       - 3889
-
+    environment:
+      - SSSD_DEBUG_LEVEL=9
+      - LDAP_SCHEMA=rfc2307
+      - LDAP_AUTH_DISABLE_TLS=true
+      - LDAP_SERVER_URI=URL-OF-YOUR-LDAP-SERVER
+      - LDAP_BIND_USER=admin
+      - LDAP_DOMAIN_DC=dc=YOUR-DOMAIN,dc=COM
+      - LDAP_BIND_PASSWORD=YOUR-SUPER-SECRET-PASSWORD
+      - LDAP_SEARCH_BASE=dc=YOUR-DOMAIN,dc=COM
+      - LDAP_USER_SEARCH_BASE=ou=users,dc=YOUR-DOMAIN,dc=COM
+      - LDAP_GROUP_SEARCH_BASE=dc=YOUR-DOMAIN,dc=COM
+      - LDAP_USER_PASSWORD_ATTRIBUTE=userPassword
+      - LDAP_USER_OBJECT_CLASS=posixAccount
+      - LDAP_USER_NAME=uid
+      - LDAP_USER_DN_ATTRIBUTE=cn
+      - LDAP_GROUP_OBJECTS_CLASS=posixGroup
+      - LDAP_ID_USE_START_TLS=false
+      - LDAP_AUTH_USE_START_TLS=false
+      - LDAP_TLS_REQCERT=never
+      - LDAP_SIMPLE_ALLOW_GROUPS=users
     volumes:
       - ./sssd.conf:/etc/sssd/sssd.conf:ro
       - ./home:/home
@@ -37,16 +56,36 @@ services:
 docker run -d \
   --name baseimage-debian-rdp-ldap \
   --restart unless-stopped \
+  -e SSSD_DEBUG_LEVEL=9 \
+  -e LDAP_SCHEMA=rfc2307 \
+  -e LDAP_AUTH_DISABLE_TLS=true \
+  -e LDAP_SERVER_URI=URL-OF-YOUR-LDAP-SERVER \
+  -e LDAP_BIND_USER=admin \
+  -e LDAP_DOMAIN_DC=dc=YOUR-DOMAIN,dc=COM \
+  -e LDAP_BIND_PASSWORD=YOUR-SUPER-SECRET-PASSWORD \
+  -e LDAP_SEARCH_BASE=dc=YOUR-DOMAIN,dc=COM \
+  -e LDAP_USER_SEARCH_BASE=ou=users,dc=YOUR-DOMAIN,dc=COM \
+  -e LDAP_GROUP_SEARCH_BASE=dc=YOUR-DOMAIN,dc=COM \
+  -e LDAP_USER_PASSWORD_ATTRIBUTE=userPassword \
+  -e LDAP_USER_OBJECT_CLASS=posixAccount \
+  -e LDAP_USER_NAME=uid \
+  -e LDAP_USER_DN_ATTRIBUTE=cn \
+  -e LDAP_GROUP_OBJECTS_CLASS=posixGroup \
+  -e LDAP_ID_USE_START_TLS=false \
+  -e LDAP_AUTH_USE_START_TLS=false \
+  -e LDAP_TLS_REQCERT=never \
+  -e LDAP_SIMPLE_ALLOW_GROUPS=users \
   -v ./sssd.conf:/etc/sssd/sssd.conf:ro \
   -v ./home:/home \
   -p 3889 \
   git.pi-farm.de/pi-farm/baseimage-debian-rdp-ldap:bookworm-de
 ```
 
-*Last updated on: 02.04.2026 15:37*
+*Last updated on: 02.04.2026 16:44*
 
 ### 📜 Version History
 | Version | Date | Status |
 | :--- | :--- | :--- |
+| **bookworm-de** | 02.04.2026 16:44 |  ✅ |
 | **bookworm-de** | 02.04.2026 15:37 |  ✅ |
 | **bookworm** | 02.04.2026 14:15 |  ✅ |
diff --git a/VERSION.history b/VERSION.history
index 92ba601..6db03fa 100644
--- a/VERSION.history
+++ b/VERSION.history
@@ -1,2 +1,3 @@
+| **bookworm-de** | 02.04.2026 16:44 |  ✅ |
 | **bookworm-de** | 02.04.2026 15:37 |  ✅ |
 | **bookworm** | 02.04.2026 14:15 |  ✅ |
diff --git a/docker-compose.yml b/docker-compose.yml
index 2a21bce..e382d88 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -5,7 +5,26 @@ services:
     restart: unless-stopped
     ports:
       - 3889
-
+    environment:
+      - SSSD_DEBUG_LEVEL=9
+      - LDAP_SCHEMA=rfc2307
+      - LDAP_AUTH_DISABLE_TLS=true
+      - LDAP_SERVER_URI=URL-OF-YOUR-LDAP-SERVER
+      - LDAP_BIND_USER=admin
+      - LDAP_DOMAIN_DC=dc=YOUR-DOMAIN,dc=COM
+      - LDAP_BIND_PASSWORD=YOUR-SUPER-SECRET-PASSWORD
+      - LDAP_SEARCH_BASE=dc=YOUR-DOMAIN,dc=COM
+      - LDAP_USER_SEARCH_BASE=ou=users,dc=YOUR-DOMAIN,dc=COM
+      - LDAP_GROUP_SEARCH_BASE=dc=YOUR-DOMAIN,dc=COM
+      - LDAP_USER_PASSWORD_ATTRIBUTE=userPassword
+      - LDAP_USER_OBJECT_CLASS=posixAccount
+      - LDAP_USER_NAME=uid
+      - LDAP_USER_DN_ATTRIBUTE=cn
+      - LDAP_GROUP_OBJECTS_CLASS=posixGroup
+      - LDAP_ID_USE_START_TLS=false
+      - LDAP_AUTH_USE_START_TLS=false
+      - LDAP_TLS_REQCERT=never
+      - LDAP_SIMPLE_ALLOW_GROUPS=users
     volumes:
       - ./sssd.conf:/etc/sssd/sssd.conf:ro
       - ./home:/home
-- 
2.49.1


From aafc7ae5e28bc6664a65e28179ab47e681072d1f Mon Sep 17 00:00:00 2001
From: "info@pi-farm.de" <pi-farm@noreply.git.pi-farm.de>
Date: Thu, 2 Apr 2026 14:48:20 +0000
Subject: [PATCH 27/65] buildargs.env aktualisiert

---
 buildargs.env | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/buildargs.env b/buildargs.env
index 13d3d5c..798f532 100644
--- a/buildargs.env
+++ b/buildargs.env
@@ -2,7 +2,7 @@
 BUILD_BASE_IMAGE=debian:bookworm
 BUILD_COUNTRY=de
 BUILD_TAG=bookworm-${BUILD_COUNTRY}
-BUILD_TAG_LATEST=n
+BUILD_TAG_LATEST=y
 BUILD_LANG=de_DE.UTF-8
 BUILD_LANGUAGE=de_DE:de
 BUILD_LC_ALL=de_DE.UTF-8
-- 
2.49.1


From b6c5ff37e9f7a87529d8a7ba57e34882261c95a7 Mon Sep 17 00:00:00 2001
From: "info@pi-farm.de" <pi-farm@noreply.git.pi-farm.de>
Date: Thu, 2 Apr 2026 15:05:43 +0000
Subject: [PATCH 28/65] =?UTF-8?q?home/.gitkeep=20hinzugef=C3=BCgt?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 home/.gitkeep | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 create mode 100644 home/.gitkeep

diff --git a/home/.gitkeep b/home/.gitkeep
new file mode 100644
index 0000000..e69de29
-- 
2.49.1


From 7bb0de63d3c6a1637be60d3c3361530790cf303c Mon Sep 17 00:00:00 2001
From: "info@pi-farm.de" <pi-farm@noreply.git.pi-farm.de>
Date: Thu, 2 Apr 2026 15:07:28 +0000
Subject: [PATCH 29/65] .gitignore aktualisiert

---
 .gitignore | 9 ++-------
 1 file changed, 2 insertions(+), 7 deletions(-)

diff --git a/.gitignore b/.gitignore
index 430d480..41213cb 100644
--- a/.gitignore
+++ b/.gitignore
@@ -8,12 +8,7 @@
 .DS_Store
 Thumbs.db
 
-# Deine spezifischen Ordner
-# Wir ignorieren den Inhalt von data, behalten aber den Ordner
-data/*
-!data/.gitkeep
-
-# Falls in config sensible Daten (Passwörter) landen, 
-# solltest du sie hier ebenfalls ausschließen:
 config/*
 !config/.gitkeep
+home/*
+!home/.gitkeep
\ No newline at end of file
-- 
2.49.1


From 5166331d9f632b789724a1f0a1cd5fa51a386b43 Mon Sep 17 00:00:00 2001
From: "info@pi-farm.de" <pi-farm@noreply.git.pi-farm.de>
Date: Thu, 2 Apr 2026 15:07:58 +0000
Subject: [PATCH 30/65] =?UTF-8?q?data/.gitkeep=20gel=C3=B6scht?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 data/.gitkeep | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 delete mode 100644 data/.gitkeep

diff --git a/data/.gitkeep b/data/.gitkeep
deleted file mode 100644
index e69de29..0000000
-- 
2.49.1


From d2e4eed49efa1cd82f81d099c743e93e66447aa5 Mon Sep 17 00:00:00 2001
From: Gitea Action <action@pi-farm.de>
Date: Thu, 2 Apr 2026 15:26:16 +0000
Subject: [PATCH 31/65]  [skip ci]

---
 README.md       | 7 ++++---
 VERSION.history | 1 +
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index 40f5de8..2fed0ba 100644
--- a/README.md
+++ b/README.md
@@ -11,8 +11,8 @@ This repository is built and pushed automatically.
 ### 🏗️ Platform Support
 | Architecture | Status | Base Image | Build Date |
 | :--- | :--- | :--- | :--- |
-| x86_64 (amd64) | ✅ Active | debian:bookworm | 02.04.2026 16:44 |
-| aarch64 (arm64) | ✅ Active | debian:bookworm | 02.04.2026 16:44 |
+| x86_64 (amd64) | ✅ Active | debian:bookworm | 02.04.2026 17:26 |
+| aarch64 (arm64) | ✅ Active | debian:bookworm | 02.04.2026 17:26 |
 
 ### 🚀 Docker Pull
 ```bash
@@ -81,11 +81,12 @@ docker run -d \
   git.pi-farm.de/pi-farm/baseimage-debian-rdp-ldap:bookworm-de
 ```
 
-*Last updated on: 02.04.2026 16:44*
+*Last updated on: 02.04.2026 17:26*
 
 ### 📜 Version History
 | Version | Date | Status |
 | :--- | :--- | :--- |
+| **bookworm-de** | 02.04.2026 17:26 |  ✅ |
 | **bookworm-de** | 02.04.2026 16:44 |  ✅ |
 | **bookworm-de** | 02.04.2026 15:37 |  ✅ |
 | **bookworm** | 02.04.2026 14:15 |  ✅ |
diff --git a/VERSION.history b/VERSION.history
index 6db03fa..a60b796 100644
--- a/VERSION.history
+++ b/VERSION.history
@@ -1,3 +1,4 @@
+| **bookworm-de** | 02.04.2026 17:26 |  ✅ |
 | **bookworm-de** | 02.04.2026 16:44 |  ✅ |
 | **bookworm-de** | 02.04.2026 15:37 |  ✅ |
 | **bookworm** | 02.04.2026 14:15 |  ✅ |
-- 
2.49.1


From 6a459a7b4cf56a3fb34f57f81849209d3d1246a1 Mon Sep 17 00:00:00 2001
From: "info@pi-farm.de" <pi-farm@noreply.git.pi-farm.de>
Date: Thu, 2 Apr 2026 22:26:47 +0000
Subject: [PATCH 32/65] Dockerfile aktualisiert

---
 Dockerfile | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Dockerfile b/Dockerfile
index 4e63613..ef68339 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -27,6 +27,7 @@ RUN sed -i 's/^Types: deb$/Types: deb deb-src/' /etc/apt/sources.list.d/debian.s
     sssd-tools \
     libpam-sss \
     libnss-sss \
+    libsss-sudo \
     ldap-utils \
     ca-certificates \
     dbus-x11 \
-- 
2.49.1


From 1ab01443659630f52cee6d9db5ad211543b8e898 Mon Sep 17 00:00:00 2001
From: "info@pi-farm.de" <pi-farm@noreply.git.pi-farm.de>
Date: Thu, 2 Apr 2026 22:27:27 +0000
Subject: [PATCH 33/65] Dockerfile.aarch64 aktualisiert

---
 Dockerfile.aarch64 | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Dockerfile.aarch64 b/Dockerfile.aarch64
index 4e63613..ef68339 100644
--- a/Dockerfile.aarch64
+++ b/Dockerfile.aarch64
@@ -27,6 +27,7 @@ RUN sed -i 's/^Types: deb$/Types: deb deb-src/' /etc/apt/sources.list.d/debian.s
     sssd-tools \
     libpam-sss \
     libnss-sss \
+    libsss-sudo \
     ldap-utils \
     ca-certificates \
     dbus-x11 \
-- 
2.49.1


From 93dd9f819202b66f7e7f737ac73065b1f8545409 Mon Sep 17 00:00:00 2001
From: "info@pi-farm.de" <pi-farm@noreply.git.pi-farm.de>
Date: Fri, 3 Apr 2026 21:16:08 +0000
Subject: [PATCH 34/65] docker-compose.yml aktualisiert

---
 docker-compose.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index e382d88..9b3a2f4 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -7,7 +7,7 @@ services:
       - 3889
     environment:
       - SSSD_DEBUG_LEVEL=9
-      - LDAP_SCHEMA=rfc2307
+      - LDAP_SCHEMA=rfc2307bis
       - LDAP_AUTH_DISABLE_TLS=true
       - LDAP_SERVER_URI=URL-OF-YOUR-LDAP-SERVER
       - LDAP_BIND_USER=admin
-- 
2.49.1


From b185374802082382d18374b70af8885b74245ae1 Mon Sep 17 00:00:00 2001
From: "info@pi-farm.de" <pi-farm@noreply.git.pi-farm.de>
Date: Fri, 3 Apr 2026 21:38:55 +0000
Subject: [PATCH 35/65] Dockerfile aktualisiert

---
 Dockerfile | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index ef68339..b98e9bc 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -81,12 +81,13 @@ RUN sed -i 's/^Types: deb$/Types: deb deb-src/' /etc/apt/sources.list.d/debian.s
     printf 'XKBMODEL="pc105"\nXKBLAYOUT="%s"\nXKBVARIANT=""\nXKBOPTIONS=""\nBACKSPACE="guess"\n' "${COUNTRY}" > /etc/default/keyboard && \
     dpkg-reconfigure -f noninteractive keyboard-configuration
 
-#COPY config/pam/ /etc/pam.d/
-#COPY config/nsswitch.conf /etc/nsswitch.conf
-#COPY config/xrdp/ /etc/xrdp/
-#COPY config/ldap/ /etc/ldap/
-#COPY config/skel/ /etc/skel/
-#COPY config/sudoers /etc/sudoers
+# NEU: Systemweite statische Konfigurationen für LDAP/PAM/Sudo
+# 1. Entfernt die gefährliche %users Regel
+# 2. Sagt nsswitch, dass Sudoers auch im SSS (LDAP) gesucht werden sollen
+# 3. Aktiviert das automatische Erstellen von Home-Verzeichnissen (mkhomedir)
+RUN sed -i '/%users/s/^/# /' /etc/sudoers && \
+    echo "sudoers: files sss" >> /etc/nsswitch.conf && \
+    echo "session required pam_mkhomedir.so skel=/etc/skel/ umask=0022" >> /etc/pam.d/common-session
 
 RUN chmod 440 /etc/sudoers && \
     mkdir -p /etc/sssd && chown root:root /etc/sssd && chmod 755 /etc/sssd && \
-- 
2.49.1


From 36cc5f7402d048476ebbcb73828c1cf4757509a2 Mon Sep 17 00:00:00 2001
From: "info@pi-farm.de" <pi-farm@noreply.git.pi-farm.de>
Date: Fri, 3 Apr 2026 21:40:15 +0000
Subject: [PATCH 36/65] entrypoint.sh aktualisiert

---
 entrypoint.sh | 71 ++++++++++++++++++++++++++++++++++++++++++++++-----
 1 file changed, 64 insertions(+), 7 deletions(-)

diff --git a/entrypoint.sh b/entrypoint.sh
index 6a22a5e..3f2b134 100644
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -1,8 +1,65 @@
-#!/bin/sh
-service dbus start
+#!/bin/bash
+set -e
+
+# Standardwerte setzen, falls beim Containerstart keine Variablen übergeben wurden
+LDAP_URI=${LDAP_URI:-"ldap://10.0.2.123:389"}
+LDAP_BASE_DN=${LDAP_BASE_DN:-"dc=pi-farm,dc=de"}
+LDAP_BIND_DN=${LDAP_BIND_DN:-"cn=admin,dc=pi-farm,dc=de"}
+LDAP_SUDO_GROUP=${LDAP_SUDO_GROUP:-"sudo_users"}
+# LDAP_BIND_PASSWORD muss übergeben werden!
+
+echo ">>> Erstelle SSSD Konfiguration..."
+cat <<EOF > /etc/sssd/sssd.conf
+[sssd]
+config_file_version = 2
+services = nss, pam, sudo
+domains = LDAP
+
+[domain/LDAP]
+id_provider = ldap
+auth_provider = ldap
+sudo_provider = ldap
+chpass_provider = ldap
+
+ldap_uri = ${LDAP_URI}
+ldap_search_base = ${LDAP_BASE_DN}
+ldap_sudo_search_base = ou=SUDOers,${LDAP_BASE_DN}
+
+ldap_default_bind_dn = ${LDAP_BIND_DN}
+ldap_default_authtok = ${LDAP_BIND_PASSWORD}
+
+ldap_schema = rfc2307bis
+ldap_group_member = uniqueMember
+
+ldap_id_use_start_tls = false
+ldap_tls_reqcert = never
+ldap_auth_disable_tls_never_use_in_production = true
+
+cache_credentials = true
+enumerate = false
+EOF
+
+# Rechte zwingend auf 600, sonst startet SSSD nicht
+chmod 600 /etc/sssd/sssd.conf
+chown root:root /etc/sssd/sssd.conf
+
+echo ">>> Erstelle Sudoers-Regel für Gruppe: ${LDAP_SUDO_GROUP}..."
+echo "%${LDAP_SUDO_GROUP} ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/ldap-admins
+chmod 0440 /etc/sudoers.d/ldap-admins
+
+echo ">>> Leere alten SSSD Cache..."
 rm -f /var/lib/sss/db/*
-sssd -i &
-xrdp-sesman --nodaemon &
-xrdp --nodaemon &
-#service xrdp start
-tail -f /var/log/xrdp.log
+rm -f /var/lib/sss/mc/*
+
+echo ">>> Starte SSSD im Hintergrund..."
+# Wir starten SSSD als Hintergrunddienst (ohne interaktives Log-Spamming)
+sssd -D
+
+echo ">>> Starte XRDP..."
+# dbus starten (oft wichtig für xfce im Container)
+service dbus start
+
+# Startet den xrdp-sesman und anschließend xrdp im Vordergrund, 
+# damit der Container nicht stirbt
+xrdp-sesman
+exec xrdp -n
\ No newline at end of file
-- 
2.49.1


From 5ef6de93df614a9b29c2e73308a41fb9ab714ac1 Mon Sep 17 00:00:00 2001
From: "info@pi-farm.de" <pi-farm@noreply.git.pi-farm.de>
Date: Fri, 3 Apr 2026 21:49:54 +0000
Subject: [PATCH 37/65] buildargs.env aktualisiert

---
 buildargs.env | 38 ++++++++++++++------------------------
 1 file changed, 14 insertions(+), 24 deletions(-)

diff --git a/buildargs.env b/buildargs.env
index 798f532..7957a0c 100644
--- a/buildargs.env
+++ b/buildargs.env
@@ -1,7 +1,7 @@
 ## BUILD STAGE
 BUILD_BASE_IMAGE=debian:bookworm
 BUILD_COUNTRY=de
-BUILD_TAG=bookworm-${BUILD_COUNTRY}
+BUILD_TAG=bookworm-de
 BUILD_TAG_LATEST=y
 BUILD_LANG=de_DE.UTF-8
 BUILD_LANGUAGE=de_DE:de
@@ -9,29 +9,19 @@ BUILD_LC_ALL=de_DE.UTF-8
 BUILD_TZ=Europe/Berlin
 BUILD_MAINTAINER=pi-farm
 BUILD_APP_NAME=baseimage-debian-rdp-ldap
-BUILD_APP_VERSION=${BUILD_TAG}-${COUNTRY}
+BUILD_APP_VERSION=1.0.0
 PUSH=gitea
-## ENV STAGE
-ENV_SSSD_DEBUG_LEVEL=9
-ENV_LDAP_SCHEMA=rfc2307
-ENV_LDAP_AUTH_DISABLE_TLS=true
-ENV_LDAP_SERVER_URI=URL-OF-YOUR-LDAP-SERVER
-ENV_LDAP_BIND_USER=admin
-ENV_LDAP_DOMAIN_DC=dc=YOUR-DOMAIN,dc=COM
+
+## ENV STAGE (Wichtig für deinen Gitea-Workflow)
+ENV_SSSD_DEBUG_LEVEL=5
+ENV_LDAP_URI=ldap://10.0.2.123:389
+ENV_LDAP_BASE_DN=dc=pi-farm,dc=de
+ENV_LDAP_BIND_DN=cn=admin,dc=pi-farm,dc=de
 ENV_LDAP_BIND_PASSWORD=YOUR-SUPER-SECRET-PASSWORD
-ENV_LDAP_SEARCH_BASE=dc=YOUR-DOMAIN,dc=COM
-ENV_LDAP_USER_SEARCH_BASE=ou=users,dc=YOUR-DOMAIN,dc=COM
-ENV_LDAP_GROUP_SEARCH_BASE=dc=YOUR-DOMAIN,dc=COM
-ENV_LDAP_USER_PASSWORD_ATTRIBUTE=userPassword
-ENV_LDAP_USER_OBJECT_CLASS=posixAccount
-ENV_LDAP_USER_NAME=uid
-ENV_LDAP_USER_DN_ATTRIBUTE=cn
-ENV_LDAP_GROUP_OBJECTS_CLASS=posixGroup
-ENV_LDAP_ID_USE_START_TLS=false
-ENV_LDAP_AUTH_USE_START_TLS=false
-ENV_LDAP_TLS_REQCERT=never
-ENV_LDAP_SIMPLE_ALLOW_GROUPS=users
-VOL_CONFIG=./sssd.conf:/etc/sssd/sssd.conf:ro
+ENV_LDAP_SUDO_GROUP=sudo_users
+
+## DOCKER / COMPOSE CONFIG
 VOL_HOME=./home:/home
-PORT_WEB=3889
-DESCRIPTION="Debian Desktop with LDAP-Auth to use with Guacamole as RDP-destination"
\ No newline at end of file
+PORT_RDP=3889
+
+DESCRIPTION="Debian Desktop with LDAP-Auth, Gitea-Workflow compatible"
\ No newline at end of file
-- 
2.49.1


From 77d2ac3881592773f24dd6e264eb53bc53f0f786 Mon Sep 17 00:00:00 2001
From: "info@pi-farm.de" <pi-farm@noreply.git.pi-farm.de>
Date: Fri, 3 Apr 2026 21:50:47 +0000
Subject: [PATCH 38/65] entrypoint.sh aktualisiert

---
 entrypoint.sh | 28 ++++++++++++----------------
 1 file changed, 12 insertions(+), 16 deletions(-)

diff --git a/entrypoint.sh b/entrypoint.sh
index 3f2b134..00b70dc 100644
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -1,12 +1,14 @@
 #!/bin/bash
 set -e
 
-# Standardwerte setzen, falls beim Containerstart keine Variablen übergeben wurden
-LDAP_URI=${LDAP_URI:-"ldap://10.0.2.123:389"}
-LDAP_BASE_DN=${LDAP_BASE_DN:-"dc=pi-farm,dc=de"}
-LDAP_BIND_DN=${LDAP_BIND_DN:-"cn=admin,dc=pi-farm,dc=de"}
-LDAP_SUDO_GROUP=${LDAP_SUDO_GROUP:-"sudo_users"}
-# LDAP_BIND_PASSWORD muss übergeben werden!
+# Mapping der Gitea-Workflow Variablen (ENV_...) auf interne Variablen
+# Falls ENV_LDAP_URI nicht gesetzt ist, wird ein Fallback genutzt
+LDAP_URI=${ENV_LDAP_URI:-"ldap://localhost:389"}
+LDAP_BASE_DN=${ENV_LDAP_BASE_DN:-"dc=example,dc=com"}
+LDAP_BIND_DN=${ENV_LDAP_BIND_DN:-"cn=admin,dc=example,dc=com"}
+LDAP_BIND_PASSWORD=${ENV_LDAP_BIND_PASSWORD:-"password"}
+LDAP_SUDO_GROUP=${ENV_LDAP_SUDO_GROUP:-"sudo_users"}
+SSSD_DEBUG=${ENV_SSSD_DEBUG_LEVEL:-0}
 
 echo ">>> Erstelle SSSD Konfiguration..."
 cat <<EOF > /etc/sssd/sssd.conf
@@ -39,7 +41,6 @@ cache_credentials = true
 enumerate = false
 EOF
 
-# Rechte zwingend auf 600, sonst startet SSSD nicht
 chmod 600 /etc/sssd/sssd.conf
 chown root:root /etc/sssd/sssd.conf
 
@@ -47,19 +48,14 @@ echo ">>> Erstelle Sudoers-Regel für Gruppe: ${LDAP_SUDO_GROUP}..."
 echo "%${LDAP_SUDO_GROUP} ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/ldap-admins
 chmod 0440 /etc/sudoers.d/ldap-admins
 
-echo ">>> Leere alten SSSD Cache..."
+echo ">>> Bereinige SSSD Cache..."
 rm -f /var/lib/sss/db/*
 rm -f /var/lib/sss/mc/*
 
-echo ">>> Starte SSSD im Hintergrund..."
-# Wir starten SSSD als Hintergrunddienst (ohne interaktives Log-Spamming)
-sssd -D
+echo ">>> Starte Dienste..."
+# SSSD mit dem gemappten Debug-Level starten
+sssd -D --debug-level=${SSSD_DEBUG}
 
-echo ">>> Starte XRDP..."
-# dbus starten (oft wichtig für xfce im Container)
 service dbus start
-
-# Startet den xrdp-sesman und anschließend xrdp im Vordergrund, 
-# damit der Container nicht stirbt
 xrdp-sesman
 exec xrdp -n
\ No newline at end of file
-- 
2.49.1


From 9ce48ab14907579fd44a6af7fd3f4c4466540faa Mon Sep 17 00:00:00 2001
From: Gitea Action <action@pi-farm.de>
Date: Fri, 3 Apr 2026 22:31:26 +0000
Subject: [PATCH 39/65]  [skip ci]

---
 README.md          | 57 ++++++++++++----------------------------------
 VERSION.history    |  1 +
 docker-compose.yml | 24 ++++---------------
 3 files changed, 21 insertions(+), 61 deletions(-)

diff --git a/README.md b/README.md
index 2fed0ba..8e741af 100644
--- a/README.md
+++ b/README.md
@@ -1,5 +1,5 @@
 # baseimage-debian-rdp-ldap
-Debian Desktop with LDAP-Auth to use with Guacamole as RDP-destination
+Debian Desktop with LDAP-Auth, Gitea-Workflow compatible
 
 [![Build Status](https://git.pi-farm.de/pi-farm/baseimage-debian-rdp-ldap/actions/workflows/build-and-push.yaml/badge.svg)](https://git.pi-farm.de/pi-farm/baseimage-debian-rdp-ldap/actions)
 [![Gitea Repo](https://img.shields.io/badge/gitea-repository-blue?logo=gitea&logoColor=white)](__REPO_URL__)
@@ -11,8 +11,8 @@ This repository is built and pushed automatically.
 ### 🏗️ Platform Support
 | Architecture | Status | Base Image | Build Date |
 | :--- | :--- | :--- | :--- |
-| x86_64 (amd64) | ✅ Active | debian:bookworm | 02.04.2026 17:26 |
-| aarch64 (arm64) | ✅ Active | debian:bookworm | 02.04.2026 17:26 |
+| x86_64 (amd64) | ✅ Active | debian:bookworm | 04.04.2026 00:31 |
+| aarch64 (arm64) | ✅ Active | debian:bookworm | 04.04.2026 00:31 |
 
 ### 🚀 Docker Pull
 ```bash
@@ -28,27 +28,13 @@ services:
     ports:
       - 3889
     environment:
-      - SSSD_DEBUG_LEVEL=9
-      - LDAP_SCHEMA=rfc2307
-      - LDAP_AUTH_DISABLE_TLS=true
-      - LDAP_SERVER_URI=URL-OF-YOUR-LDAP-SERVER
-      - LDAP_BIND_USER=admin
-      - LDAP_DOMAIN_DC=dc=YOUR-DOMAIN,dc=COM
+      - SSSD_DEBUG_LEVEL=5
+      - LDAP_URI=ldap://10.0.2.123:389
+      - LDAP_BASE_DN=dc=pi-farm,dc=de
+      - LDAP_BIND_DN=cn=admin,dc=pi-farm,dc=de
       - LDAP_BIND_PASSWORD=YOUR-SUPER-SECRET-PASSWORD
-      - LDAP_SEARCH_BASE=dc=YOUR-DOMAIN,dc=COM
-      - LDAP_USER_SEARCH_BASE=ou=users,dc=YOUR-DOMAIN,dc=COM
-      - LDAP_GROUP_SEARCH_BASE=dc=YOUR-DOMAIN,dc=COM
-      - LDAP_USER_PASSWORD_ATTRIBUTE=userPassword
-      - LDAP_USER_OBJECT_CLASS=posixAccount
-      - LDAP_USER_NAME=uid
-      - LDAP_USER_DN_ATTRIBUTE=cn
-      - LDAP_GROUP_OBJECTS_CLASS=posixGroup
-      - LDAP_ID_USE_START_TLS=false
-      - LDAP_AUTH_USE_START_TLS=false
-      - LDAP_TLS_REQCERT=never
-      - LDAP_SIMPLE_ALLOW_GROUPS=users
+      - LDAP_SUDO_GROUP=sudo_users
     volumes:
-      - ./sssd.conf:/etc/sssd/sssd.conf:ro
       - ./home:/home
 ```
 ### 🚀 Docker Run
@@ -56,36 +42,23 @@ services:
 docker run -d \
   --name baseimage-debian-rdp-ldap \
   --restart unless-stopped \
-  -e SSSD_DEBUG_LEVEL=9 \
-  -e LDAP_SCHEMA=rfc2307 \
-  -e LDAP_AUTH_DISABLE_TLS=true \
-  -e LDAP_SERVER_URI=URL-OF-YOUR-LDAP-SERVER \
-  -e LDAP_BIND_USER=admin \
-  -e LDAP_DOMAIN_DC=dc=YOUR-DOMAIN,dc=COM \
+  -e SSSD_DEBUG_LEVEL=5 \
+  -e LDAP_URI=ldap://10.0.2.123:389 \
+  -e LDAP_BASE_DN=dc=pi-farm,dc=de \
+  -e LDAP_BIND_DN=cn=admin,dc=pi-farm,dc=de \
   -e LDAP_BIND_PASSWORD=YOUR-SUPER-SECRET-PASSWORD \
-  -e LDAP_SEARCH_BASE=dc=YOUR-DOMAIN,dc=COM \
-  -e LDAP_USER_SEARCH_BASE=ou=users,dc=YOUR-DOMAIN,dc=COM \
-  -e LDAP_GROUP_SEARCH_BASE=dc=YOUR-DOMAIN,dc=COM \
-  -e LDAP_USER_PASSWORD_ATTRIBUTE=userPassword \
-  -e LDAP_USER_OBJECT_CLASS=posixAccount \
-  -e LDAP_USER_NAME=uid \
-  -e LDAP_USER_DN_ATTRIBUTE=cn \
-  -e LDAP_GROUP_OBJECTS_CLASS=posixGroup \
-  -e LDAP_ID_USE_START_TLS=false \
-  -e LDAP_AUTH_USE_START_TLS=false \
-  -e LDAP_TLS_REQCERT=never \
-  -e LDAP_SIMPLE_ALLOW_GROUPS=users \
-  -v ./sssd.conf:/etc/sssd/sssd.conf:ro \
+  -e LDAP_SUDO_GROUP=sudo_users \
   -v ./home:/home \
   -p 3889 \
   git.pi-farm.de/pi-farm/baseimage-debian-rdp-ldap:bookworm-de
 ```
 
