diff --git a/README.md b/README.md
index e850d03ec96ffe05c2677ac3ff8c54f204bb18e2..b49c1d5db93d8ccec9383cc3ee30d2d37a99f1d4 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,6 @@
# LDAP Docker
-> A dockerized OpenLDAP with phpLDAPadmin webui.
+> A dockerized OpenLDAP with LDAP Account Manager.
## Requirements
diff --git a/docker-compose.yml b/docker-compose.yml
index d19800a112fda4baeeb7668c26410d907f03b0cb..565378e08b39e94e7164831139a5cc92bcb1d230 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -11,18 +11,28 @@ services:
LDAP_ROOTPASS: foo
LDAP_DOMAIN: nowhere.com
LDAP_ORGANIZATION: none
- phpldapadmin:
+
+ nss-pam-ldapd:
build:
- context: phpldapadmin/
+ context: nss-pam-ldapd/
+ command: /usr/sbin/nslcd --debug --nofork
+ environment:
+ LDAP_BASE_DN: 'dc=nowhere,dc=com'
+ volumes:
+ - _run_ldap:/run/slapd
+
+ ldap-account-manager:
+ build:
+ context: ldap-account-manager/
links:
- slapd
volumes:
- _run_ldap:/run/slapd
- environment:
- PLA_BASE_DN: 'dc=nowhere,dc=com'
- PLA_BIND_ID: 'cn=admin,dc=nowhere,dc=com'
+ - ldap-account-manager:/var/lib/ldap-account-manager
ports:
- 80:80
+
volumes:
_run_ldap:
ldap:
+ ldap-account-manager:
diff --git a/phpldapadmin/.dockerignore b/ldap-account-manager/.dockerignore
similarity index 100%
rename from phpldapadmin/.dockerignore
rename to ldap-account-manager/.dockerignore
diff --git a/ldap-account-manager/Dockerfile b/ldap-account-manager/Dockerfile
new file mode 100644
index 0000000000000000000000000000000000000000..f89d5056a1b9b0373fb3b3673544b8ccc7615838
--- /dev/null
+++ b/ldap-account-manager/Dockerfile
@@ -0,0 +1,27 @@
+FROM debian:buster-slim
+RUN apt-get update && \
+ DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
+ ldap-account-manager\
+ wget \
+ && \
+ ln -sf /dev/stdout /var/log/apache2/access.log && \
+ ln -sf /dev/stderr /var/log/apache2/error.log && \
+ ln -sf /dev/stdout /var/log/apache2/lam.log && \
+ mv /etc/ldap-account-manager/config.cfg /var/lib/ldap-account-manager/config/config.cfg && \
+ ln -sf /var/lib/ldap-account-manager/config/config.cfg /etc/ldap-account-manager/config.cfg && \
+ mv /var/lib/ldap-account-manager /var/lib/ldap-account-manager.orig && \
+ mkdir -m 755 /var/lib/ldap-account-manager && \
+ sed -i 's@SYSLOG@/var/log/apache2/lam.log@' /var/lib/ldap-account-manager.orig/config/config.cfg && \
+ sed -i '/<\/VirtualHost>/i RedirectMatch permanent "^/$" "/lam"' /etc/apache2/sites-enabled/000-default.conf && \
+ rm -rf /tmp/* /var/tmp/* /var/lib/apt/lists/* /var/cache/apt/archives/*
+COPY --chown=root:root entrypoint /entrypoint
+ENV APACHE_RUN_DIR=/run/apache2 \
+ APACHE_LOG_DIR=/var/log/apache2 \
+ APACHE_RUN_USER=www-data \
+ APACHE_RUN_GROUP=www-data \
+ APACHE_PID_FILE=/run/apache2/apache2.pid
+EXPOSE 80
+VOLUME /var/lib/ldap-account-manager
+ENTRYPOINT [ "/entrypoint" ]
+CMD [ "apache2", "-DFOREGROUND" ]
+HEALTHCHECK CMD wget --spider --quiet http://localhost/lam || exit 1
diff --git a/ldap-account-manager/README.md b/ldap-account-manager/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..9ff062e4d9a4c54a2c6692374bdd58fe52c331bc
--- /dev/null
+++ b/ldap-account-manager/README.md
@@ -0,0 +1,10 @@
+# LDAP Account Manager
+
+> Dockerized LDAP Account Manager.
+
+## Usage
+
+The image isn't configured with environment variables, instead it uses a volume
+for `/var/lib/ldap-account-manager` that contains the application's
+configuration files. On first run the default files are copied to the volume and
+the configuration is done through the application itself.
diff --git a/ldap-account-manager/entrypoint b/ldap-account-manager/entrypoint
new file mode 100755
index 0000000000000000000000000000000000000000..3095d2067bf0e89bf3ca0d4b7a5f566d656e14a8
--- /dev/null
+++ b/ldap-account-manager/entrypoint
@@ -0,0 +1,7 @@
+#!/bin/sh
+set -eux
+
+chown root:root /var/lib/ldap-account-manager
+chmod 755 /var/lib/ldap-account-manager
+cp --archive --no-clobber --verbose --no-target-directory /var/lib/ldap-account-manager.orig /var/lib/ldap-account-manager
+eval exec "$@"
diff --git a/nss-pam-ldapd/.dockerignore b/nss-pam-ldapd/.dockerignore
new file mode 100644
index 0000000000000000000000000000000000000000..dd449725e188f816bcebfc05678064efcbc29a81
--- /dev/null
+++ b/nss-pam-ldapd/.dockerignore
@@ -0,0 +1 @@
+*.md
diff --git a/nss-pam-ldapd/Dockerfile b/nss-pam-ldapd/Dockerfile
new file mode 100644
index 0000000000000000000000000000000000000000..b9c274f8b3ec4760c6d03c86fe16671ea180beab
--- /dev/null
+++ b/nss-pam-ldapd/Dockerfile
@@ -0,0 +1,21 @@
+FROM debian:stretch-slim
+RUN apt-get update && \
+ DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
+ ca-certificates \
+ gosu \
+ libnss-ldapd \
+ libpam-ldapd \
+ && \
+ mkdir -p /run/nslcd && \
+ chown -R nslcd:nslcd /run/nslcd/ && \
+ sed -i 's/compat/compat ldap/g' /etc/nsswitch.conf && \
+ rm -rf /tmp/* /var/tmp/* /var/lib/apt/lists/* /var/cache/apt/archives/* /etc/nslcd.conf
+COPY --chown=root:root entrypoint /
+ENV LDAP_URIS=ldapi:/// \
+ LDAP_AUTH_TYPE=none \
+ LDAP_STARTTLS=false \
+ LDAP_BASE_DN="dc=trusted" \
+ LDAP_CACERTFILE=/etc/ssl/certs/ca-certificates.crt
+ENTRYPOINT [ "/entrypoint" ]
+CMD [ "/usr/sbin/nslcd", "--nofork" ]
+HEALTHCHECK CMD pgrep nslcd || exit 1
diff --git a/nss-pam-ldapd/README.md b/nss-pam-ldapd/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..46bdbc8786218f50ada6480a84d563c17d34b1e1
--- /dev/null
+++ b/nss-pam-ldapd/README.md
@@ -0,0 +1,20 @@
+# nss-pam-ldapd
+
+> Dockerized example nss-pam-ldapd.
+
+## Usage
+
+The process running inside the container is `nslcd` which is the nameserver
+daemon. To use this container, execute a different process (like `su` or
+`getent`) inside the container.
+
+## Environment variables
+
+Name | Default value
+--- | ---
+`LDAP_URIS` | `ldapi:///`
+`LDAP_AUTH_TYPE` | `none`
+`LDAP_BINDDN`
+`LDAP_STARTTLS` | `false`
+`LDAP_BASE_DN` | `dc=trusted`
+`LDAP_CACERTFILE` | `/etc/ssl/certs/ca-certificates.crt`
diff --git a/nss-pam-ldapd/entrypoint b/nss-pam-ldapd/entrypoint
new file mode 100755
index 0000000000000000000000000000000000000000..356b649b1606eedb3029405cb251e79f02482378
--- /dev/null
+++ b/nss-pam-ldapd/entrypoint
@@ -0,0 +1,24 @@
+#!/bin/sh
+set -eux
+
+chown -R nslcd:nslcd /run/nslcd
+
+cat << EOF | debconf-set-selections -v
+nslcd nslcd/ldap-uris string ${LDAP_URIS:-}
+nslcd nslcd/ldap-bindpw password ${LDAP_BINDPW:-}
+nslcd nslcd/ldap-auth-type select ${LDAP_AUTH_TYPE:-}
+nslcd nslcd/ldap-binddn string ${LDAP_BINDDN:-}
+nslcd nslcd/ldap-sasl-authcid string ${LDAP_SASL_AUTHCID:-}
+nslcd nslcd/ldap-reqcert select ${LDAP_REQCERT:-}
+nslcd nslcd/ldap-sasl-realm string ${LDAP_SASL_REALM:-}
+nslcd nslcd/ldap-starttls boolean ${LDAP_STARTTLS:-}
+nslcd nslcd/ldap-base string ${LDAP_BASE_DN:-}
+nslcd nslcd/ldap-sasl-authzid string ${LDAP_SASL_AUTHZID:-}
+nslcd nslcd/ldap-sasl-mech select ${LDAP_SASL_MECH:-}
+nslcd nslcd/ldap-cacertfile string ${LDAP_CACERTFILE:-}
+nslcd nslcd/ldap-sasl-secprops string ${LDAP_SASL_SECPROPS:-}
+EOF
+
+dpkg-reconfigure -f noninteractive nslcd
+
+eval exec gosu "nslcd:nslcd" "$@"
diff --git a/phpldapadmin/Dockerfile b/phpldapadmin/Dockerfile
deleted file mode 100644
index c4043961c9b266a0d71b886d1faa1e29d65dbde2..0000000000000000000000000000000000000000
--- a/phpldapadmin/Dockerfile
+++ /dev/null
@@ -1,11 +0,0 @@
-FROM alpine:3.8
-RUN apk add --update --no-cache phpldapadmin php5-apache2 php5-openssl && \
- ln -sf /dev/stdout /var/log/apache2/access.log && \
- ln -sf /dev/stderr /var/log/apache2/error.log && \
- mkdir -p /run/apache2/
-
-COPY --chown=root:root config.php /usr/share/webapps/phpldapadmin/config/
-COPY --chown=root:root phpldapadmin.conf /etc/apache2/conf.d/
-ENV PLA_HOST=ldapi://%2frun%2fslapd%2fldapi
-CMD [ "httpd", "-DFOREGROUND" ]
-HEALTHCHECK CMD wget --spider --quiet http://localhost/htdocs/index.php || exit 1
diff --git a/phpldapadmin/README.md b/phpldapadmin/README.md
deleted file mode 100644
index 296b2c6ddea0e372dff3976a3d5dffc350f42bf2..0000000000000000000000000000000000000000
--- a/phpldapadmin/README.md
+++ /dev/null
@@ -1,15 +0,0 @@
-# phpLDAPadmin
-
-> Dockerized phpLDAPadmin.
-
-## Environment variables
-
-Name | Default value
---- | ---
-`PLA_NAME` | `LDAP server`
-`PLA_HOST` | `slapd`
-`PLA_PORT` | `389`
-`PLA_BASE` |
-`PLA_AUTH_TYPE` | `cookie`
-`PLA_BIND_ID` |
-`PLA_TLS` | `false`
diff --git a/phpldapadmin/config.php b/phpldapadmin/config.php
deleted file mode 100644
index 616618e2787f09e89d3f21799f0399d7968549b3..0000000000000000000000000000000000000000
--- a/phpldapadmin/config.php
+++ /dev/null
@@ -1,14 +0,0 @@
-<?php
-
-$servers = new Datastore();
-
-$servers->newServer('ldap_pla');
-$servers->setValue('server', 'name', getenv('PLA_NAME') ?: 'LDAP Server');
-$servers->setValue('server', 'host', getenv('PLA_HOST') ?: 'slapd');
-$servers->setValue('server', 'port', getenv('PLA_PORT') ?: '389');
-$servers->setValue('server', 'base', array(getenv('PLA_BASE_DN') ?: ''));
-$servers->setValue('login', 'auth_type', getenv('PLA_AUTH_TYPE') ?: 'cookie');
-$servers->setValue('login', 'bind_id', getenv('PLA_BIND_ID') ?: '');
-$servers->setValue('server', 'tls', strtolower(getenv('PLA_TLS') ?: 'false') == 'true');
-
-?>
diff --git a/phpldapadmin/phpldapadmin.conf b/phpldapadmin/phpldapadmin.conf
deleted file mode 100644
index 8d78331e1ce2678d8d3855d31c23facaaaff1e34..0000000000000000000000000000000000000000
--- a/phpldapadmin/phpldapadmin.conf
+++ /dev/null
@@ -1,39 +0,0 @@
-<VirtualHost _default_:80>
- DocumentRoot /usr/share/webapps/phpldapadmin/
-</VirtualHost>
-
-<Directory /usr/share/webapps/phpldapadmin/>
-
- DirectoryIndex index.php
- Options +FollowSymLinks
- AllowOverride None
-
- Require all granted
-
- <IfModule mod_mime.c>
-
- <IfModule mod_php5.c>
- AddType application/x-httpd-php .php
-
- php_flag magic_quotes_gpc Off
- php_flag track_vars On
- php_flag register_globals Off
- php_value include_path .
- </IfModule>
-
- <IfModule !mod_php5.c>
- <IfModule mod_actions.c>
- <IfModule mod_cgi.c>
- AddType application/x-httpd-php .php
- Action application/x-httpd-php /cgi-bin/php5
- </IfModule>
- <IfModule mod_cgid.c>
- AddType application/x-httpd-php .php
- Action application/x-httpd-php /cgi-bin/php5
- </IfModule>
- </IfModule>
- </IfModule>
-
- </IfModule>
-
-</Directory>