lldap is often used in SMB/homelab IAM. Harden transport and UI exposure by default.\n\n## LDAP Security\n\n- Enable TLS for LDAP binds and admin UI access.\n- Disable anonymous binds unless required.\n- Restrict bind user permissions per application.\n\n## Deployment Controls\n\n- Keep lldap behind reverse proxy with HTTPS.\n- Protect config and secret files with strict permissions.\n- Rotate admin credentials and app bind passwords.