-*Last updated on: 02.04.2026 17:26*
+*Last updated on: 04.04.2026 00:31*
 
 ### 📜 Version History
 | Version | Date | Status |
 | :--- | :--- | :--- |
+| **bookworm-de** | 04.04.2026 00:31 |  ✅ |
 | **bookworm-de** | 02.04.2026 17:26 |  ✅ |
 | **bookworm-de** | 02.04.2026 16:44 |  ✅ |
 | **bookworm-de** | 02.04.2026 15:37 |  ✅ |
diff --git a/VERSION.history b/VERSION.history
index a60b796..46295ea 100644
--- a/VERSION.history
+++ b/VERSION.history
@@ -1,3 +1,4 @@
+| **bookworm-de** | 04.04.2026 00:31 |  ✅ |
 | **bookworm-de** | 02.04.2026 17:26 |  ✅ |
 | **bookworm-de** | 02.04.2026 16:44 |  ✅ |
 | **bookworm-de** | 02.04.2026 15:37 |  ✅ |
diff --git a/docker-compose.yml b/docker-compose.yml
index 9b3a2f4..f0d5728 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -6,25 +6,11 @@ services:
     ports:
       - 3889
     environment:
-      - SSSD_DEBUG_LEVEL=9
-      - LDAP_SCHEMA=rfc2307bis
-      - LDAP_AUTH_DISABLE_TLS=true
-      - LDAP_SERVER_URI=URL-OF-YOUR-LDAP-SERVER
-      - LDAP_BIND_USER=admin
-      - LDAP_DOMAIN_DC=dc=YOUR-DOMAIN,dc=COM
+      - SSSD_DEBUG_LEVEL=5
+      - LDAP_URI=ldap://10.0.2.123:389
+      - LDAP_BASE_DN=dc=pi-farm,dc=de
+      - LDAP_BIND_DN=cn=admin,dc=pi-farm,dc=de
       - LDAP_BIND_PASSWORD=YOUR-SUPER-SECRET-PASSWORD
-      - LDAP_SEARCH_BASE=dc=YOUR-DOMAIN,dc=COM
-      - LDAP_USER_SEARCH_BASE=ou=users,dc=YOUR-DOMAIN,dc=COM
-      - LDAP_GROUP_SEARCH_BASE=dc=YOUR-DOMAIN,dc=COM
-      - LDAP_USER_PASSWORD_ATTRIBUTE=userPassword
-      - LDAP_USER_OBJECT_CLASS=posixAccount
-      - LDAP_USER_NAME=uid
-      - LDAP_USER_DN_ATTRIBUTE=cn
-      - LDAP_GROUP_OBJECTS_CLASS=posixGroup
-      - LDAP_ID_USE_START_TLS=false
-      - LDAP_AUTH_USE_START_TLS=false
-      - LDAP_TLS_REQCERT=never
-      - LDAP_SIMPLE_ALLOW_GROUPS=users
+      - LDAP_SUDO_GROUP=sudo_users
     volumes:
-      - ./sssd.conf:/etc/sssd/sssd.conf:ro
       - ./home:/home
-- 
2.49.1


From 310c87f4af3cb4449ae70fdaf6fed72ec149ca14 Mon Sep 17 00:00:00 2001
From: Gitea Action <action@pi-farm.de>
Date: Sun, 5 Apr 2026 09:20:35 +0000
Subject: [PATCH 40/65]  [skip ci]

---
 README.md       | 7 ++++---
 VERSION.history | 1 +
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index 8e741af..62cf69f 100644
--- a/README.md
+++ b/README.md
@@ -11,8 +11,8 @@ This repository is built and pushed automatically.
 ### 🏗️ Platform Support
 | Architecture | Status | Base Image | Build Date |
 | :--- | :--- | :--- | :--- |
-| x86_64 (amd64) | ✅ Active | debian:bookworm | 04.04.2026 00:31 |
-| aarch64 (arm64) | ✅ Active | debian:bookworm | 04.04.2026 00:31 |
+| x86_64 (amd64) | ✅ Active | debian:bookworm | 05.04.2026 11:20 |
+| aarch64 (arm64) | ✅ Active | debian:bookworm | 05.04.2026 11:20 |
 
 ### 🚀 Docker Pull
 ```bash
@@ -53,11 +53,12 @@ docker run -d \
   git.pi-farm.de/pi-farm/baseimage-debian-rdp-ldap:bookworm-de
 ```
 
-*Last updated on: 04.04.2026 00:31*
+*Last updated on: 05.04.2026 11:20*
 
 ### 📜 Version History
 | Version | Date | Status |
 | :--- | :--- | :--- |
+| **bookworm-de** | 05.04.2026 11:20 |  ✅ |
 | **bookworm-de** | 04.04.2026 00:31 |  ✅ |
 | **bookworm-de** | 02.04.2026 17:26 |  ✅ |
 | **bookworm-de** | 02.04.2026 16:44 |  ✅ |
diff --git a/VERSION.history b/VERSION.history
index 46295ea..4142c51 100644
--- a/VERSION.history
+++ b/VERSION.history
@@ -1,3 +1,4 @@
+| **bookworm-de** | 05.04.2026 11:20 |  ✅ |
 | **bookworm-de** | 04.04.2026 00:31 |  ✅ |
 | **bookworm-de** | 02.04.2026 17:26 |  ✅ |
 | **bookworm-de** | 02.04.2026 16:44 |  ✅ |
-- 
2.49.1


From 86a3df69a856f2b0fb1b94818b45fab8b0df307d Mon Sep 17 00:00:00 2001
From: "info@pi-farm.de" <pi-farm@noreply.git.pi-farm.de>
Date: Sun, 5 Apr 2026 09:28:24 +0000
Subject: [PATCH 41/65] buildargs.env aktualisiert

---
 buildargs.env | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/buildargs.env b/buildargs.env
index 7957a0c..9756ef3 100644
--- a/buildargs.env
+++ b/buildargs.env
@@ -8,7 +8,7 @@ BUILD_LANGUAGE=de_DE:de
 BUILD_LC_ALL=de_DE.UTF-8
 BUILD_TZ=Europe/Berlin
 BUILD_MAINTAINER=pi-farm
-BUILD_APP_NAME=baseimage-debian-rdp-ldap
+BUILD_APP_NAME=base-image-debian-rdp-ldap
 BUILD_APP_VERSION=1.0.0
 PUSH=gitea
 
-- 
2.49.1


From ff92457c85803e3a3fac555f350ee70516417ba9 Mon Sep 17 00:00:00 2001
From: Gitea Action <action@pi-farm.de>
Date: Sun, 5 Apr 2026 09:47:30 +0000
Subject: [PATCH 42/65]  [skip ci]

---
 README.md          | 23 ++++++++++++-----------
 VERSION.history    |  1 +
 docker-compose.yml |  6 +++---
 3 files changed, 16 insertions(+), 14 deletions(-)

diff --git a/README.md b/README.md
index 62cf69f..86a8440 100644
--- a/README.md
+++ b/README.md
@@ -1,7 +1,7 @@
-# baseimage-debian-rdp-ldap
+# base-image-debian-rdp-ldap
 Debian Desktop with LDAP-Auth, Gitea-Workflow compatible
 
-[![Build Status](https://git.pi-farm.de/pi-farm/baseimage-debian-rdp-ldap/actions/workflows/build-and-push.yaml/badge.svg)](https://git.pi-farm.de/pi-farm/baseimage-debian-rdp-ldap/actions)
+[![Build Status](https://git.pi-farm.de/pi-farm/base-image-debian-rdp-ldap/actions/workflows/build-and-push.yaml/badge.svg)](https://git.pi-farm.de/pi-farm/base-image-debian-rdp-ldap/actions)
 [![Gitea Repo](https://img.shields.io/badge/gitea-repository-blue?logo=gitea&logoColor=white)](__REPO_URL__)
 
 This repository is built and pushed automatically.
@@ -11,19 +11,19 @@ This repository is built and pushed automatically.
 ### 🏗️ Platform Support
 | Architecture | Status | Base Image | Build Date |
 | :--- | :--- | :--- | :--- |
-| x86_64 (amd64) | ✅ Active | debian:bookworm | 05.04.2026 11:20 |
-| aarch64 (arm64) | ✅ Active | debian:bookworm | 05.04.2026 11:20 |
+| x86_64 (amd64) | ✅ Active | debian:bookworm | 05.04.2026 11:47 |
+| aarch64 (arm64) | ✅ Active | debian:bookworm | 05.04.2026 11:47 |
 
