[Unit]
Description=Slapd Custom Service

[Service]

Type=forking
ExecStart=/usr/sbin/slapd -f /etc/ldap/slapd.conf -h "ldapi:/// ldap:///"

User=openldap
Group=openldap

CapabilityBoundingSet=CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_BIND_SERVICE

Restart=on-failure

PrivateTmp=yes
ProtectSystem=full
ProtectHome=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
ProtectControlGroups=yes
NoNewPrivileges=yes
MountFlags=private
SystemCallArchitectures=native
PrivateDevices=yes

[Install]
WantedBy=multi-user.target