2 files changed, 8 insertions, 2 deletions

diff --git a/playbooks/roles/kanidm/templates/stacks/docker-compose.yml b/playbooks/roles/kanidm/templates/stacks/docker-compose.yml
index 8ba1c98..7f568e8 100644
--- a/playbooks/roles/kanidm/templates/stacks/docker-compose.yml
+++ b/playbooks/roles/kanidm/templates/stacks/docker-compose.yml
@@ -28,6 +28,12 @@ services:
         - traefik.http.routers.kanidm.entrypoints=websecure
         - traefik.http.services.kanidm.loadbalancer.server.port=8443
         - traefik.http.services.kanidm.loadbalancer.server.scheme=https
+        # ldap
+        - traefik.tcp.routers.kanidm-ldaps.tls.passthrough=true
+        - traefik.tcp.routers.kanidm-ldaps.rule=HostSNI(`*`)
+        - traefik.tcp.routers.kanidm-ldaps.entrypoints=ldaps
+        - traefik.tcp.routers.kanidm-ldaps.service=kanidm-ldaps
+        - traefik.tcp.services.kanidm-ldaps.loadbalancer.server.port=3636
 
 networks:
   proxy:
diff --git a/playbooks/roles/kanidm/templates/volumes/data/server.toml b/playbooks/roles/kanidm/templates/volumes/data/server.toml
index 75bd7c2..dd13e1c 100644
--- a/playbooks/roles/kanidm/templates/volumes/data/server.toml
+++ b/playbooks/roles/kanidm/templates/volumes/data/server.toml
@@ -1,5 +1,5 @@
-bindaddress = "0.0.0.0:8443"
-ldapbindaddress = "0.0.0.0:3636"
+bindaddress = "[::]:8443"
+ldapbindaddress = "[::]:3636"
 trust_x_forward_for = true
 db_path = "/data/kanidm.db"
 tls_chain = "/certs/{{ idm_domain }}.pem"