 ### 🚀 Docker Pull
 ```bash
-docker pull git.pi-farm.de/pi-farm/baseimage-debian-rdp-ldap:bookworm-de
+docker pull git.pi-farm.de/pi-farm/base-image-debian-rdp-ldap:bookworm-de
 ```
 ### 🚀 Docker Compose
 ```yaml
 services:
-  baseimage-debian-rdp-ldap:
-    image: git.pi-farm.de/pi-farm/baseimage-debian-rdp-ldap:bookworm-de
-    container_name: baseimage-debian-rdp-ldap
+  base-image-debian-rdp-ldap:
+    image: git.pi-farm.de/pi-farm/base-image-debian-rdp-ldap:bookworm-de
+    container_name: base-image-debian-rdp-ldap
     restart: unless-stopped
     ports:
       - 3889
@@ -40,7 +40,7 @@ services:
 ### 🚀 Docker Run
 ```bash
 docker run -d \
-  --name baseimage-debian-rdp-ldap \
+  --name base-image-debian-rdp-ldap \
   --restart unless-stopped \
   -e SSSD_DEBUG_LEVEL=5 \
   -e LDAP_URI=ldap://10.0.2.123:389 \
@@ -50,14 +50,15 @@ docker run -d \
   -e LDAP_SUDO_GROUP=sudo_users \
   -v ./home:/home \
   -p 3889 \
-  git.pi-farm.de/pi-farm/baseimage-debian-rdp-ldap:bookworm-de
+  git.pi-farm.de/pi-farm/base-image-debian-rdp-ldap:bookworm-de
 ```
 
-*Last updated on: 05.04.2026 11:20*
+*Last updated on: 05.04.2026 11:47*
 
 ### 📜 Version History
 | Version | Date | Status |
 | :--- | :--- | :--- |
+| **bookworm-de** | 05.04.2026 11:47 |  ✅ |
 | **bookworm-de** | 05.04.2026 11:20 |  ✅ |
 | **bookworm-de** | 04.04.2026 00:31 |  ✅ |
 | **bookworm-de** | 02.04.2026 17:26 |  ✅ |
diff --git a/VERSION.history b/VERSION.history
index 4142c51..0e59310 100644
--- a/VERSION.history
+++ b/VERSION.history
@@ -1,3 +1,4 @@
+| **bookworm-de** | 05.04.2026 11:47 |  ✅ |
 | **bookworm-de** | 05.04.2026 11:20 |  ✅ |
 | **bookworm-de** | 04.04.2026 00:31 |  ✅ |
 | **bookworm-de** | 02.04.2026 17:26 |  ✅ |
diff --git a/docker-compose.yml b/docker-compose.yml
index f0d5728..6ae0d12 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,7 +1,7 @@
 services:
-  baseimage-debian-rdp-ldap:
-    image: git.pi-farm.de/pi-farm/baseimage-debian-rdp-ldap:bookworm-de
-    container_name: baseimage-debian-rdp-ldap
+  base-image-debian-rdp-ldap:
+    image: git.pi-farm.de/pi-farm/base-image-debian-rdp-ldap:bookworm-de
+    container_name: base-image-debian-rdp-ldap
     restart: unless-stopped
     ports:
       - 3889
-- 
2.49.1


From 09449c4da2cdfe73917832033d871d016bdd8687 Mon Sep 17 00:00:00 2001
From: Gitea Action <action@pi-farm.de>
Date: Tue, 7 Apr 2026 15:38:29 +0000
Subject: [PATCH 43/65]  [skip ci]

---
 README.md       | 7 ++++---
 VERSION.history | 1 +
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index 86a8440..457d994 100644
--- a/README.md
+++ b/README.md
@@ -11,8 +11,8 @@ This repository is built and pushed automatically.
 ### 🏗️ Platform Support
 | Architecture | Status | Base Image | Build Date |
 | :--- | :--- | :--- | :--- |
-| x86_64 (amd64) | ✅ Active | debian:bookworm | 05.04.2026 11:47 |
-| aarch64 (arm64) | ✅ Active | debian:bookworm | 05.04.2026 11:47 |
+| x86_64 (amd64) | ✅ Active | debian:bookworm | 07.04.2026 17:38 |
+| aarch64 (arm64) | ✅ Active | debian:bookworm | 07.04.2026 17:38 |
 
 ### 🚀 Docker Pull
 ```bash
@@ -53,11 +53,12 @@ docker run -d \
   git.pi-farm.de/pi-farm/base-image-debian-rdp-ldap:bookworm-de
 ```
 
-*Last updated on: 05.04.2026 11:47*
+*Last updated on: 07.04.2026 17:38*
 
 ### 📜 Version History
 | Version | Date | Status |
 | :--- | :--- | :--- |
+| **bookworm-de** | 07.04.2026 17:38 |  ✅ |
 | **bookworm-de** | 05.04.2026 11:47 |  ✅ |
 | **bookworm-de** | 05.04.2026 11:20 |  ✅ |
 | **bookworm-de** | 04.04.2026 00:31 |  ✅ |
diff --git a/VERSION.history b/VERSION.history
index 0e59310..ef10293 100644
--- a/VERSION.history
+++ b/VERSION.history
@@ -1,3 +1,4 @@
+| **bookworm-de** | 07.04.2026 17:38 |  ✅ |
 | **bookworm-de** | 05.04.2026 11:47 |  ✅ |
 | **bookworm-de** | 05.04.2026 11:20 |  ✅ |
 | **bookworm-de** | 04.04.2026 00:31 |  ✅ |
-- 
2.49.1


From c25bbbd5c931907358115957255cce4c96d52642 Mon Sep 17 00:00:00 2001
From: "info@pi-farm.de" <pi-farm@noreply.git.pi-farm.de>
Date: Tue, 7 Apr 2026 16:55:47 +0000
Subject: [PATCH 44/65] entrypoint.sh aktualisiert

---
 entrypoint.sh | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/entrypoint.sh b/entrypoint.sh
index 00b70dc..3fa5b1a 100644
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -3,12 +3,12 @@ set -e
 
 # Mapping der Gitea-Workflow Variablen (ENV_...) auf interne Variablen
 # Falls ENV_LDAP_URI nicht gesetzt ist, wird ein Fallback genutzt
-LDAP_URI=${ENV_LDAP_URI:-"ldap://localhost:389"}
-LDAP_BASE_DN=${ENV_LDAP_BASE_DN:-"dc=example,dc=com"}
-LDAP_BIND_DN=${ENV_LDAP_BIND_DN:-"cn=admin,dc=example,dc=com"}
-LDAP_BIND_PASSWORD=${ENV_LDAP_BIND_PASSWORD:-"password"}
-LDAP_SUDO_GROUP=${ENV_LDAP_SUDO_GROUP:-"sudo_users"}
-SSSD_DEBUG=${ENV_SSSD_DEBUG_LEVEL:-0}
+LDAP_URI=${LDAP_URI:-"ldap://localhost:389"}
+LDAP_BASE_DN=${LDAP_BASE_DN:-"dc=example,dc=com"}
+LDAP_BIND_DN=${LDAP_BIND_DN:-"cn=admin,dc=example,dc=com"}
+LDAP_BIND_PASSWORD=${LDAP_BIND_PASSWORD}
+LDAP_SUDO_GROUP=${LDAP_SUDO_GROUP:-"sudo_users"}
+SSSD_DEBUG=${SSSD_DEBUG_LEVEL:-0}
 
 echo ">>> Erstelle SSSD Konfiguration..."
 cat <<EOF > /etc/sssd/sssd.conf
-- 
2.49.1


From a7e4b75aaedaa7c10820e8f8061ff9cd90a131f6 Mon Sep 17 00:00:00 2001
From: Gitea Action <action@pi-farm.de>
Date: Tue, 7 Apr 2026 17:28:00 +0000
Subject: [PATCH 45/65]  [skip ci]

---
 README.md       | 7 ++++---
 VERSION.history | 1 +
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index 457d994..daa1946 100644
--- a/README.md
+++ b/README.md
@@ -11,8 +11,8 @@ This repository is built and pushed automatically.
 ### 🏗️ Platform Support
 | Architecture | Status | Base Image | Build Date |
 | :--- | :--- | :--- | :--- |
-| x86_64 (amd64) | ✅ Active | debian:bookworm | 07.04.2026 17:38 |
-| aarch64 (arm64) | ✅ Active | debian:bookworm | 07.04.2026 17:38 |
+| x86_64 (amd64) | ✅ Active | debian:bookworm | 07.04.2026 19:27 |
+| aarch64 (arm64) | ✅ Active | debian:bookworm | 07.04.2026 19:27 |
 
 ### 🚀 Docker Pull
 ```bash
@@ -53,11 +53,12 @@ docker run -d \
   git.pi-farm.de/pi-farm/base-image-debian-rdp-ldap:bookworm-de
 ```
 
-*Last updated on: 07.04.2026 17:38*
+*Last updated on: 07.04.2026 19:27*
 
 ### 📜 Version History
 | Version | Date | Status |
 | :--- | :--- | :--- |
+| **bookworm-de** | 07.04.2026 19:27 |  ✅ |
 | **bookworm-de** | 07.04.2026 17:38 |  ✅ |
 | **bookworm-de** | 05.04.2026 11:47 |  ✅ |
 | **bookworm-de** | 05.04.2026 11:20 |  ✅ |
diff --git a/VERSION.history b/VERSION.history
index ef10293..54b152f 100644
--- a/VERSION.history
+++ b/VERSION.history
@@ -1,3 +1,4 @@
+| **bookworm-de** | 07.04.2026 19:27 |  ✅ |
 | **bookworm-de** | 07.04.2026 17:38 |  ✅ |
 | **bookworm-de** | 05.04.2026 11:47 |  ✅ |
 | **bookworm-de** | 05.04.2026 11:20 |  ✅ |
-- 
2.49.1


From 450e65e647d75f611001d9361ed54e613d8cfa07 Mon Sep 17 00:00:00 2001
From: "info@pi-farm.de" <pi-farm@noreply.git.pi-farm.de>
Date: Wed, 8 Apr 2026 19:32:05 +0000
Subject: [PATCH 46/65] buildargs.env aktualisiert

---
 buildargs.env | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/buildargs.env b/buildargs.env
index 9756ef3..cf089f1 100644
--- a/buildargs.env
+++ b/buildargs.env
@@ -2,7 +2,7 @@
 BUILD_BASE_IMAGE=debian:bookworm
 BUILD_COUNTRY=de
 BUILD_TAG=bookworm-de
-BUILD_TAG_LATEST=y
+BUILD_TAG_LATEST=n
 BUILD_LANG=de_DE.UTF-8
 BUILD_LANGUAGE=de_DE:de
 BUILD_LC_ALL=de_DE.UTF-8
@@ -12,16 +12,16 @@ BUILD_APP_NAME=base-image-debian-rdp-ldap
 BUILD_APP_VERSION=1.0.0
 PUSH=gitea
 
-## ENV STAGE (Wichtig für deinen Gitea-Workflow)
+## ENV STAGE
 ENV_SSSD_DEBUG_LEVEL=5
-ENV_LDAP_URI=ldap://10.0.2.123:389
-ENV_LDAP_BASE_DN=dc=pi-farm,dc=de
-ENV_LDAP_BIND_DN=cn=admin,dc=pi-farm,dc=de
-ENV_LDAP_BIND_PASSWORD=YOUR-SUPER-SECRET-PASSWORD
-ENV_LDAP_SUDO_GROUP=sudo_users
+ENV_LDAP_URI=ldap://YOUR-LDAP-SERVER:389
+ENV_LDAP_BASE_DN=dc=YOUR-DOMAIN,dc=LOC
+ENV_LDAP_BIND_DN=cn=YOUR-BIND-USER,dc=YOUR-DOMAIN,dc=LOC
+ENV_LDAP_BIND_PASSWORD=YOUR-SUPER-SECRET-BIND-PASSWORD
+ENV_LDAP_SUDO_GROUP=YOUR-SUDO-USERS-GROUP
 
 ## DOCKER / COMPOSE CONFIG
-VOL_HOME=./home:/home
+VOL_HOME=./YOUR-PERSISTENT-FOLDER:/home
 PORT_RDP=3889
 
-DESCRIPTION="Debian Desktop with LDAP-Auth, Gitea-Workflow compatible"
\ No newline at end of file
+DESCRIPTION="Debian Desktop with LDAP-Authentication. To use behind Guacamole with LDAP-Authentication and pass-through to Debian-Desktop."
\ No newline at end of file
-- 
2.49.1


From 9fcc9668cb2306d291ff94164ffec17769600153 Mon Sep 17 00:00:00 2001
From: "info@pi-farm.de" <pi-farm@noreply.git.pi-farm.de>
Date: Wed, 8 Apr 2026 20:19:30 +0000
Subject: [PATCH 47/65] Dockerfile aktualisiert

---
 Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index b98e9bc..6c35377 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -98,7 +98,7 @@ RUN chmod 440 /etc/sudoers && \
     echo "LANG=${LANG}" >> /etc/environment && \
     echo "LANGUAGE=${LANGUAGE}" >> /etc/environment && \
     echo "LC_ALL=${LC_ALL}" >> /etc/environment && \
-    sed -i '1i export LANG=${LANG}\nexport LANGUAGE=${LANGUAGE}\nexport LC_ALL=${LC_ALL}' /etc/xrdp/startwm.sh && \
+    sed -i '2i export LANG=${LANG}\nexport LANGUAGE=${LANGUAGE}\nexport LC_ALL=${LC_ALL}\npulseaudio --start\npactl load-module module-xrdp-sink.so\npactl load-module module-xrdp-source.so' /etc/xrdp/startwm.sh && \
     chmod +x /etc/xrdp/startwm.sh && \
     mkdir -p /etc/xdg/xfce4 && \
     echo "setxkbmap ${COUNTRY}" >> /etc/xdg/xfce4/xinitrc
-- 
2.49.1


From 7e0c69278c6827af11c87e3225d2662cab8312ab Mon Sep 17 00:00:00 2001
From: "info@pi-farm.de" <pi-farm@noreply.git.pi-farm.de>
Date: Wed, 8 Apr 2026 20:21:06 +0000
Subject: [PATCH 48/65] _Dockerfile.aarch64 aktualisiert

---
 Dockerfile.aarch64 => _Dockerfile.aarch64 | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename Dockerfile.aarch64 => _Dockerfile.aarch64 (100%)

diff --git a/Dockerfile.aarch64 b/_Dockerfile.aarch64
similarity index 100%
rename from Dockerfile.aarch64
rename to _Dockerfile.aarch64
-- 
2.49.1


From 614e0b88db7d7d3e637d82289b77f51dd0df3525 Mon Sep 17 00:00:00 2001
From: "info@pi-farm.de" <pi-farm@noreply.git.pi-farm.de>
Date: Wed, 8 Apr 2026 20:33:17 +0000
Subject: [PATCH 49/65] Dockerfile.aarch64 aktualisiert

---
 _Dockerfile.aarch64 => Dockerfile.aarch64 | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)
 rename _Dockerfile.aarch64 => Dockerfile.aarch64 (81%)

diff --git a/_Dockerfile.aarch64 b/Dockerfile.aarch64
similarity index 81%
rename from _Dockerfile.aarch64
rename to Dockerfile.aarch64
index ef68339..6c35377 100644
--- a/_Dockerfile.aarch64
+++ b/Dockerfile.aarch64
@@ -81,12 +81,13 @@ RUN sed -i 's/^Types: deb$/Types: deb deb-src/' /etc/apt/sources.list.d/debian.s
     printf 'XKBMODEL="pc105"\nXKBLAYOUT="%s"\nXKBVARIANT=""\nXKBOPTIONS=""\nBACKSPACE="guess"\n' "${COUNTRY}" > /etc/default/keyboard && \
     dpkg-reconfigure -f noninteractive keyboard-configuration
 
-#COPY config/pam/ /etc/pam.d/
-#COPY config/nsswitch.conf /etc/nsswitch.conf
-#COPY config/xrdp/ /etc/xrdp/
-#COPY config/ldap/ /etc/ldap/
-#COPY config/skel/ /etc/skel/
-#COPY config/sudoers /etc/sudoers
+# NEU: Systemweite statische Konfigurationen für LDAP/PAM/Sudo
+# 1. Entfernt die gefährliche %users Regel
