diff --git a/Netgrimoire/Audits/lldap-2026-05-04.md b/Netgrimoire/Audits/lldap-2026-05-04.md
new file mode 100644
index 0000000..47beccd
--- /dev/null
+++ b/Netgrimoire/Audits/lldap-2026-05-04.md
@@ -0,0 +1,42 @@
+---
+title: Audit - lldap.yaml
+description: Gremlin audit report 2026-05-04
+published: true
+date: 2026-05-04T11:23:47.191Z
+tags: gremlin,audit
+editor: markdown
+dateCreated: 2026-05-04T11:23:47.191Z
+---
+
+# Audit Report — lldap.yaml
+
+**Date:** 2026-05-04  
+**File:** swarm/lldap.yaml  
+**Type:** Docker Swarm  
+**Verdict:** FAIL
+
+---
+
+**SWARM AUDIT REPORT**
+
+1. **Homepage labels**:
+   - **PASS**: `homepage.group`, `homepage.name`, `homepage.icon`, `homepage.href`, and `homepage.description` are all present.
+
+2. **Uptime Kuma labels**:
+   - **FAIL**: No Uptime Kuma related labels (`kuma.<n>.http.name` and `kuma.<n>.http.url`) are found. Ensure these labels are included if Uptime Kuma is part of your setup.
+
+3. **Caddy labels on exposed services**:
+   - **PASS**: `caddy=ldap.netgrimoire.com` and `caddy.reverse_proxy=lldap:17170` are present, ensuring proper Caddy reverse proxy configuration for the service.
+
+4. **Placement constraints**:
+   - **PASS**: `node.hostname == docker4` ensures that the services are only deployed on the node named `docker4`.
+
+5. **Volumes use /DockerVol/<service> path convention**:
+   - **PASS**: Both services use volumes with paths following the `/DockerVol/<service>` convention.
+
+6. **Network references external netgrimoire overlay**:
+   - **PASS**: Both services reference the external `netgrimoire` network correctly.
+
+**VERDICT: FAIL**
+
+The audit has found one fail item, specifically related to the absence of Uptime Kuma labels. Ensure that all necessary labels are included for a comprehensive audit.
\ No newline at end of file