diff --git a/README.md b/README.md
index 00920191..57d0a9bb 100644
--- a/README.md
+++ b/README.md
@@ -31,6 +31,9 @@ See the Docker Compose environment (`tools/docker-dev/`) for an (unsafe for prod
 1. OpenLDAP server
     * Structure should be similar to `tools/docker-dev/identity/bootstrap.ldif` <!-- TODO separate OUs from entries -->
     * Also see `tools/docker-dev/identity/{config,ssh}.ldif`
+    * recommended openldap modules/overlays:
+        * `unique`: prevent UIDNumber, GIDNumber conflicts
+        * `pw-sha2`: allow the use of sha2 password hashing algorithms for bind
 1. MySQL / MariaDB server
     * Structure should be similar to `tools/docker-dev/sql/bootstrap.sql` <!-- TODO separate structure from data -->
 1. SMTP server
diff --git a/tools/docker-dev/identity/Dockerfile b/tools/docker-dev/identity/Dockerfile
index dbf22e40..56dc951a 100644
--- a/tools/docker-dev/identity/Dockerfile
+++ b/tools/docker-dev/identity/Dockerfile
@@ -14,17 +14,18 @@ RUN chown openldap:openldap /var/lib/ldap
 COPY ssh.ldif /etc/ldap/schema/ssh.ldif
 COPY ldap-config.ldif /tmp/ldap-config.ldif
 COPY bootstrap.ldif /tmp/bootstrap.ldif
+COPY load-modules.ldif /tmp/load-modules.ldif
+COPY configure-unique.ldif /tmp/configure-unique.ldif
 
 RUN service slapd start; \
-    ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif; \
-    ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/nis.ldif; \
-    ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/inetorgperson.ldif; \
-    ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/ssh.ldif; \
+    ldapadd    -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif; \
+    ldapadd    -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/nis.ldif; \
+    ldapadd    -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/inetorgperson.ldif; \
+    ldapadd    -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/ssh.ldif; \
     ldapmodify -Y EXTERNAL -H ldapi:/// -f /tmp/ldap-config.ldif; \
-    slapadd -l /tmp/bootstrap.ldif
-
-RUN rm -rf /tmp/ldap-config.ldif
-RUN rm -rf /tmp/bootstrap.ldif
+    ldapmodify -Y EXTERNAL -H ldapi:/// -f /tmp/load-modules.ldif; \
+    ldapadd    -Y EXTERNAL -H ldapi:/// -f /tmp/configure-unique.ldif; \
+    slapadd                             -l /tmp/bootstrap.ldif
 
 # PHPLDAPAdmin Setup
 RUN rm -rf /etc/phpldapadmin/config.php
diff --git a/tools/docker-dev/identity/configure-unique.ldif b/tools/docker-dev/identity/configure-unique.ldif
new file mode 100644
index 00000000..0b2e6116
--- /dev/null
+++ b/tools/docker-dev/identity/configure-unique.ldif
@@ -0,0 +1,7 @@
+dn: olcOverlay=unique,olcDatabase={1}mdb,cn=config
+objectClass: olcOverlayConfig
+objectClass: olcUniqueConfig
+olcOverlay: unique
+olcUniqueURI: ldap:///?uid?sub?(objectClass=posixAccount)
+olcUniqueURI: ldap:///?uidNumber?sub?(objectClass=posixAccount)
+olcUniqueURI: ldap:///?gidNumber?sub?(objectClass=posixGroup)
diff --git a/tools/docker-dev/identity/load-modules.ldif b/tools/docker-dev/identity/load-modules.ldif
new file mode 100644
index 00000000..90dcf2d9
--- /dev/null
+++ b/tools/docker-dev/identity/load-modules.ldif
@@ -0,0 +1,5 @@
+dn: cn=module{0},cn=config
+changetype: modify
+add: olcModuleLoad
+olcModuleLoad: pw-sha2
+olcModuleLoad: unique