+# 2. Sagt nsswitch, dass Sudoers auch im SSS (LDAP) gesucht werden sollen
+# 3. Aktiviert das automatische Erstellen von Home-Verzeichnissen (mkhomedir)
+RUN sed -i '/%users/s/^/# /' /etc/sudoers && \
+    echo "sudoers: files sss" >> /etc/nsswitch.conf && \
+    echo "session required pam_mkhomedir.so skel=/etc/skel/ umask=0022" >> /etc/pam.d/common-session
 
 RUN chmod 440 /etc/sudoers && \
     mkdir -p /etc/sssd && chown root:root /etc/sssd && chmod 755 /etc/sssd && \
@@ -97,7 +98,7 @@ RUN chmod 440 /etc/sudoers && \
     echo "LANG=${LANG}" >> /etc/environment && \
     echo "LANGUAGE=${LANGUAGE}" >> /etc/environment && \
     echo "LC_ALL=${LC_ALL}" >> /etc/environment && \
-    sed -i '1i export LANG=${LANG}\nexport LANGUAGE=${LANGUAGE}\nexport LC_ALL=${LC_ALL}' /etc/xrdp/startwm.sh && \
+    sed -i '2i export LANG=${LANG}\nexport LANGUAGE=${LANGUAGE}\nexport LC_ALL=${LC_ALL}\npulseaudio --start\npactl load-module module-xrdp-sink.so\npactl load-module module-xrdp-source.so' /etc/xrdp/startwm.sh && \
     chmod +x /etc/xrdp/startwm.sh && \
     mkdir -p /etc/xdg/xfce4 && \
     echo "setxkbmap ${COUNTRY}" >> /etc/xdg/xfce4/xinitrc
-- 
2.49.1


From 49d7a0b61d855b4ebc2ba1699fff278bca2d1c0a Mon Sep 17 00:00:00 2001
From: "info@pi-farm.de" <pi-farm@noreply.git.pi-farm.de>
Date: Thu, 9 Apr 2026 07:51:22 +0000
Subject: [PATCH 50/65] buildargs.env aktualisiert

---
 buildargs.env | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/buildargs.env b/buildargs.env
index cf089f1..b5f14de 100644
--- a/buildargs.env
+++ b/buildargs.env
@@ -10,7 +10,7 @@ BUILD_TZ=Europe/Berlin
 BUILD_MAINTAINER=pi-farm
 BUILD_APP_NAME=base-image-debian-rdp-ldap
 BUILD_APP_VERSION=1.0.0
-PUSH=gitea
+PUSH=dockerhub
 
 ## ENV STAGE
 ENV_SSSD_DEBUG_LEVEL=5
-- 
2.49.1


From 048a5314815ccc231557716dbf6a1b9049caec64 Mon Sep 17 00:00:00 2001
From: Gitea Action <action@pi-farm.de>
Date: Thu, 9 Apr 2026 08:11:14 +0000
Subject: [PATCH 51/65]  [skip ci]

---
 README.md          | 35 ++++++++++++++++++-----------------
 VERSION.history    |  1 +
 docker-compose.yml | 12 ++++++------
 3 files changed, 25 insertions(+), 23 deletions(-)

diff --git a/README.md b/README.md
index daa1946..b75c1f7 100644
--- a/README.md
+++ b/README.md
@@ -1,18 +1,18 @@
 # base-image-debian-rdp-ldap
-Debian Desktop with LDAP-Auth, Gitea-Workflow compatible
+Debian Desktop with LDAP-Authentication. To use behind Guacamole with LDAP-Authentication and pass-through to Debian-Desktop.
 
 [![Build Status](https://git.pi-farm.de/pi-farm/base-image-debian-rdp-ldap/actions/workflows/build-and-push.yaml/badge.svg)](https://git.pi-farm.de/pi-farm/base-image-debian-rdp-ldap/actions)
 [![Gitea Repo](https://img.shields.io/badge/gitea-repository-blue?logo=gitea&logoColor=white)](__REPO_URL__)
 
 This repository is built and pushed automatically.
 
-
+[![Docker Hub](https://img.shields.io/badge/docker-hub-blue?logo=docker__DOCKERHUB_LINK__logoColor=white)](https://hub.docker.com/r/pifarm/base-image-debian-rdp-ldap)
 
 ### 🏗️ Platform Support
 | Architecture | Status | Base Image | Build Date |
 | :--- | :--- | :--- | :--- |
-| x86_64 (amd64) | ✅ Active | debian:bookworm | 07.04.2026 19:27 |
-| aarch64 (arm64) | ✅ Active | debian:bookworm | 07.04.2026 19:27 |
+| x86_64 (amd64) | ✅ Active | debian:bookworm | 09.04.2026 10:11 |
+| aarch64 (arm64) | ✅ Active | debian:bookworm | 09.04.2026 10:11 |
 
 ### 🚀 Docker Pull
 ```bash
@@ -29,13 +29,13 @@ services:
       - 3889
     environment:
       - SSSD_DEBUG_LEVEL=5
-      - LDAP_URI=ldap://10.0.2.123:389
-      - LDAP_BASE_DN=dc=pi-farm,dc=de
-      - LDAP_BIND_DN=cn=admin,dc=pi-farm,dc=de
-      - LDAP_BIND_PASSWORD=YOUR-SUPER-SECRET-PASSWORD
-      - LDAP_SUDO_GROUP=sudo_users
+      - LDAP_URI=ldap://YOUR-LDAP-SERVER:389
+      - LDAP_BASE_DN=dc=YOUR-DOMAIN,dc=LOC
+      - LDAP_BIND_DN=cn=YOUR-BIND-USER,dc=YOUR-DOMAIN,dc=LOC
+      - LDAP_BIND_PASSWORD=YOUR-SUPER-SECRET-BIND-PASSWORD
+      - LDAP_SUDO_GROUP=YOUR-SUDO-USERS-GROUP
     volumes:
-      - ./home:/home
+      - ./YOUR-PERSISTENT-FOLDER:/home
 ```
 ### 🚀 Docker Run
 ```bash
@@ -43,21 +43,22 @@ docker run -d \
   --name base-image-debian-rdp-ldap \
   --restart unless-stopped \
   -e SSSD_DEBUG_LEVEL=5 \
-  -e LDAP_URI=ldap://10.0.2.123:389 \
-  -e LDAP_BASE_DN=dc=pi-farm,dc=de \
-  -e LDAP_BIND_DN=cn=admin,dc=pi-farm,dc=de \
-  -e LDAP_BIND_PASSWORD=YOUR-SUPER-SECRET-PASSWORD \
-  -e LDAP_SUDO_GROUP=sudo_users \
-  -v ./home:/home \
+  -e LDAP_URI=ldap://YOUR-LDAP-SERVER:389 \
+  -e LDAP_BASE_DN=dc=YOUR-DOMAIN,dc=LOC \
+  -e LDAP_BIND_DN=cn=YOUR-BIND-USER,dc=YOUR-DOMAIN,dc=LOC \
+  -e LDAP_BIND_PASSWORD=YOUR-SUPER-SECRET-BIND-PASSWORD \
+  -e LDAP_SUDO_GROUP=YOUR-SUDO-USERS-GROUP \
+  -v ./YOUR-PERSISTENT-FOLDER:/home \
   -p 3889 \
   git.pi-farm.de/pi-farm/base-image-debian-rdp-ldap:bookworm-de
 ```
 
-*Last updated on: 07.04.2026 19:27*
+*Last updated on: 09.04.2026 10:11*
 
 ### 📜 Version History
 | Version | Date | Status |
 | :--- | :--- | :--- |
+| **bookworm-de** | 09.04.2026 10:11 |  ✅ |
 | **bookworm-de** | 07.04.2026 19:27 |  ✅ |
 | **bookworm-de** | 07.04.2026 17:38 |  ✅ |
 | **bookworm-de** | 05.04.2026 11:47 |  ✅ |
diff --git a/VERSION.history b/VERSION.history
index 54b152f..4c66ee9 100644
--- a/VERSION.history
+++ b/VERSION.history
@@ -1,3 +1,4 @@
+| **bookworm-de** | 09.04.2026 10:11 |  ✅ |
 | **bookworm-de** | 07.04.2026 19:27 |  ✅ |
 | **bookworm-de** | 07.04.2026 17:38 |  ✅ |
 | **bookworm-de** | 05.04.2026 11:47 |  ✅ |
diff --git a/docker-compose.yml b/docker-compose.yml
index 6ae0d12..de04786 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -7,10 +7,10 @@ services:
       - 3889
     environment:
       - SSSD_DEBUG_LEVEL=5
-      - LDAP_URI=ldap://10.0.2.123:389
-      - LDAP_BASE_DN=dc=pi-farm,dc=de
-      - LDAP_BIND_DN=cn=admin,dc=pi-farm,dc=de
-      - LDAP_BIND_PASSWORD=YOUR-SUPER-SECRET-PASSWORD
-      - LDAP_SUDO_GROUP=sudo_users
+      - LDAP_URI=ldap://YOUR-LDAP-SERVER:389
+      - LDAP_BASE_DN=dc=YOUR-DOMAIN,dc=LOC
+      - LDAP_BIND_DN=cn=YOUR-BIND-USER,dc=YOUR-DOMAIN,dc=LOC
+      - LDAP_BIND_PASSWORD=YOUR-SUPER-SECRET-BIND-PASSWORD
+      - LDAP_SUDO_GROUP=YOUR-SUDO-USERS-GROUP
     volumes:
-      - ./home:/home
+      - ./YOUR-PERSISTENT-FOLDER:/home
-- 
2.49.1


From 8d6eeae9453513b64d6fc3025f5d7e63bbe5c0f1 Mon Sep 17 00:00:00 2001
From: "info@pi-farm.de" <pi-farm@noreply.git.pi-farm.de>
Date: Thu, 9 Apr 2026 09:33:22 +0000
Subject: [PATCH 52/65] README.md aktualisiert

---
 README.md | 10 +---------
 1 file changed, 1 insertion(+), 9 deletions(-)

diff --git a/README.md b/README.md
index b75c1f7..f8644bc 100644
--- a/README.md
+++ b/README.md
@@ -59,12 +59,4 @@ docker run -d \
 | Version | Date | Status |
 | :--- | :--- | :--- |
 | **bookworm-de** | 09.04.2026 10:11 |  ✅ |
-| **bookworm-de** | 07.04.2026 19:27 |  ✅ |
-| **bookworm-de** | 07.04.2026 17:38 |  ✅ |
-| **bookworm-de** | 05.04.2026 11:47 |  ✅ |
-| **bookworm-de** | 05.04.2026 11:20 |  ✅ |
-| **bookworm-de** | 04.04.2026 00:31 |  ✅ |
-| **bookworm-de** | 02.04.2026 17:26 |  ✅ |
-| **bookworm-de** | 02.04.2026 16:44 |  ✅ |
-| **bookworm-de** | 02.04.2026 15:37 |  ✅ |
-| **bookworm** | 02.04.2026 14:15 |  ✅ |
+
-- 
2.49.1


From 3fa2f27ea4999b1e61213cdcb9ee32a9f6b63b28 Mon Sep 17 00:00:00 2001
From: Gitea Action <action@pi-farm.de>
Date: Thu, 9 Apr 2026 09:58:13 +0000
Subject: [PATCH 53/65]  [skip ci]

---
 README.md       | 17 +++++++++++++----
 VERSION.history |  1 +
 2 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index f8644bc..2fbbf07 100644
--- a/README.md
+++ b/README.md
@@ -11,8 +11,8 @@ This repository is built and pushed automatically.
 ### 🏗️ Platform Support
 | Architecture | Status | Base Image | Build Date |
 | :--- | :--- | :--- | :--- |
-| x86_64 (amd64) | ✅ Active | debian:bookworm | 09.04.2026 10:11 |
-| aarch64 (arm64) | ✅ Active | debian:bookworm | 09.04.2026 10:11 |
+| x86_64 (amd64) | ✅ Active | debian:bookworm | 09.04.2026 11:58 |
+| aarch64 (arm64) | ✅ Active | debian:bookworm | 09.04.2026 11:58 |
 
 ### 🚀 Docker Pull
 ```bash
@@ -53,10 +53,19 @@ docker run -d \
   git.pi-farm.de/pi-farm/base-image-debian-rdp-ldap:bookworm-de
 ```
 
-*Last updated on: 09.04.2026 10:11*
+*Last updated on: 09.04.2026 11:58*
 
 ### 📜 Version History
 | Version | Date | Status |
 | :--- | :--- | :--- |
+| **bookworm-de** | 09.04.2026 11:58 |  ✅ |
 | **bookworm-de** | 09.04.2026 10:11 |  ✅ |
-
+| **bookworm-de** | 07.04.2026 19:27 |  ✅ |
+| **bookworm-de** | 07.04.2026 17:38 |  ✅ |
+| **bookworm-de** | 05.04.2026 11:47 |  ✅ |
+| **bookworm-de** | 05.04.2026 11:20 |  ✅ |
+| **bookworm-de** | 04.04.2026 00:31 |  ✅ |
+| **bookworm-de** | 02.04.2026 17:26 |  ✅ |
+| **bookworm-de** | 02.04.2026 16:44 |  ✅ |
+| **bookworm-de** | 02.04.2026 15:37 |  ✅ |
+| **bookworm** | 02.04.2026 14:15 |  ✅ |
diff --git a/VERSION.history b/VERSION.history
index 4c66ee9..f534fd8 100644
--- a/VERSION.history
+++ b/VERSION.history
@@ -1,3 +1,4 @@
+| **bookworm-de** | 09.04.2026 11:58 |  ✅ |
 | **bookworm-de** | 09.04.2026 10:11 |  ✅ |
 | **bookworm-de** | 07.04.2026 19:27 |  ✅ |
 | **bookworm-de** | 07.04.2026 17:38 |  ✅ |
-- 
2.49.1


From e13211de99e7e2f1d6848850c0a524a17b6b8eda Mon Sep 17 00:00:00 2001
From: "info@pi-farm.de" <pi-farm@noreply.git.pi-farm.de>
Date: Thu, 9 Apr 2026 10:45:52 +0000
Subject: [PATCH 54/65] changed to trixie

---
 buildargs.env | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/buildargs.env b/buildargs.env
index b5f14de..95741b4 100644
--- a/buildargs.env
+++ b/buildargs.env
@@ -1,5 +1,5 @@
 ## BUILD STAGE
-BUILD_BASE_IMAGE=debian:bookworm
+BUILD_BASE_IMAGE=debian:trixie
 BUILD_COUNTRY=de
 BUILD_TAG=bookworm-de
 BUILD_TAG_LATEST=n
-- 
2.49.1


From db707cba5377712221dc8143469ab3e0cfcc931e Mon Sep 17 00:00:00 2001
From: Gitea Action <action@pi-farm.de>
Date: Thu, 9 Apr 2026 11:10:38 +0000
Subject: [PATCH 55/65]  [skip ci]

---
 README.md       | 7 ++++---
 VERSION.history | 1 +
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index 2fbbf07..ea14654 100644
--- a/README.md
+++ b/README.md
@@ -11,8 +11,8 @@ This repository is built and pushed automatically.
 ### 🏗️ Platform Support
 | Architecture | Status | Base Image | Build Date |
 | :--- | :--- | :--- | :--- |
-| x86_64 (amd64) | ✅ Active | debian:bookworm | 09.04.2026 11:58 |
-| aarch64 (arm64) | ✅ Active | debian:bookworm | 09.04.2026 11:58 |
+| x86_64 (amd64) | ✅ Active | debian:trixie | 09.04.2026 13:10 |
+| aarch64 (arm64) | ✅ Active | debian:trixie | 09.04.2026 13:10 |
 
 ### 🚀 Docker Pull
 ```bash
@@ -53,11 +53,12 @@ docker run -d \
   git.pi-farm.de/pi-farm/base-image-debian-rdp-ldap:bookworm-de
 ```
 
-*Last updated on: 09.04.2026 11:58*
+*Last updated on: 09.04.2026 13:10*
 
 ### 📜 Version History
 | Version | Date | Status |
 | :--- | :--- | :--- |
+| **bookworm-de** | 09.04.2026 13:10 |  ✅ |
 | **bookworm-de** | 09.04.2026 11:58 |  ✅ |
 | **bookworm-de** | 09.04.2026 10:11 |  ✅ |
 | **bookworm-de** | 07.04.2026 19:27 |  ✅ |
diff --git a/VERSION.history b/VERSION.history
index f534fd8..ffc8bbd 100644
--- a/VERSION.history
+++ b/VERSION.history
