diff --git a/.docker/dist.tar.gz b/.docker/dist.tar.gz
index 8de17c93ea61448bb57c66d16d836b7340fa000b..13e91ed189c2425dbb2d2493cc6fd4fa9d949b3e 100644
Binary files a/.docker/dist.tar.gz and b/.docker/dist.tar.gz differ
diff --git a/.docker/docker-compose.yml b/.docker/docker-compose.yml
index 167523e72107e3dc3fb25ae8d419a8836dfd668f..d13e63c803d544ef129a6f03dbf6267ab6c2f0ec 100644
--- a/.docker/docker-compose.yml
+++ b/.docker/docker-compose.yml
@@ -104,19 +104,19 @@ services:
       - "${SHARED_VOLUME:-/tmp}:/tmp"
     environment:
       ADMIN_EMAIL: "${ADMIN_EMAIL:-noreply@localhost}"
-      ANALYSE_SERVICE_ENDPOINT: "${ANALYSE_SERVICE_ENDPOINT:-http://gateway-service}"
+      ANALYSE_SERVICE_ENDPOINT: "${ANALYSE_SERVICE_ENDPOINT:-http://analyse-service:8080}"
       AUTH_SERVICE_ADMIN: ${AUTH_SERVICE_ADMIN:-admin}
       AUTH_SERVICE_ADMIN_PASSWORD: ${AUTH_SERVICE_ADMIN_PASSWORD:-admin}
       AUTH_SERVICE_CLIENT: ${AUTH_SERVICE_CLIENT:-dbrepo-client}
       AUTH_SERVICE_CLIENT_SECRET: ${AUTH_SERVICE_CLIENT_SECRET:-MUwRc7yfXSJwX8AdRMWaQC3Nep1VjwgG}
-      AUTH_SERVICE_ENDPOINT: ${AUTH_SERVICE_ENDPOINT:-http://gateway-service/api/auth}
+      AUTH_SERVICE_ENDPOINT: ${AUTH_SERVICE_ENDPOINT:-http://auth-service:8080}
       BASE_URL: "${BASE_URL:-http://localhost}"
       BROKER_EXCHANGE_NAME: ${BROKER_EXCHANGE_NAME:-dbrepo}
       BROKER_QUEUE_NAME: ${BROKER_QUEUE_NAME:-dbrepo}
       BROKER_HOST: "${BROKER_ENDPOINT:-broker-service}"
       BROKER_PASSWORD: ${BROKER_PASSWORD:-admin}
       BROKER_PORT: ${BROKER_PORT:-5672}
-      BROKER_SERVICE_ENDPOINT: ${BROKER_SERVICE_ENDPOINT:-http://gateway-service/admin/broker}
+      BROKER_SERVICE_ENDPOINT: ${BROKER_SERVICE_ENDPOINT:-http://broker-service:15672}
       BROKER_USERNAME: ${BROKER_USERNAME:-admin}
       BROKER_VIRTUALHOST: "${BROKER_VIRTUALHOST:-dbrepo}"
       CROSSREF_ENDPOINT: "${CROSSREF_ENDPOINT:-http://data.crossref.org}"
@@ -126,14 +126,14 @@ services:
       JWT_PUBKEY: "${JWT_PUBKEY:-MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqqnHQ2BWWW9vDNLRCcxD++xZg/16oqMo/c1l+lcFEjjAIJjJp/HqrPYU/U9GvquGE6PbVFtTzW1KcKawOW+FJNOA3CGo8Q1TFEfz43B8rZpKsFbJKvQGVv1Z4HaKPvLUm7iMm8Hv91cLduuoWx6Q3DPe2vg13GKKEZe7UFghF+0T9u8EKzA/XqQ0OiICmsmYPbwvf9N3bCKsB/Y10EYmZRb8IhCoV9mmO5TxgWgiuNeCTtNCv2ePYqL/U0WvyGFW0reasIK8eg3KrAUj8DpyOgPOVBn3lBGf+3KFSYi+0bwZbJZWqbC/Xlk20Go1YfeJPRIt7ImxD27R/lNjgDO/MwIDAQAB}"
       LOG_LEVEL: ${LOG_LEVEL:-info}
       METADATA_DB: "${METADATA_DB:-dbrepo}"
+      METADATA_DB_PASSWORD: "${METADATA_DB_PASSWORD:-dbrepo}"
       METADATA_HOST: "${METADATA_HOST:-metadata-db}"
       METADATA_JDBC_EXTRA_ARGS: "${METADATA_JDBC_EXTRA_ARGS:-}"
+      METADATA_PORT: "${METADATA_PORT:-3306}"
       METADATA_USERNAME: root
-      METADATA_DB_PASSWORD: "${METADATA_DB_PASSWORD:-dbrepo}"
-      PID_BASE: ${PID_BASE:-http://localhost/pid/}
       REPOSITORY_NAME: "${REPOSITORY_NAME:-Database Repository}"
       ROR_ENDPOINT: "${ROR_ENDPOINT:-https://api.ror.org}"
-      SEARCH_SERVICE_ENDPOINT: "${SEARCH_SERVICE_ENDPOINT:-http://gateway-service}"
+      SEARCH_SERVICE_ENDPOINT: "${SEARCH_SERVICE_ENDPOINT:-http://search-service:8080}"
       S3_ACCESS_KEY_ID: "${S3_ACCESS_KEY_ID:-seaweedfsadmin}"
       S3_BUCKET: "${S3_BUCKET:-dbrepo}"
       S3_ENDPOINT: "${S3_ENDPOINT:-http://storage-service:9000}"
@@ -167,7 +167,6 @@ services:
       AUTH_SERVICE_CLIENT: ${AUTH_SERVICE_CLIENT:-dbrepo-client}
       AUTH_SERVICE_CLIENT_SECRET: ${AUTH_SERVICE_CLIENT:-MUwRc7yfXSJwX8AdRMWaQC3Nep1VjwgG}
       AUTH_SERVICE_ENDPOINT: ${AUTH_SERVICE_ENDPOINT:-http://auth-service:8080}
-      GATEWAY_SERVICE_ENDPOINT: ${GATEWAY_SERVICE_ENDPOINT:-http://gateway-service}
       JWT_PUBKEY: "${JWT_PUBKEY:-MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqqnHQ2BWWW9vDNLRCcxD++xZg/16oqMo/c1l+lcFEjjAIJjJp/HqrPYU/U9GvquGE6PbVFtTzW1KcKawOW+FJNOA3CGo8Q1TFEfz43B8rZpKsFbJKvQGVv1Z4HaKPvLUm7iMm8Hv91cLduuoWx6Q3DPe2vg13GKKEZe7UFghF+0T9u8EKzA/XqQ0OiICmsmYPbwvf9N3bCKsB/Y10EYmZRb8IhCoV9mmO5TxgWgiuNeCTtNCv2ePYqL/U0WvyGFW0reasIK8eg3KrAUj8DpyOgPOVBn3lBGf+3KFSYi+0bwZbJZWqbC/Xlk20Go1YfeJPRIt7ImxD27R/lNjgDO/MwIDAQAB}"
       S3_ACCESS_KEY_ID: "${S3_ACCESS_KEY_ID:-seaweedfsadmin}"
       S3_BUCKET: "${S3_BUCKET:-dbrepo}"
@@ -243,7 +242,7 @@ services:
       AUTH_SERVICE_CLIENT_SECRET: ${AUTH_SERVICE_CLIENT_SECRET:-MUwRc7yfXSJwX8AdRMWaQC3Nep1VjwgG}
       AUTH_SERVICE_ENDPOINT: ${AUTH_SERVICE_ENDPOINT:-http://auth-service:8080}
       COLLECTION: ${COLLECTION:-['database','table','column','identifier','unit','concept','user','view']}
-      GATEWAY_SERVICE_ENDPOINT: ${GATEWAY_SERVICE_ENDPOINT:-http://gateway-service}
+      METADATA_SERVICE_ENDPOINT: ${METADATA_SERVICE_ENDPOINT:-http://metadata-service:8080}
       OPENSEARCH_HOST: ${OPENSEARCH_HOST:-search-db}
       OPENSEARCH_PORT: ${OPENSEARCH_PORT:-9200}
       OPENSEARCH_USERNAME: ${SEARCH_DB_USERNAME:-admin}
@@ -342,12 +341,11 @@ services:
     hostname: search-service-init
     image: registry.datalab.tuwien.ac.at/dbrepo/search-service-init:1.4.5
     environment:
-      GATEWAY_SERVICE_ENDPOINT: ${GATEWAY_SERVICE_ENDPOINT:-http://gateway-service}
+      METADATA_SERVICE_ENDPOINT: ${METADATA_SERVICE_ENDPOINT:-http://metadata-service:8080}
       OPENSEARCH_HOST: ${OPENSEARCH_HOST:-search-db}
       OPENSEARCH_PORT: ${OPENSEARCH_PORT:-9200}
       OPENSEARCH_USERNAME: ${SEARCH_DB_USERNAME:-admin}
       OPENSEARCH_PASSWORD: ${SEARCH_DB_PASSWORD:-admin}
-      LOG_LEVEL: ${LOG_LEVEL:-info}
     depends_on:
       dbrepo-search-db:
         condition: service_healthy
@@ -429,14 +427,14 @@ services:
       BROKER_EXCHANGE_NAME: ${BROKER_EXCHANGE_NAME:-dbrepo}
       BROKER_QUEUE_NAME: ${BROKER_QUEUE_NAME:-dbrepo}
       BROKER_HOST: "${BROKER_ENDPOINT:-broker-service}"
-      BROKER_PASSWORD: ${SYSTEM_USERNAME:-admin}
+      BROKER_PASSWORD: ${SYSTEM_PASSWORD:-admin}
       BROKER_PORT: ${BROKER_PORT:-5672}
       BROKER_SERVICE_ENDPOINT: ${BROKER_SERVICE_ENDPOINT:-http://gateway-service/admin/broker}
-      BROKER_USERNAME: ${SYSTEM_PASSWORD:-admin}
+      BROKER_USERNAME: ${SYSTEM_USERNAME:-admin}
       BROKER_VIRTUALHOST: "${BROKER_VIRTUALHOST:-dbrepo}"
       CONNECTION_TIMEOUT: ${CONNECTION_TIMEOUT:-60000}
       EXCHANGE_NAME: ${EXCHANGE_NAME:-dbrepo}
-      METADATA_SERVICE_ENDPOINT: ${METADATA_SERVICE_ENDPOINT:-http://gateway-service}
+      METADATA_SERVICE_ENDPOINT: ${METADATA_SERVICE_ENDPOINT:-http://metadata-service:8080}
       GRANT_DEFAULT_READ: "${GRANT_DEFAULT_READ:-SELECT}"
       GRANT_DEFAULT_WRITE: "${GRANT_DEFAULT_WRITE:-SELECT, CREATE, CREATE VIEW, CREATE ROUTINE, CREATE TEMPORARY TABLES, LOCK TABLES, INDEX, TRIGGER, INSERT, UPDATE, DELETE}"
       JWT_PUBKEY: "${JWT_PUBKEY:-MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqqnHQ2BWWW9vDNLRCcxD++xZg/16oqMo/c1l+lcFEjjAIJjJp/HqrPYU/U9GvquGE6PbVFtTzW1KcKawOW+FJNOA3CGo8Q1TFEfz43B8rZpKsFbJKvQGVv1Z4HaKPvLUm7iMm8Hv91cLduuoWx6Q3DPe2vg13GKKEZe7UFghF+0T9u8EKzA/XqQ0OiICmsmYPbwvf9N3bCKsB/Y10EYmZRb8IhCoV9mmO5TxgWgiuNeCTtNCv2ePYqL/U0WvyGFW0reasIK8eg3KrAUj8DpyOgPOVBn3lBGf+3KFSYi+0bwZbJZWqbC/Xlk20Go1YfeJPRIt7ImxD27R/lNjgDO/MwIDAQAB}"
diff --git a/.docs/api/auth-service.md b/.docs/api/auth-service.md
index f6c32497c79727a5b4db8afaea51138e1ea2867f..40ad6d8fd54825245574e578bff4c9fd7de1b463 100644
--- a/.docs/api/auth-service.md
+++ b/.docs/api/auth-service.md
@@ -19,10 +19,37 @@ of immutable properties (id, username) is mirrored in the [Metadata Database](..
 
