diff --git a/krypton.yml b/krypton.yml
index ea6aaa3..8707264 100644
--- a/krypton.yml
+++ b/krypton.yml
@@ -7,10 +7,16 @@
 
     data_dir: "/srv/data"
 
+    dehydrated_certs_dir: "/usr/local/etc/dehydrated"
+
+    docker_ip_ranges: ["172.16.0.0/12", "192.168.0.0/16"]
+
     openldap_image_version: 1.5.0
     openldap_data: "{{ data_dir }}/openldap"
     openldap_domain: "ldap.n39.eu"
+    ldap_domain: "netz39.de"
     ldap_org: "Netz39 e.V."
+    ldap_base_dn: "dc=netz39,dc=de"
 
   roles:
     - role: docker_setup
@@ -52,35 +58,32 @@
           LDAP_READONLY_USER: "false"
 
           LDAP_ADMIN_PASSWORD: "{{ldap_admin_password}}"
-          LDAP_CONFIG_PASSWORD: "{{ldap_config_password}}"
+#          LDAP_CONFIG_PASSWORD: "{{ldap_config_password}}"
 
           LDAP_RFC2307BIS_SCHEMA: "true"
 
           LDAP_TLS_CIPHER_SUITE: "SECURE256:-VERS-SSL3.0"
 
-          LDAP_REPLICATION: "{{ldap_replication_enable}}"
-          LDAP_REPLICATION_CONFIG_SYNCPROV: "{{ldap_replication_config_syncprov}}"
-          LDAP_REPLICATION_DB_SYNCPROV: "{{ldap_replication_db_syncprov}}"
-          LDAP_REPLICATION_HOSTS: "{{ldap_replication_hosts}}"
+          LDAP_REPLICATION: "no"
 
           KEEP_EXISTING_CONFIG: "false"
           LDAP_REMOVE_CONFIG_AFTER_SETUP: "true"
         published_ports:
-          - "{{ldap_ip}}:389:389" # unencrypted/STARTTLS
-          - "{{ldap_ip}}:636:636" # SSL
+          - "389:389" # unencrypted/STARTTLS
+          - "636:636" # SSL
         volumes:
           - "{{ openldap_data }}/ldap:/var/lib/ldap"
           - "{{ openldap_data }}/slapd:/etc/ldap/slapd.d"
           - "{{ dehydrated_certs_dir }}/certs/{{ openldap_domain }}:/container/service/slapd/assets/certs"
           - "{{ openldap_data }}/ldif/custom-element.ldif:/container/service/slapd/assets/config/bootstrap/ldif/custom/01_netz39.ldif"
         timeout: 500
-        # For replication to work correctly, domainname and hostname must be
-        # set correctly so that "hostname"."domainname" equates to the
-        # fully-qualified domain name for the host.
-        domainname: "{{ldap_domainname}}"
-        hostname: "{{ldap_hostname}}"
         command: "--copy-service --loglevel debug"
 
+    - name: Ensure UFW is installed
+      ansible.builtin.package:
+        name: ufw
+        state: present
+
     - name: Allow access to openLDAP from local docker container [1/2]
       become: true
       community.general.ufw: