services:
  baseimage-debian-rdp-ldap:
    image: git.pi-farm.de/pi-farm/baseimage-debian-rdp-ldap:bookworm-de
    container_name: baseimage-debian-rdp-ldap
    restart: unless-stopped
    ports:
      - 3889
    environment:
      - SSSD_DEBUG_LEVEL=9
      - LDAP_SCHEMA=rfc2307bis
      - LDAP_AUTH_DISABLE_TLS=true
      - LDAP_SERVER_URI=URL-OF-YOUR-LDAP-SERVER
      - LDAP_BIND_USER=admin
      - LDAP_DOMAIN_DC=dc=YOUR-DOMAIN,dc=COM
      - LDAP_BIND_PASSWORD=YOUR-SUPER-SECRET-PASSWORD
      - LDAP_SEARCH_BASE=dc=YOUR-DOMAIN,dc=COM
      - LDAP_USER_SEARCH_BASE=ou=users,dc=YOUR-DOMAIN,dc=COM
      - LDAP_GROUP_SEARCH_BASE=dc=YOUR-DOMAIN,dc=COM
      - LDAP_USER_PASSWORD_ATTRIBUTE=userPassword
      - LDAP_USER_OBJECT_CLASS=posixAccount
      - LDAP_USER_NAME=uid
      - LDAP_USER_DN_ATTRIBUTE=cn
      - LDAP_GROUP_OBJECTS_CLASS=posixGroup
      - LDAP_ID_USE_START_TLS=false
      - LDAP_AUTH_USE_START_TLS=false
      - LDAP_TLS_REQCERT=never
      - LDAP_SIMPLE_ALLOW_GROUPS=users
    volumes:
      - ./sssd.conf:/etc/sssd/sssd.conf:ro
      - ./home:/home