version: "3.5"

services:
  ldap-admin:
    image: osixia/phpldapadmin:0.7.2
    restart: unless-stopped
    depends_on:
      - ldap
    environment:
      - PHPLDAPADMIN_LDAP_HOSTS=ldap
      - PHPLDAPADMIN_HTTPS=false
    networks:
      - ldap-net
      - web-net

  password-self-service:
    image: tiredofit/self-service-password:3.0
    restart: unless-stopped
    domainname: ${LDAP_DOMAIN}
    depends_on:
      - ldap
      - mail
    environment:
      - SSP_VERSION=1.3
      - LDAP_SERVER=ldap://ldap:389
      - LDAP_BINDDN=cn=admin,${LDAP_BASE_DN}
      - LDAP_BINDPASS=${LDAP_ADMIN_PASSWORD}
      - LDAP_BASE_SEARCH=${LDAP_BASE_DN}
      - MAIL_FROM=noreply@${LDAP_DOMAIN}
      - SMTP_HOST=mail
      - SMTP_PORT=25
      - SMTP_SECURE_TYPE=false
      - SMTP_AUTOTLS=false
      - QUESTIONS_ENABLED=false
      - PASSWORD_NO_REUSE=true
      - WHO_CAN_CHANGE_PASSWORD=user
      - SECRETEKEY=${SELF_SERVICE_SECRETEKEY}
      - BACKGROUND=.
      - PASSWORD_MIN_LENGTH=${SELF_SERVICE_PASSWORD_MIN_LENGTH}
      - PASSWORD_MAX_LENGTH=${SELF_SERVICE_PASSWORD_MAX_LENGTH}
      - PASSWORD_MIN_LOWERCASE=${SELF_SERVICE_PASSWORD_MIN_LOWERCASE}
      - PASSWORD_MIN_UPPERCASE=${SELF_SERVICE_PASSWORD_MIN_UPPERCASE}
      - PASSWORD_MIN_DIGIT=${SELF_SERVICE_PASSWORD_MIN_DIGIT}
      - PASSWORD_MIN_SPECIAL=${SELF_SERVICE_PASSWORD_MIN_SPECIAL}
      - PASSWORD_HASH=CRYPT
    env_file:
      - password-self-service.env
    expose:
      - "80"
    networks:
      - web-net     # provide web-frontend
      - ldap-net    # access ldap user base and write passwords
      - kopano-net  # send mail directly to mailstack