diff --git a/pica-openldap/environment/pica.startup.yaml b/pica-openldap/environment/pica.startup.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..54284811afdc5678a4c45266000b35c86ab8bc46
--- /dev/null
+++ b/pica-openldap/environment/pica.startup.yaml
@@ -0,0 +1,63 @@
+# This is the default image startup configuration file
+# this file define environment variables used during the container **first start** in **startup files**.
+
+# This file is deleted right after startup files are processed for the first time,
+# after that all these values will not be available in the container environment.
+# This helps to keep your container configuration secret.
+# more information : https://github.com/osixia/docker-light-baseimage
+
+# Required and used for new ldap server only
+LDAP_ORGANISATION: Picasoft 
+LDAP_DOMAIN: picasoft.net
+LDAP_BASE_DN: #if empty automatically set from LDAP_DOMAIN
+
+LDAP_ADMIN_PASSWORD: admin
+LDAP_CONFIG_PASSWORD: config
+
+LDAP_READONLY_USER: true
+LDAP_READONLY_USER_USERNAME: nss
+LDAP_READONLY_USER_PASSWORD: nss
+
+LDAP_RFC2307BIS_SCHEMA: false
+
+# Backend
+LDAP_BACKEND: mdb
+
+# Tls
+LDAP_TLS: true
+LDAP_TLS_CRT_FILENAME: cert.pem
+LDAP_TLS_KEY_FILENAME: privkey.pem
+LDAP_TLS_DH_PARAM_FILENAME: dhparam.pem
+LDAP_TLS_CA_CRT_FILENAME: chain.pem
+
+LDAP_TLS_ENFORCE: false
+LDAP_TLS_CIPHER_SUITE: SECURE256:+SECURE128:-VERS-TLS-ALL:+VERS-TLS1.2:-RSA:-DHE-DSS:-CAMELLIA-128-CBC:-CAMELLIA-256-CBC
+LDAP_TLS_VERIFY_CLIENT: demand
+
+# Replication
+LDAP_REPLICATION: false
+# variables $LDAP_BASE_DN, $LDAP_ADMIN_PASSWORD, $LDAP_CONFIG_PASSWORD
+# are automaticaly replaced at run time
+
+# if you want to add replication to an existing ldap
+# adapt LDAP_REPLICATION_CONFIG_SYNCPROV and LDAP_REPLICATION_DB_SYNCPROV to your configuration
+# avoid using $LDAP_BASE_DN, $LDAP_ADMIN_PASSWORD and $LDAP_CONFIG_PASSWORD variables
+LDAP_REPLICATION_CONFIG_SYNCPROV: binddn="cn=admin,cn=config" bindmethod=simple credentials="$LDAP_CONFIG_PASSWORD" searchbase="cn=config" type=refreshAndPersist retry="60 +" timeout=1 starttls=critical
+LDAP_REPLICATION_DB_SYNCPROV: binddn="cn=admin,$LDAP_BASE_DN" bindmethod=simple credentials="$LDAP_ADMIN_PASSWORD" searchbase="$LDAP_BASE_DN" type=refreshAndPersist interval=00:00:00:10 retry="60 +" timeout=1 starttls=critical
+LDAP_REPLICATION_HOSTS:
+  - ldap://ldap.example.org # The order must be the same on all ldap servers
+  - ldap://ldap2.example.org
+
+# Do not change the ldap config
+# - If set to true with an existing database, config will remain unchanged. Image tls and replication config will not be run.
+#   The container can be started with LDAP_ADMIN_PASSWORD and LDAP_CONFIG_PASSWORD empty or filled with fake data.
+# - If set to true when bootstrapping a new database, bootstap ldif and schema will not be added and tls and replication config will not be run.
+KEEP_EXISTING_CONFIG: false
+
+# Remove config after setup
+LDAP_REMOVE_CONFIG_AFTER_SETUP: true
+
+# ssl-helper environment variables prefix
+LDAP_SSL_HELPER_PREFIX: ldap # ssl-helper first search config from LDAP_SSL_HELPER_* variables, before SSL_HELPER_* variables.
+
+SSL_HELPER_AUTO_RENEW_SERVICES_IMPACTED: slapd
diff --git a/pica-openldap/environment/pica.yaml b/pica-openldap/environment/pica.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..f9714c2dba056335c1388e89891ad44724c0db29
--- /dev/null
+++ b/pica-openldap/environment/pica.yaml
@@ -0,0 +1,13 @@
+# This is the default image configuration file
+# These values will persists in container environment.
+
+# All environment variables used after the container first start
+# must be defined here.
+# more information : https://github.com/osixia/docker-light-baseimage
+
+# General container configuration
+# see table 5.1 in http://www.openldap.org/doc/admin24/slapdconf2.html for the available log levels.
+LDAP_LOG_LEVEL: 256
+
+# Ulimit
+LDAP_NOFILE: 1024