diff --git a/docker-compose.yml b/docker-compose.yml
index f25b9e48ee7804968ee320d54134c5f592e4e24c..9dd84c9a61fc044a36f52d6df316ef9c744e942c 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -21,6 +21,8 @@ services:
     build:
       context: nss-pam-ldapd/
     command: /usr/sbin/nslcd --debug --nofork
+    depends_on:
+      - ldap
     environment:
       LDAP_BASE_DN: "${LDAP_BASE_DN:-dc=nowhere,dc=com}"
     volumes:
@@ -29,21 +31,21 @@ services:
   ldap-account-manager:
     build:
       context: ldap-account-manager/
-    links:
+    depends_on:
       - ldap
+    environment:
+      LAM_PASSWORD: "${LAM_PASSWORD:-foo}"
+      LDAP_ADMIN_DN: "cn=admin,${LDAP_BASE_DN:-dc=nowhere,dc=com}"
+      LDAP_BASE_DN: "${LDAP_BASE_DN:-dc=nowhere,dc=com}"
     ports:
       - 80:80
     restart: always
     volumes:
       - _run_slapd:/run/slapd
-      - ldap-account-manager:/var/lib/ldap-account-manager
 
 volumes:
   _run_slapd:
   ldap:
-  ldap-account-manager:
-    labels:
-      snapshot: 'true'
   backup_ldap:
     labels:
       snapshot: 'true'
diff --git a/ldap-account-manager/Dockerfile b/ldap-account-manager/Dockerfile
index 0d55bb893cd29c328f6834cc086db2c338e13165..050bf23dca86885057f4d5dd6112028cf3959adb 100644
--- a/ldap-account-manager/Dockerfile
+++ b/ldap-account-manager/Dockerfile
@@ -1,20 +1,18 @@
 FROM debian:sid-slim
+# hadolint ignore=DL3008
 RUN apt-get update && \
     DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
-        ca-certificates=20190110 \
-        ldap-account-manager=6.7-1 \
-        patch=2.7.6-4 \
-        wget=1.20.1-1.1 \
+        ca-certificates \
+        gettext-base \
+        ldap-account-manager \
+        patch \
+        wget \
     && \
     chmod 755 /var/log/apache2 && \
     ln -sf /dev/stdout /var/log/apache2/access.log && \
     ln -sf /dev/stderr /var/log/apache2/error.log && \
     ln -sf /dev/stdout /var/log/apache2/lam.log && \
     ln -sf /dev/stdout /var/log/apache2/other_vhosts_access.log && \
-    mv /etc/ldap-account-manager/config.cfg /var/lib/ldap-account-manager/config/config.cfg && \
-    ln -sf /var/lib/ldap-account-manager/config/config.cfg /etc/ldap-account-manager/config.cfg && \
-    mv /var/lib/ldap-account-manager /var/lib/ldap-account-manager.orig && \
-    mkdir -m 755 /var/lib/ldap-account-manager && \
     rm -rf /tmp/* /var/tmp/* /var/lib/apt/lists/* /var/cache/apt/archives/*
 ENV APACHE_RUN_DIR=/run/apache2 \
     APACHE_LOG_DIR=/var/log/apache2 \
@@ -23,10 +21,12 @@ ENV APACHE_RUN_DIR=/run/apache2 \
     APACHE_PID_FILE=/run/apache2/apache2.pid
 COPY --chown=root:root patch.diff /root/
 COPY --chown=root:root entrypoint /entrypoint
+COPY --chown=root:root lam-setpass /usr/local/sbin/
 RUN patch --strip 0 --verbose --directory / --input /root/patch.diff && \
     apache2 -t
+ENV LDAP_URI=ldapi:/// \
+    LAM_PASSWORD=lam
 EXPOSE 80
-VOLUME /var/lib/ldap-account-manager
 ENTRYPOINT [ "/entrypoint" ]
 CMD [ "apache2", "-DFOREGROUND" ]
 HEALTHCHECK CMD wget --spider --quiet http://localhost/lam/ --user-agent 'Healthcheck' || exit 1
diff --git a/ldap-account-manager/README.md b/ldap-account-manager/README.md
index d054ca8a303308840aa79126378f75a1f50ba875..b333d630b3ee93849db92842f44f79987d1583e4 100644
--- a/ldap-account-manager/README.md
+++ b/ldap-account-manager/README.md
@@ -2,13 +2,14 @@
 
 > Dockerized LDAP Account Manager.
 
