The SSL-terminating proxy should have that hostname.

The external name for it.

- GitLab CI templates.
- Pre-commit snippet.
- Address pre-commit issues.

A lot of different fixes. What I have in production right now.

Run as a limited user and bind to the regular HTTP port using file
capabilities.

- Relax the permission on /etc/ssl to allow generating snakeoil
certificate and key.
- Grant the slapd binary CAP_NET_BIND_SERVICE to allow binding to
privileged ports.
- Change owner of /etc/ldap/ldap.conf to allow modifying it in
entrypoint.
- Prepopulate volumes with the correct ownership, permissions and
directory structure to avoid doing it in the entrypoint without root.

- Use port 8080 (http-alt) instead of port 80 (a priviliged port).
- Run Apache with the www-data user.
- Enable the Apache status module.

- Update base image to Debian Buster.
- Install pamtester in the image.

Use the Docker Hub images for caching and keep the names the same were
applicable.

Instead of a persistent volume with the configuration, use environment
variables.

- Use a single volume for the config and data LDAP directories, easier
to keep in sync in different cases (backups, migration).
- Add backup script, save to backup volume.
- Allow passing the location of the SSL key and cert to enable SSL,
otherwise a self-signed certificate and key are generated with the FQDN
of the container.
- Drop the dockerfile-lint linter, didn't give any useful advice.
- Change base image to Debian Buster.
- Set stopsignal for the container.
- Allow setting the log level.
- Unset the cleartext root password environment variable.

- Set the client configuration (/etc/ldap/ldap.conf) according to the
environment variables.
- Add LDAP_REQCERT environment variable to set the certificate
validation.

- hadolint and docker-compose config.
- Fix what hadolint complained about.

- Name the slapd service as ldap (in case it's replaced by a different
LDAP server).
- Allow overriding the default environment variables (preparation for an
actual deployment).

- Specify the `/run/slapd` volume in the Dockerfile.
- Document TCP ports and Unix socket for slapd.

- Use a patch to change the configuration files (instead of fiddling
with sed).
- Don't log the healthcheck requests.

network to communicate with other containers.

- ldap-account-manager is not available on Debian buster right now, use
Debian sid instead.
- Document the default password.

- Replaced phpLDAPadmin with ldap-account-manager as the webui.
- Added nss-pam-ldapd as a test client.

- Allow setting a debug level environment variable.
- Expose port 636 (ldaps).
- Install newer version of slapd from Debian backports.
- Cleaned up the entrypoint script.