@@ -1,3 +1,4 @@
+| **bookworm-de** | 09.04.2026 13:10 |  ✅ |
 | **bookworm-de** | 09.04.2026 11:58 |  ✅ |
 | **bookworm-de** | 09.04.2026 10:11 |  ✅ |
 | **bookworm-de** | 07.04.2026 19:27 |  ✅ |
-- 
2.49.1


From e268a98d80d39e092f8b34b65e004a0cca01dceb Mon Sep 17 00:00:00 2001
From: "info@pi-farm.de" <pi-farm@noreply.git.pi-farm.de>
Date: Thu, 9 Apr 2026 11:33:43 +0000
Subject: [PATCH 56/65] .gitea/workflows/build-and-push.yaml aktualisiert

---
 .gitea/workflows/build-and-push.yaml | 38 ++++++++--------------------
 1 file changed, 11 insertions(+), 27 deletions(-)

diff --git a/.gitea/workflows/build-and-push.yaml b/.gitea/workflows/build-and-push.yaml
index 7351697..c5ab766 100644
--- a/.gitea/workflows/build-and-push.yaml
+++ b/.gitea/workflows/build-and-push.yaml
@@ -23,6 +23,10 @@ jobs:
         run: |
           export TZ=Europe/Berlin
           
+          # FIX 1: Stellt sicher, dass die Datei mit einem Zeilenumbruch endet.
+          # Das verhindert, dass Bash die letzte Zeile beim Einlesen verschluckt.
+          sed -i -e '$a\' buildargs.env
+          
           set -a
           source <(grep -v '^#' buildargs.env | sed 's/\r$//')
           set +a
@@ -34,11 +38,16 @@ jobs:
           
           echo "event_name=${{ gitea.event_name }}" >> $GITHUB_OUTPUT
           
+          # FIX 2: Kugelsicheres Auslesen des Tags direkt aus der Datei.
+          # Trimm-Befehle (tr) entfernen eventuelle unsichtbare Zeichen oder Anführungszeichen.
+          SAFE_BUILD_TAG=$(grep "^BUILD_TAG=" buildargs.env | cut -d'=' -f2 | tr -d '\r' | tr -d '"' | xargs)
+          
           if [[ "${{ gitea.ref }}" == refs/tags/* ]]; then
             CLEAN_TAG=${{ gitea.ref_name }}
             echo "docker_tag=${CLEAN_TAG#v}" >> $GITHUB_OUTPUT
           else
-            echo "docker_tag=${BUILD_TAG:-latest}" >> $GITHUB_OUTPUT
+            # Nutzt jetzt garantiert den direkt extrahierten Wert
+            echo "docker_tag=${SAFE_BUILD_TAG:-latest}" >> $GITHUB_OUTPUT
           fi
           
           OWNER=$(echo "${{ gitea.repository }}" | cut -d'/' -f1 | tr '[:upper:]' '[:lower:]')
@@ -129,7 +138,6 @@ jobs:
           
           BASE_SHA=$(docker buildx imagetools inspect $BASE --format '{{json .Manifest.Digest}}' 2>/dev/null | tr -d '"' || echo "unknown")
 
-          # 1. Architektur-spezifische Builds pushen
           docker buildx build "${DOCKER_ARGS[@]}" -t "$IMAGE_GITEA:tmp-amd64" \
             --pull --platform linux/amd64 -f Dockerfile \
             --label "pi_farm.base_digest=$BASE_SHA" --label "pi_farm.args_hash=$ARGS_HASH" --push .
@@ -138,8 +146,6 @@ jobs:
             --pull --platform linux/arm64 -f Dockerfile.aarch64 \
             --label "pi_farm.base_digest=$BASE_SHA" --label "pi_farm.args_hash=$ARGS_HASH" --push .
           
-          # 2. Multi-Arch Manifest für Gitea erstellen
-          # Wir bauen ein Array für die Tags
           GITEA_MANIFEST_TAGS=("-t" "$IMAGE_GITEA:$TAG")
           if [[ "$BUILD_TAG_LATEST" == "y" ]]; then
             GITEA_MANIFEST_TAGS+=("-t" "$IMAGE_GITEA:latest")
@@ -149,7 +155,6 @@ jobs:
             --annotation "index:pi_farm.base_digest=$BASE_SHA" --annotation "index:pi_farm.args_hash=$ARGS_HASH" \
             "${GITEA_MANIFEST_TAGS[@]}" $IMAGE_GITEA:tmp-amd64 $IMAGE_GITEA:tmp-arm64
 
-          # 3. Multi-Arch Manifest für Docker Hub (optional)
           if [[ "$PUSH" == *"dockerhub"* ]]; then
             DOCKERHUB_REPO="${{ secrets.DOCKERHUB_USERNAME }}/$REPO_PURE"
             DH_MANIFEST_TAGS=("-t" "$DOCKERHUB_REPO:$TAG")
@@ -168,7 +173,6 @@ jobs:
         run: |
           set -x
           
-          # --- 1. VARIABLEN VORBEREITEN ---
           export TZ=Europe/Berlin
           CURRENT_TIME=$(date '+%d.%m.%Y %H:%M')
           BUILD_TAG="${{ steps.prep.outputs.docker_tag }}"
@@ -190,11 +194,9 @@ jobs:
           EOF
           COMMIT_MSG=$(sed 's/\[skip ci\]//g' commit_msg.txt | xargs)
 
-          # --- 2. TEMPLATES LADEN ---
           wget -q https://git.pi-farm.de/pi-farm/templates/raw/branch/main/README.template -O README.template || echo "Warnung: README Template fehlt"
           wget -q https://git.pi-farm.de/pi-farm/templates/raw/branch/main/docker-compose.template -O docker-compose.template || echo "Warnung: Compose Template fehlt"
 
-          # --- 3. VERSION HISTORY ---
           NEW_ROW="| **$BUILD_TAG** | $CURRENT_TIME | $COMMIT_MSG ✅ |"
           if [ -f "VERSION.history" ]; then
              grep -v "| **$BUILD_TAG** |" VERSION.history > VERSION.history.tmp || true
@@ -237,9 +239,6 @@ jobs:
              done <<< "$vol_vars"
           fi
 
-          # --- 5. DOCKER RUN BEFEHL (NEU: Als Datei schreiben) ---
-          # Wir schreiben direkt in eine Datei. Da gibt es keine Interpretationsfehler.
-          # Wichtig: " \\" am Ende der Zeilen explizit hinschreiben.
           {
             echo "docker run -d \\"
             echo "  --name $REPO_PURE \\"
@@ -261,24 +260,20 @@ jobs:
                 fi
               done <<< "$all_params"
             fi
-            # Letzte Zeile OHNE Backslash
             echo "  $FULL_URL:$BUILD_TAG"
           } > docker_run_block.txt
 
-          # --- 6. DOCKER HUB LINK ---
           DOCKERHUB_LINK_CONTENT=""
           if [[ "${{ steps.prep.outputs.push_targets }}" == *"dockerhub"* ]]; then
             DH_USER="${{ secrets.DOCKERHUB_USERNAME }}"
             DOCKERHUB_LINK_CONTENT="[![Docker Hub](https://img.shields.io/badge/docker-hub-blue?logo=docker&logoColor=white)](https://hub.docker.com/r/${DH_USER}/${REPO_PURE})"
           fi
 
-          # --- 7. TEMPLATE ENGINE (Optimiert für File-Injection) ---
           process_template() {
             local template=$1; local output=$2
             [ ! -f "$template" ] && return
             cp "$template" "$output"
             
-            # Simple Ersetzungen
             sed -i "s|__REPO_NAME__|$REPO_PURE|g" "$output"
             sed -i "s|__FULL_URL__|$FULL_URL|g" "$output"
             sed -i "s|__BUILD_TAG__|$BUILD_TAG|g" "$output"
@@ -286,28 +281,23 @@ jobs:
             sed -i "s|__ARM_STATUS__|$ARM_STATUS|g" "$output"
             sed -i "s|__CURRENT_DATE__|$CURRENT_TIME|g" "$output"
             
-            # Komplexe Blöcke: AWK für Strings, SED für Files
             awk -v r="$HISTORY_CONTENT" '{gsub(/__HISTORY_CONTENT__/, r)}1' "$output" > "$output.tmp" && mv "$output.tmp" "$output"
             awk -v r="$DOCKERHUB_LINK_CONTENT" '{gsub(/__DOCKERHUB_LINK__/, r)}1' "$output" > "$output.tmp" && mv "$output.tmp" "$output"
 
-            # NEU: Docker Run Block via File einfügen (sicherste Methode)
             if grep -q "__DOCKER_RUN__" "$output" && [ -f "docker_run_block.txt" ]; then
                sed -e '/__DOCKER_RUN__/{r docker_run_block.txt' -e 'd;}' "$output" > "$output.tmp" && mv "$output.tmp" "$output"
             fi
             
-            # Compose Block via File einfügen
             if grep -q "__COMPOSE_BLOCK__" "$output" && [ -f "docker-compose.yml" ]; then
                sed -e '/__COMPOSE_BLOCK__/{r docker-compose.yml' -e 'd;}' "$output" > "$output.tmp" && mv "$output.tmp" "$output"
             fi
             
-            # ENV/PORTS/VOL Blöcke
             if grep -q "__ENV_BLOCK__" "$output"; then
                awk -v r="$(echo -e "$ENV_BLOCK_CONTENT")" '{gsub(/__ENV_BLOCK__/, r)}1' "$output" > "$output.tmp" && mv "$output.tmp" "$output"
             fi
             awk -v r="$(echo -e "$PORTS_BLOCK_CONTENT")" '{gsub(/__PORTS_BLOCK__/, r)}1' "$output" > "$output.tmp" && mv "$output.tmp" "$output"
             awk -v r="$(echo -e "$VOL_BLOCK_CONTENT")" '{gsub(/__VOL_BLOCK__/, r)}1' "$output" > "$output.tmp" && mv "$output.tmp" "$output"
             
-             # Description als letztes
             if grep -q "__DESCRIPTION__" "$output"; then
                awk -v r="$(echo -e "${DESCRIPTION:-Keine Beschreibung.}")" '{gsub(/__DESCRIPTION__/, r)}1' "$output" > "$output.tmp" && mv "$output.tmp" "$output"
             fi
@@ -316,7 +306,6 @@ jobs:
           process_template "docker-compose.template" "docker-compose.yml"
           process_template "README.template" "README.md"
           
-          # --- 8. EXPORTS ---
           echo "FINAL_MSG=$COMMIT_MSG" >> $GITHUB_ENV
           echo "DESCRIPTION<<EOF" >> $GITHUB_ENV
           echo -e "$DESCRIPTION" >> $GITHUB_ENV
@@ -377,23 +366,18 @@ jobs:
           git config --local user.email "action@pi-farm.de"
           git config --local user.name "Gitea Action"
           
-          # Sicherstellen, dass wir etwas zum Committen haben
           git add VERSION.history README.md docker-compose.yml
           
-          # Nur committen, wenn es Änderungen gibt
           git diff --quiet && git diff --staged --quiet || git commit -m "${{ env.FINAL_MSG }} [skip ci]"
           
-          # Das Tag exakt so setzen, wie es in prep definiert wurde (ohne extra 'v')
           TARGET_TAG="${{ steps.prep.outputs.docker_tag }}"
           git tag -f "$TARGET_TAG"
           
           if [[ "${{ gitea.ref }}" == refs/tags/* ]]; then
             echo "🏷️ Build aus Tag getriggert: $TARGET_TAG"
-            # Wir pushen das Tag (force), um die Doku-Updates einzuschließen
             git push -f origin "$TARGET_TAG"
           else
             echo "🌿 Build aus Branch/Schedule getriggert: ${{ gitea.ref_name }}"
-            # In den Branch pushen (HEAD:branch_name) und das Tag setzen
             git push origin HEAD:${{ gitea.ref_name }}
             git push -f origin "$TARGET_TAG"
           fi
@@ -440,7 +424,7 @@ jobs:
       - name: Cleanup Docker Artifacts
         if: always()
         run: docker image prune -f
-      
+       
       - name: Workflow Summary
         if: always()
         run: |
-- 
2.49.1


From 927fd005a4d459be669083d390ff8c8c7c5fc630 Mon Sep 17 00:00:00 2001
From: Gitea Action <action@pi-farm.de>
Date: Thu, 9 Apr 2026 12:13:23 +0000
Subject: [PATCH 57/65]  [skip ci]

---
 README.md       | 7 ++++---
 VERSION.history | 1 +
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index ea14654..c7ba806 100644
--- a/README.md
+++ b/README.md
@@ -11,8 +11,8 @@ This repository is built and pushed automatically.
 ### 🏗️ Platform Support
 | Architecture | Status | Base Image | Build Date |
 | :--- | :--- | :--- | :--- |
-| x86_64 (amd64) | ✅ Active | debian:trixie | 09.04.2026 13:10 |
-| aarch64 (arm64) | ✅ Active | debian:trixie | 09.04.2026 13:10 |
+| x86_64 (amd64) | ✅ Active | debian:trixie | 09.04.2026 14:13 |
+| aarch64 (arm64) | ✅ Active | debian:trixie | 09.04.2026 14:13 |
 
 ### 🚀 Docker Pull
 ```bash
@@ -53,11 +53,12 @@ docker run -d \
   git.pi-farm.de/pi-farm/base-image-debian-rdp-ldap:bookworm-de
 ```
 
-*Last updated on: 09.04.2026 13:10*
+*Last updated on: 09.04.2026 14:13*
 
 ### 📜 Version History
 | Version | Date | Status |
 | :--- | :--- | :--- |
+| **bookworm-de** | 09.04.2026 14:13 |  ✅ |
 | **bookworm-de** | 09.04.2026 13:10 |  ✅ |
 | **bookworm-de** | 09.04.2026 11:58 |  ✅ |
 | **bookworm-de** | 09.04.2026 10:11 |  ✅ |
diff --git a/VERSION.history b/VERSION.history
