diff --git a/slapd/Dockerfile b/slapd/Dockerfile
index 8b173d6382880a380331dfcd176afa99b5e61f5f..6a254ad6a525f7dbcfd505a70ce429e98398f112 100644
--- a/slapd/Dockerfile
+++ b/slapd/Dockerfile
@@ -1,5 +1,6 @@
 FROM debian:stretch-slim
-RUN apt-get update && \
+RUN echo 'deb http://deb.debian.org/debian stretch-backports main' > /etc/apt/sources.list.d/backports.list && \
+    apt-get update && \
     DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
         gnutls-bin \
         ldap-utils \
@@ -8,9 +9,10 @@ RUN apt-get update && \
     mkdir -p /run/slapd && \
     rm -rf /tmp/* /var/tmp/* /var/lib/apt/lists/* /var/cache/apt/archives/*
 COPY entrypoint /
-EXPOSE 389
+EXPOSE 389 636
 VOLUME [ "/var/lib/ldap" ]
-ENV LDAP_URLS="ldap:/// ldapi:/// ldaps:///"
+ENV LDAP_URLS="ldap:/// ldapi:/// ldaps:///" \
+    SLAPD_DEBUG_LEVEL="NONE"
 ENTRYPOINT [ "/entrypoint" ]
-CMD [ "slapd", "-F", "/etc/ldap/slapd.d", "-u", "openldap", "-g", "openldap", "-h", "\"$LDAP_URLS\"", "-d", "NONE" ]
+CMD [ "slapd", "-F", "/etc/ldap/slapd.d", "-u", "openldap", "-g", "openldap", "-h", "\"$LDAP_URLS\"", "-d", "$SLAPD_DEBUG_LEVEL" ]
 HEALTHCHECK CMD ldapsearch -b cn=config -H ldapi:/// > /dev/null || exit 1
diff --git a/slapd/entrypoint b/slapd/entrypoint
index 00205a9db9cdeef9c5e5ce7b57b1c6f1d1c7eea7..b92073b51c48612a427d877e4af1e245f2c6c04b 100755
--- a/slapd/entrypoint
+++ b/slapd/entrypoint
@@ -4,33 +4,15 @@ set -eux
 chown -R openldap:openldap /run/slapd
 chown -R openldap:openldap /var/lib/ldap
 
-if [ -n "${LDAP_ROOTPASS:-}" ]
-then
-cat <<EOF | debconf-set-selections
-slapd slapd/internal/generated_adminpw password ${LDAP_ROOTPASS}
-slapd slapd/internal/adminpw password ${LDAP_ROOTPASS}
-slapd slapd/password2 password ${LDAP_ROOTPASS}
-slapd slapd/password1 password ${LDAP_ROOTPASS}
+cat << EOF | debconf-set-selections -v
+slapd slapd/internal/generated_adminpw password ${LDAP_ROOTPASS:-}
+slapd slapd/internal/adminpw password ${LDAP_ROOTPASS:-}
+slapd slapd/password2 password ${LDAP_ROOTPASS:-}
+slapd slapd/password1 password ${LDAP_ROOTPASS:-}
+slapd slapd/domain string ${LDAP_DOMAIN:-}
+slapd shared/organization string ${LDAP_ORGANIZATION:-}
 EOF
-fi
 
-if [ -n "${LDAP_DOMAIN:-}" ]
-then
-cat <<EOF | debconf-set-selections
-slapd slapd/domain string ${LDAP_DOMAIN}
-EOF
-fi
-
-if [ -n "${LDAP_ORGANIZATION:-}" ]
-then
-cat <<EOF | debconf-set-selections
-slapd shared/organization string ${LDAP_ORGANIZATION}
-EOF
-fi
-
-if [ -n "${LDAP_ROOTPASS:-}" ] || [ -n "${LDAP_DOMAIN:-}" ] || [ -n "${LDAP_ORGANIZATION:-}" ]
-then
-    dpkg-reconfigure -f noninteractive slapd
-fi
+dpkg-reconfigure -f noninteractive slapd
 
 eval exec "$@"