# 本機 OpenLDAP（LDAP + ZITADEL 整合測試）
#
# 獨立啟動（只跑 LDAP）：
#   docker compose -f deploy/openldap/docker-compose.yml up -d
#   make ldap-wait    # 等 ready 並 seed alice/bob
#
# 或由主 compose 以 profile 啟動：
#   make ldap-up      # profile ldap
#   make k6-up        # profile k6（含 ZITADEL + Postgres + OpenLDAP）
#
# ZITADEL Console 建 LDAP IdP 時，Server 填 ldap://openldap:389（容器網路）
# 本機 ldapsearch 用 localhost:389

services:
  openldap:
    profiles: ["ldap", "k6"]
    image: osixia/openldap:1.5.0
    container_name: gateway-openldap
    restart: unless-stopped
    environment:
      LDAP_ORGANISATION: "GatewayDev"
      LDAP_DOMAIN: "gateway.local"
      LDAP_ADMIN_PASSWORD: "admin"
      LDAP_CONFIG_PASSWORD: "config"
      LDAP_TLS: "false"
    ports:
      - "389:389"
    volumes:
      - openldap_data:/var/lib/ldap
      - openldap_config:/etc/ldap/slapd.d
      # 測試帳號由 make ldap-seed 寫入（勿 :ro 掛 bootstrap，osixia 啟動需 chown 會失敗）
    healthcheck:
      test:
        [
          "CMD",
          "ldapsearch",
          "-x",
          "-H",
          "ldap://localhost",
          "-b",
          "dc=gateway,dc=local",
          "-D",
          "cn=admin,dc=gateway,dc=local",
          "-w",
          "admin",
          "-LLL",
          "-s",
          "base",
          "(objectClass=*)",
          "dn",
        ]
      interval: 5s
      timeout: 5s
      retries: 24
      start_period: 20s

volumes:
  openldap_data:
  openldap_config: