diff --git a/apps/fnux-playground/openldap/.helmignore b/apps/fnux-playground/openldap/.helmignore
new file mode 100644
index 0000000..0e8a0eb
--- /dev/null
+++ b/apps/fnux-playground/openldap/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/apps/fnux-playground/openldap/Chart.yaml b/apps/fnux-playground/openldap/Chart.yaml
new file mode 100644
index 0000000..1b45324
--- /dev/null
+++ b/apps/fnux-playground/openldap/Chart.yaml
@@ -0,0 +1,24 @@
+apiVersion: v2
+name: openldap
+description: OpenLDAP server
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.1.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "1.5.0"
diff --git a/apps/fnux-playground/openldap/templates/deployment.yaml b/apps/fnux-playground/openldap/templates/deployment.yaml
new file mode 100644
index 0000000..9668566
--- /dev/null
+++ b/apps/fnux-playground/openldap/templates/deployment.yaml
@@ -0,0 +1,65 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: "{{ tpl .Values.identifier . }}"
+  labels:
+    app: openldap
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: "{{ tpl .Values.identifier . }}-openldap"
+  template:
+    metadata:
+      labels:
+        app: "{{ tpl .Values.identifier . }}-openldap"
+    spec:
+      containers:
+        - name: "openldap"
+          image: "osixia/openldap:{{ .Chart.AppVersion }}"
+          args: ["--loglevel", "info"]
+          ports:
+            - name: ldap
+              containerPort: 389
+              protocol: TCP
+            - name: ldaps
+              containerPort: 636
+              protocol: TCP
+          livenessProbe:
+            tcpSocket:
+              port: 389
+            initialDelaySeconds: 10
+            periodSeconds: 10
+          readinessProbe:
+            tcpSocket:
+              port: 389
+            initialDelaySeconds: 10
+            periodSeconds: 10
+          env:
+            - name: HOSTNAME
+              value: "{{ tpl .Values.fqdn . }}"
+            - name: LDAP_LOG_LEVEL
+              value: "{{ tpl .Values.ldapLogLevel . }}"
+            - name: LDAP_ORGANISATION
+              value: "{{ tpl .Values.ldapOrganisation . }}"
+            - name: LDAP_DOMAIN
+              value: "{{ tpl .Values.ldapDomain . }}"
+            - name: LDAP_ADMIN_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ tpl .Values.identifier . }}-openldap"
+                  key: LDAP_ADMIN_PASSWORD
+          volumeMounts:
+            - name: "{{ tpl .Values.identifier . }}-openldap-data"
+              mountPath: "/etc/ldap/slapd.d"
+              subPath: configuration
+            - name: "{{ tpl .Values.identifier . }}-openldap-data"
+              mountPath: "/var/lib/ldap"
+              subPath: database
+            - name: "{{ tpl .Values.identifier . }}-openldap-data"
+              mountPath: /container/service/slapd/assets/certs
+              subPath: certs
+      volumes:
+        - name: "{{ tpl .Values.identifier . }}-openldap-data"
+          persistentVolumeClaim:
+            claimName: "{{ tpl .Values.identifier . }}-openldap-data"
diff --git a/apps/fnux-playground/openldap/templates/pvc.yaml b/apps/fnux-playground/openldap/templates/pvc.yaml
new file mode 100644
index 0000000..66d55ad
--- /dev/null
+++ b/apps/fnux-playground/openldap/templates/pvc.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: "{{ tpl .Values.identifier . }}-openldap-data"
+spec:
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: 1Gi
+  storageClassName: rook-cephfs
diff --git a/apps/fnux-playground/openldap/templates/service.yaml b/apps/fnux-playground/openldap/templates/service.yaml
new file mode 100644
index 0000000..8028395
--- /dev/null
+++ b/apps/fnux-playground/openldap/templates/service.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: "{{ tpl .Values.identifier . }}"
+  labels:
+    app: openldap
+spec:
+  type: ClusterIP
+  ports:
+    - port: 389
+      name: ldap
+    - port: 636
+      name: ldaps
diff --git a/apps/fnux-playground/openldap/values.yaml b/apps/fnux-playground/openldap/values.yaml
new file mode 100644
index 0000000..9ca7b47
--- /dev/null
+++ b/apps/fnux-playground/openldap/values.yaml
@@ -0,0 +1,7 @@
+clusterDomain: "c1.k8s.ooo"
+fqdn: "{{ .Release.Name }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}"
+identifier: "{{ .Release.Name }}"
+
+ldapLogLevel: "256"
+ldapOrganisation: "ungleich glarus ag"
+ldapDomain: "{{ tpl .Values.fqdn . }}"