-## Usage
+## Environment variables
 
-The image isn't configured with environment variables, instead it uses a volume
-for `/var/lib/ldap-account-manager` that contains the application's
-configuration files. On first run the default files are copied to the volume and
-the configuration is done through the application itself. The default master
-password is `lam`.
+Name | Description | Default value
+--- | --- | ---
+`LAM_PASSWORD` | Password for administrating LAM | `lam`
+`LDAP_URI` | URI of the LDAP service | `ldapi:///`
+`LDAP_ADMIN_DN` | DN of the admin account
+`LDAP_BASE_DN` | Base DN
 
 ## License
 
diff --git a/ldap-account-manager/entrypoint b/ldap-account-manager/entrypoint
index 3b311275406ea8dd8932a165d6d54ecc06a16967..d31a3d0390ecb4121ac20e261c75bd47ef0723f4 100755
--- a/ldap-account-manager/entrypoint
+++ b/ldap-account-manager/entrypoint
@@ -1,6 +1,15 @@
 #!/bin/sh
 set -eux
 
-install -d -m 755 -o root -g root /var/lib/ldap-account-manager
-cp --archive --no-clobber --verbose --no-target-directory /var/lib/ldap-account-manager.orig /var/lib/ldap-account-manager
+# Render environment variables in the config file.
+tempfile="$(mktemp)"
+envsubst < /var/lib/ldap-account-manager/config/lam.conf > "$tempfile"
+cat "$tempfile" > /var/lib/ldap-account-manager/config/lam.conf
+rm "$tempfile"
+
+# Set the password and unset the variable from memory.
+chroot --userspec=www-data / /usr/local/sbin/lam-setpass "$LAM_PASSWORD"
+unset LAM_PASSWORD
+
+# Start the process.
 eval exec "$@"
diff --git a/ldap-account-manager/lam-setpass b/ldap-account-manager/lam-setpass
new file mode 100755
index 0000000000000000000000000000000000000000..51df3cd6d814719b204ead947f75c4596b47da7a
--- /dev/null
+++ b/ldap-account-manager/lam-setpass
@@ -0,0 +1,15 @@
+#!/usr/bin/env php
+<?php
+
+include_once('/usr/share/ldap-account-manager/lib/config.inc');
+
+// For the general settings.
+$cfg = new LAMCfgMain();
+$cfg->setPassword($argv[1]);
+$cfg->save();
+
+// For the server profiles.
+$conf = new LAMConfig("lam");
+$conf->set_Passwd($argv[1]);
+$conf->save();
+
diff --git a/ldap-account-manager/patch.diff b/ldap-account-manager/patch.diff
index 6b477235c3943bc0f0c881432ada809209ac2958..e59e497f9d45ae2e84ce1395b105fe6cc141f201 100644
--- a/ldap-account-manager/patch.diff
+++ b/ldap-account-manager/patch.diff
@@ -1,5 +1,5 @@
---- /var/lib/ldap-account-manager.orig/config/config.cfg	2019-03-25 18:21:36.000000000 +0200
-+++ /var/lib/ldap-account-manager.orig/config/config.cfg	2019-06-25 14:18:51.906120546 +0300
+--- /etc/ldap-account-manager/config.cfg	2019-03-25 18:21:36.000000000 +0200
++++ /etc/ldap-account-manager/config.cfg	2019-06-25 14:18:51.906120546 +0300
 @@ -9,4 +9,4 @@
  logLevel: 4
  
@@ -26,3 +26,46 @@
  </VirtualHost>
  
  # vim: syntax=apache ts=4 sw=4 sts=4 sr noet
+--- /var/lib/ldap-account-manager/config/lam.conf	2019-09-20 23:14:19.000000000 +0300
++++ /var/lib/ldap-account-manager/config/lam.conf	2019-09-20 23:59:56.291338527 +0300
+@@ -5,22 +5,22 @@
+ ###################################################################################################
+ 
+ # server address (e.g. ldap://localhost:389 or ldaps://localhost:636)
+-ServerURL: ldap://localhost:389
++ServerURL: ${LDAP_URI}
+ 
+ # list of users who are allowed to use LDAP Account Manager
+ # names have to be seperated by semicolons
+ # e.g. admins: cn=admin,dc=yourdomain,dc=org;cn=root,dc=yourdomain,dc=org
+-Admins: cn=Manager,dc=my-domain,dc=com
++Admins: ${LDAP_ADMIN_DN}
+ 
+ # password to change these preferences via webfrontend (default: lam)
+ Passwd: lam
+ 
+ # suffix of tree view
+ # e.g. dc=yourdomain,dc=org
+-treesuffix: dc=yourdomain,dc=org
++treesuffix: ${LDAP_BASE_DN}
+ 
+ # default language (a line from config/language)
+-defaultLanguage: en_GB.utf8
++defaultLanguage: en_US.utf8
+ 
+ # Path to external Script
+ scriptPath:
+@@ -52,11 +52,11 @@
+ activeTypes: user,group
+ 
+ 
+-types: suffix_user: ou=People,dc=my-domain,dc=com
++types: suffix_user: ou=People,${LDAP_BASE_DN}
+ types: attr_user: #uid;#givenName;#sn;#uidNumber;#gidNumber
+ types: modules_user: inetOrgPerson,posixAccount,shadowAccount
+ 
+-types: suffix_group: ou=group,dc=my-domain,dc=com
++types: suffix_group: ou=group,${LDAP_BASE_DN}
+ types: attr_group: #cn;#gidNumber;#memberUID;#description
+ types: modules_group: posixGroup
+