diff --git a/swarm/lldap.yaml b/swarm/lldap.yaml
index 1b6b5c2..c069afb 100644
--- a/swarm/lldap.yaml
+++ b/swarm/lldap.yaml
@@ -1,4 +1,3 @@
-
 networks:
   netgrimoire:
     external: true
@@ -8,11 +7,8 @@ services:
     image: postgres:16
     networks:
       - netgrimoire
-    #user: "1001:998"
     environment:
       TZ: America/Chicago
-      PUID: "1964"
-      PGID: "1964"
       POSTGRES_DB: lldap
       POSTGRES_USER: lldap
       POSTGRES_PASSWORD: F@lcon13
@@ -31,41 +27,30 @@ services:
           - node.hostname == docker4
       labels:
         gremlin.version: "2026-04-1"
-        diun.enable: true
+        gremlin.uid.exempt: "true"
+        gremlin.uid.reason: "Postgres requires UID 999 — PUID/PGID not supported"
         gremlin.caddy.skip: "true"
         gremlin.homepage.skip: "true"
         gremlin.monitor.skip: "true"
         gremlin.network.skip: "true"
-    restart: unless-stopped
+        diun.enable: "true"
 
   lldap:
     image: lldap/lldap:stable
     networks:
       - netgrimoire
-    #user: "1001:998"
     environment:
       TZ: America/Chicago
       PUID: "1964"
       PGID: "1964"
-
-      # Base DN
       LLDAP_LDAP_BASE_DN: "dc=netgrimoire,dc=com"
       LLDAP_DOMAIN: netgrimoire.com
-
-      # User/admin bind password (you will replace)
       LLDAP_LDAP_USER_PASS: F@lcon13
-
-      # Generated secrets (leave as-is unless you want to rotate)
       LLDAP_JWT_SECRET: lougu9MjGLmLp1SPDkkCBsQm-MdHpGGuOn-wW7FRWRdzglIn1nJRyBQkQ7HDcDh0
       LLDAP_KEY_SEED: Kss_fNlMBH3XRo9aYHo_pI9gWQecQ1v3-yYzULckoWUm-iKIkV2DMygPYyKaN-u_
-
-      # Postgres
       LLDAP_DATABASE_URL: postgres://lldap:F@lcon13@lldap-db:5432/lldap
-
     volumes:
       - /DockerVol/lldap/data:/data
-
-    # Expose to LAN via swarm routing mesh (ingress)
     ports:
       - target: 17170
         published: 17170
@@ -75,12 +60,6 @@ services:
         published: 3890
         protocol: tcp
         mode: ingress
-      # If/when you enable LDAPS:
-      # - target: 6360
-      #   published: 6360
-      #   protocol: tcp
-      #   mode: ingress
-
     deploy:
       restart_policy:
         condition: any
@@ -93,24 +72,21 @@ services:
           - node.platform.arch != aarch64
           - node.hostname == docker4
       labels:
-        diun.enable: "true"
-        # Homepage
-        - homepage.group=Authentication
-        - homepage.name=LLDAP
-        - homepage.icon=ldap.png
-        - homepage.href=https://ldap.netgrimoire.com
-        - homepage.description=Lightweight LDAP directory
+        gremlin.version: "2026-04-1"
+        gremlin.context: "LLDAP exposes port 17170 for web UI and 3890 for LDAP. Both are intentional."
 
-        # Kuma
-        - kuma.lldap.http.name=LLDAP
-        - kuma.lldap.http.url=http://lldap:17170
+        caddy: ldap.netgrimoire.com
+        caddy.reverse_proxy: lldap:17170
+        caddy.import_1: crowdsec
+        caddy.import_2: authentik
 
-        # Caddy / Authentik (protect UI)
-        - caddy=ldap.netgrimoire.com
-        - caddy.import=authentik
-        - caddy.reverse_proxy=lldap:17170
+        monitor.name: LLDAP
+        monitor.url: http://lldap:17170
 
-        # Diun
-        - diun.enable=true
+        homepage.group: Authentication
+        homepage.name: LLDAP
+        homepage.icon: ldap.png
+        homepage.href: https://ldap.netgrimoire.com
+        homepage.description: Lightweight LDAP directory
 
-    restart: unless-stopped
+        diun.enable: "true"
\ No newline at end of file