index ffc8bbd..285888e 100644
--- a/VERSION.history
+++ b/VERSION.history
@@ -1,3 +1,4 @@
+| **bookworm-de** | 09.04.2026 14:13 |  ✅ |
 | **bookworm-de** | 09.04.2026 13:10 |  ✅ |
 | **bookworm-de** | 09.04.2026 11:58 |  ✅ |
 | **bookworm-de** | 09.04.2026 10:11 |  ✅ |
-- 
2.49.1


From a541090c5fada9ef6391381e46d141d055d3b406 Mon Sep 17 00:00:00 2001
From: "info@pi-farm.de" <pi-farm@noreply.git.pi-farm.de>
Date: Thu, 9 Apr 2026 12:32:36 +0000
Subject: [PATCH 58/65] changed to trixie

---
 buildargs.env | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/buildargs.env b/buildargs.env
index 95741b4..fd3fd3d 100644
--- a/buildargs.env
+++ b/buildargs.env
@@ -1,7 +1,7 @@
 ## BUILD STAGE
 BUILD_BASE_IMAGE=debian:trixie
 BUILD_COUNTRY=de
-BUILD_TAG=bookworm-de
+BUILD_TAG=trixie-de
 BUILD_TAG_LATEST=n
 BUILD_LANG=de_DE.UTF-8
 BUILD_LANGUAGE=de_DE:de
-- 
2.49.1


From fecf8313ebb4bd922972a757eccff4e310d7aa0f Mon Sep 17 00:00:00 2001
From: Gitea Action <action@pi-farm.de>
Date: Thu, 9 Apr 2026 12:58:40 +0000
Subject: [PATCH 59/65]  [skip ci]

---
 README.md          | 13 +++++++------
 VERSION.history    |  1 +
 docker-compose.yml |  2 +-
 3 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/README.md b/README.md
index c7ba806..6269518 100644
--- a/README.md
+++ b/README.md
@@ -11,18 +11,18 @@ This repository is built and pushed automatically.
 ### 🏗️ Platform Support
 | Architecture | Status | Base Image | Build Date |
 | :--- | :--- | :--- | :--- |
-| x86_64 (amd64) | ✅ Active | debian:trixie | 09.04.2026 14:13 |
-| aarch64 (arm64) | ✅ Active | debian:trixie | 09.04.2026 14:13 |
+| x86_64 (amd64) | ✅ Active | debian:trixie | 09.04.2026 14:58 |
+| aarch64 (arm64) | ✅ Active | debian:trixie | 09.04.2026 14:58 |
 
 ### 🚀 Docker Pull
 ```bash
-docker pull git.pi-farm.de/pi-farm/base-image-debian-rdp-ldap:bookworm-de
+docker pull git.pi-farm.de/pi-farm/base-image-debian-rdp-ldap:trixie-de
 ```
 ### 🚀 Docker Compose
 ```yaml
 services:
   base-image-debian-rdp-ldap:
-    image: git.pi-farm.de/pi-farm/base-image-debian-rdp-ldap:bookworm-de
+    image: git.pi-farm.de/pi-farm/base-image-debian-rdp-ldap:trixie-de
     container_name: base-image-debian-rdp-ldap
     restart: unless-stopped
     ports:
@@ -50,14 +50,15 @@ docker run -d \
   -e LDAP_SUDO_GROUP=YOUR-SUDO-USERS-GROUP \
   -v ./YOUR-PERSISTENT-FOLDER:/home \
   -p 3889 \
-  git.pi-farm.de/pi-farm/base-image-debian-rdp-ldap:bookworm-de
+  git.pi-farm.de/pi-farm/base-image-debian-rdp-ldap:trixie-de
 ```
 
-*Last updated on: 09.04.2026 14:13*
+*Last updated on: 09.04.2026 14:58*
 
 ### 📜 Version History
 | Version | Date | Status |
 | :--- | :--- | :--- |
+| **trixie-de** | 09.04.2026 14:58 |  ✅ |
 | **bookworm-de** | 09.04.2026 14:13 |  ✅ |
 | **bookworm-de** | 09.04.2026 13:10 |  ✅ |
 | **bookworm-de** | 09.04.2026 11:58 |  ✅ |
diff --git a/VERSION.history b/VERSION.history
index 285888e..6fd789b 100644
--- a/VERSION.history
+++ b/VERSION.history
@@ -1,3 +1,4 @@
+| **trixie-de** | 09.04.2026 14:58 |  ✅ |
 | **bookworm-de** | 09.04.2026 14:13 |  ✅ |
 | **bookworm-de** | 09.04.2026 13:10 |  ✅ |
 | **bookworm-de** | 09.04.2026 11:58 |  ✅ |
diff --git a/docker-compose.yml b/docker-compose.yml
index de04786..1800b3f 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,6 +1,6 @@
 services:
   base-image-debian-rdp-ldap:
-    image: git.pi-farm.de/pi-farm/base-image-debian-rdp-ldap:bookworm-de
+    image: git.pi-farm.de/pi-farm/base-image-debian-rdp-ldap:trixie-de
     container_name: base-image-debian-rdp-ldap
     restart: unless-stopped
     ports:
-- 
2.49.1


From feeb830faaa25e5174ed156889b479912998f708 Mon Sep 17 00:00:00 2001
From: "info@pi-farm.de" <pi-farm@noreply.git.pi-farm.de>
Date: Thu, 9 Apr 2026 13:04:59 +0000
Subject: [PATCH 60/65] build for bookworm-de

---
 buildargs.env | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/buildargs.env b/buildargs.env
index fd3fd3d..b5f14de 100644
--- a/buildargs.env
+++ b/buildargs.env
@@ -1,7 +1,7 @@
 ## BUILD STAGE
-BUILD_BASE_IMAGE=debian:trixie
+BUILD_BASE_IMAGE=debian:bookworm
 BUILD_COUNTRY=de
-BUILD_TAG=trixie-de
+BUILD_TAG=bookworm-de
 BUILD_TAG_LATEST=n
 BUILD_LANG=de_DE.UTF-8
 BUILD_LANGUAGE=de_DE:de
-- 
2.49.1


From fe8aef04f4a0848928be0e376e13020b66fb80d3 Mon Sep 17 00:00:00 2001
From: Gitea Action <action@pi-farm.de>
Date: Thu, 9 Apr 2026 13:23:37 +0000
Subject: [PATCH 61/65]  [skip ci]

---
 README.md          | 13 +++++++------
 VERSION.history    |  1 +
 docker-compose.yml |  2 +-
 3 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/README.md b/README.md
index 6269518..69b363f 100644
--- a/README.md
+++ b/README.md
@@ -11,18 +11,18 @@ This repository is built and pushed automatically.
 ### 🏗️ Platform Support
 | Architecture | Status | Base Image | Build Date |
 | :--- | :--- | :--- | :--- |
-| x86_64 (amd64) | ✅ Active | debian:trixie | 09.04.2026 14:58 |
-| aarch64 (arm64) | ✅ Active | debian:trixie | 09.04.2026 14:58 |
+| x86_64 (amd64) | ✅ Active | debian:bookworm | 09.04.2026 15:23 |
+| aarch64 (arm64) | ✅ Active | debian:bookworm | 09.04.2026 15:23 |
 
 ### 🚀 Docker Pull
 ```bash
-docker pull git.pi-farm.de/pi-farm/base-image-debian-rdp-ldap:trixie-de
+docker pull git.pi-farm.de/pi-farm/base-image-debian-rdp-ldap:bookworm-de
 ```
 ### 🚀 Docker Compose
 ```yaml
 services:
   base-image-debian-rdp-ldap:
-    image: git.pi-farm.de/pi-farm/base-image-debian-rdp-ldap:trixie-de
+    image: git.pi-farm.de/pi-farm/base-image-debian-rdp-ldap:bookworm-de
     container_name: base-image-debian-rdp-ldap
     restart: unless-stopped
     ports:
@@ -50,14 +50,15 @@ docker run -d \
   -e LDAP_SUDO_GROUP=YOUR-SUDO-USERS-GROUP \
   -v ./YOUR-PERSISTENT-FOLDER:/home \
   -p 3889 \
-  git.pi-farm.de/pi-farm/base-image-debian-rdp-ldap:trixie-de
+  git.pi-farm.de/pi-farm/base-image-debian-rdp-ldap:bookworm-de
 ```
 
-*Last updated on: 09.04.2026 14:58*
+*Last updated on: 09.04.2026 15:23*
 
 ### 📜 Version History
 | Version | Date | Status |
 | :--- | :--- | :--- |
+| **bookworm-de** | 09.04.2026 15:23 |  ✅ |
 | **trixie-de** | 09.04.2026 14:58 |  ✅ |
 | **bookworm-de** | 09.04.2026 14:13 |  ✅ |
 | **bookworm-de** | 09.04.2026 13:10 |  ✅ |
diff --git a/VERSION.history b/VERSION.history
index 6fd789b..e581f26 100644
--- a/VERSION.history
+++ b/VERSION.history
@@ -1,3 +1,4 @@
+| **bookworm-de** | 09.04.2026 15:23 |  ✅ |
 | **trixie-de** | 09.04.2026 14:58 |  ✅ |
 | **bookworm-de** | 09.04.2026 14:13 |  ✅ |
 | **bookworm-de** | 09.04.2026 13:10 |  ✅ |
diff --git a/docker-compose.yml b/docker-compose.yml
index 1800b3f..de04786 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,6 +1,6 @@
 services:
   base-image-debian-rdp-ldap:
-    image: git.pi-farm.de/pi-farm/base-image-debian-rdp-ldap:trixie-de
+    image: git.pi-farm.de/pi-farm/base-image-debian-rdp-ldap:bookworm-de
     container_name: base-image-debian-rdp-ldap
     restart: unless-stopped
     ports:
-- 
2.49.1


From c33bed867e6aa4844a280214f8ebc9f0b5b1ccbe Mon Sep 17 00:00:00 2001
From: "info@pi-farm.de" <pi-farm@noreply.git.pi-farm.de>
Date: Thu, 9 Apr 2026 13:46:27 +0000
Subject: [PATCH 62/65] =?UTF-8?q?config/.gitkeep=20gel=C3=B6scht?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 config/.gitkeep | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 delete mode 100644 config/.gitkeep

diff --git a/config/.gitkeep b/config/.gitkeep
deleted file mode 100644
index e69de29..0000000
-- 
2.49.1


From 3b477fc44f9bc5e8b3244b70a7d23ee939f19a6d Mon Sep 17 00:00:00 2001
From: "info@pi-farm.de" <pi-farm@noreply.git.pi-farm.de>
Date: Thu, 9 Apr 2026 13:47:14 +0000
Subject: [PATCH 63/65] VERSION.history aktualisiert

---
 VERSION.history | 15 ---------------
 1 file changed, 15 deletions(-)

diff --git a/VERSION.history b/VERSION.history
index e581f26..e69de29 100644
--- a/VERSION.history
+++ b/VERSION.history
@@ -1,15 +0,0 @@
-| **bookworm-de** | 09.04.2026 15:23 |  ✅ |
-| **trixie-de** | 09.04.2026 14:58 |  ✅ |
-| **bookworm-de** | 09.04.2026 14:13 |  ✅ |
-| **bookworm-de** | 09.04.2026 13:10 |  ✅ |
-| **bookworm-de** | 09.04.2026 11:58 |  ✅ |
-| **bookworm-de** | 09.04.2026 10:11 |  ✅ |
-| **bookworm-de** | 07.04.2026 19:27 |  ✅ |
-| **bookworm-de** | 07.04.2026 17:38 |  ✅ |
-| **bookworm-de** | 05.04.2026 11:47 |  ✅ |
-| **bookworm-de** | 05.04.2026 11:20 |  ✅ |
-| **bookworm-de** | 04.04.2026 00:31 |  ✅ |
-| **bookworm-de** | 02.04.2026 17:26 |  ✅ |
-| **bookworm-de** | 02.04.2026 16:44 |  ✅ |
-| **bookworm-de** | 02.04.2026 15:37 |  ✅ |
-| **bookworm** | 02.04.2026 14:15 |  ✅ |
-- 
2.49.1


From 52c12da10f4e4d04f2facb5fa48d43ec73ccdca0 Mon Sep 17 00:00:00 2001
From: "info@pi-farm.de" <pi-farm@noreply.git.pi-farm.de>
Date: Thu, 9 Apr 2026 13:49:35 +0000
Subject: [PATCH 64/65] buildargs.env aktualisiert

---
 buildargs.env | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/buildargs.env b/buildargs.env
index b5f14de..5ad767f 100644
--- a/buildargs.env
+++ b/buildargs.env
@@ -24,4 +24,4 @@ ENV_LDAP_SUDO_GROUP=YOUR-SUDO-USERS-GROUP
 VOL_HOME=./YOUR-PERSISTENT-FOLDER:/home
 PORT_RDP=3889
 
-DESCRIPTION="Debian Desktop with LDAP-Authentication. To use behind Guacamole with LDAP-Authentication and pass-through to Debian-Desktop."
\ No newline at end of file
+DESCRIPTION="Debian Desktop with LDAP-Authentication and Pulse-Audio. To use behind Guacamole with LDAP-Authentication and pass-through to Debian-Desktop."
\ No newline at end of file
-- 
2.49.1


From 0a37dc665a8f680df2faf876ccb26eebca25690c Mon Sep 17 00:00:00 2001
From: "info@pi-farm.de" <pi-farm@noreply.git.pi-farm.de>
Date: Thu, 9 Apr 2026 13:50:54 +0000
Subject: [PATCH 65/65] =?UTF-8?q?sssd.conf=20gel=C3=B6scht?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 sssd.conf | 35 -----------------------------------
 1 file changed, 35 deletions(-)
 delete mode 100644 sssd.conf

diff --git a/sssd.conf b/sssd.conf
deleted file mode 100644
index 05e1925..0000000
--- a/sssd.conf
+++ /dev/null
@@ -1,35 +0,0 @@
-[sssd]
-domains = LDAP
-services = nss, pam
-config_file_version = 2
-debug_level = $(SSSD_DEBUG_LEVEL)
-
-[domain/LDAP]
-id_provider = ldap
-auth_provider = ldap
-chpass_provider = ldap
-ldap_schema = $(LDAP_SCHEMA)
-ldap_auth_disable_tls_never_use_in_production = $(LDAP_AUTH_DISABLE_TLS)
-autofs_provider = ldap
-access_provider = simple
-
-ldap_uri = ldap://$(LDAP_URI)
-ldap_default_bind_dn = cn=$(LDAP_BIND_USER),$(LDAP_DOMAIN_DC)
-ldap_default_authtok = $(LDAP_BIND_PASSWORD)
-
-ldap_search_base = $(LDAP_SEARCH_BASE)
-ldap_user_search_base = $(LDAP_USER_SEARCH_BASE)
-ldap_group_search_base = $(LDAP_GROUP_SEARCH_BASE)
-ldap_user_password_attribute = $(LDAP_USER_PASSWORD_ATTRIBUTE)
-ldap_user_object_class = $(LDAP_USER_OBJECT_CLASS)
-ldap_user_name = $(LDAP_USER_NAME)
-ldap_user_dn_attribute = $(LDAP_USER_DN_ATTRIBUTE)
-ldap_group_object_class = $(LDAP_GROUP_OBJECTS_CLASS)
-ldap_id_use_start_tls = $(LDAP_ID_USE_START_TLS)
-ldap_auth_use_start_tls = $(LDAP_AUTH_USE_START_TLS)
-ldap_tls_reqcert = $(LDAP_TLS_REQCERT)
-
-simple_allow_groups = $(LDAP_SIMPLE_ALLOW_GROUPS)
-
-enumerate = True
-cache_credentials = True
\ No newline at end of file
-- 
2.49.1