 ## Identities
 
-:octicons-tag-16:{ title="Minimum version" } 1.4.4
-
-Identities can also be added in Keycloak directly. When requesting a JWT token from the `/api/user` endpoint, the
-immutable properties mentioned in c.f. [Overview](#overview) are copied transparent to the user on first login.
+:octicons-tag-16:{ title="Minimum version" } 1.4.5
+
+Identities are managed via LDAP through the [Identity Service](../identity-service). The normal workflow is that the
+[Metadata Service](../metadata-service) adds identities when user register. In some cases, where this is not possible
+(e.g. in workshop-scenarios where accounts are created before the workshop starts), identities need to be created
+manually in Keycloak. The recommended workflow is:
+
+1. Login to the Auth Service as **Admin** and in the dbrepo realm navigate to **Users**
+2. Click the **Add user** button and fill out the Username field and assign the group `researchers` by clicking 
+   the **Join Groups** and selecting it. Click **Join** and **Create**.
+3. Click the **Credentials** tab above and **Set password**. In the popup window assign a secure password to the user
+   and set **Temporary** to `Off`.
+
+    !!! example "Create user with specific id"
+
+        The user id is created automatically. In case you need to create a user with specific id such as in migration
+        scenarios, you need to change the `entryUUID` in the [Identity Service](../identity-service) by modifying this
+        protected attribute in `relax` mode:
+
+        ```bash
+        echo "dn: uid=<username>,ou=users,dc=dbrepo,dc=at
+        changetype: modify
+        replace: entryUUID
+        entryUUID: 506ae590-11a2-4d2d-82b8-45121c6b4dab" | \
+        ldapmodify -h localhost -p 1389 -D cn=admin,dc=dbrepo,dc=at -c -x -e relax \
+        -w<adminpassword> 
+        ```
+
+4. Finally you need to query the user info once by navigating again to **Users**
+   and search for the **Username** and click :arrow_right: to search. Click the username and ensure that the 
+   **User metadata** contains the entry **LDAP_ID**.
 
 ## Groups
 
diff --git a/dbrepo-broker-service/rabbitmq.conf b/dbrepo-broker-service/rabbitmq.conf
index c71804aefeac2fc36adaf95e4fca1f3582cc72e6..ff592bb3ecd4b003d180dbb44d8bd9acc5a70394 100644
--- a/dbrepo-broker-service/rabbitmq.conf
+++ b/dbrepo-broker-service/rabbitmq.conf
@@ -1,9 +1,6 @@
 # user
 default_vhost = dbrepo
 default_user_tags.administrator = false
-default_permissions.configure = .*
-default_permissions.read = .*
-default_permissions.write = .*
 
 # enable http outside localhost
 listeners.tcp.1 = 0.0.0.0:5672
@@ -15,6 +12,7 @@ management.load_definitions = /app/definitions.json
 # logging
 log.console = true
 log.console.level = warning
+auth_ldap.log = true
 
 # Obviously your authentication server cannot vouch for itself, so you'll need another backend with at least one user in
 # it. You should probably use the internal database
@@ -26,7 +24,7 @@ auth_backends.2 = internal
 auth_ldap.servers.1 = identity-service
 auth_ldap.port = 1389
 auth_ldap.user_dn_pattern = ${username}
-auth_ldap.dn_lookup_base = ou=users,dc=dbrepo,dc=at
+auth_ldap.dn_lookup_base = dc=dbrepo,dc=at
 auth_ldap.dn_lookup_attribute = uid
 auth_ldap.dn_lookup_bind.user_dn = cn=admin,dc=dbrepo,dc=at
 auth_ldap.dn_lookup_bind.password = admin
diff --git a/dbrepo-metadata-service/rest-service/src/main/java/at/tuwien/endpoints/UserEndpoint.java b/dbrepo-metadata-service/rest-service/src/main/java/at/tuwien/endpoints/UserEndpoint.java
index 19e3a1df06cc7e67dae6cd6fdcadd3664abb9ee9..4be54d5edd1ed39168b97a00177d87d09a7a87ee 100644
--- a/dbrepo-metadata-service/rest-service/src/main/java/at/tuwien/endpoints/UserEndpoint.java
+++ b/dbrepo-metadata-service/rest-service/src/main/java/at/tuwien/endpoints/UserEndpoint.java
@@ -326,7 +326,7 @@ public class UserEndpoint {
     }
 
     @PutMapping("/{userId}/password")
-    @Transactional
+    @Transactional(rollbackFor = {Exception.class})
     @PreAuthorize("isAuthenticated()")
     @Observed(name = "dbrepo_user_password_modify")
     @Operation(summary = "Update user password",
@@ -367,17 +367,16 @@ public class UserEndpoint {
             AuthServiceConnectionException, UserNotFoundException, DatabaseNotFoundException, DataServiceException,
             DataServiceConnectionException, CredentialsInvalidException {
         log.debug("endpoint modify a user password, userId={}, data.password=(hidden)", userId);
-        User user = userService.findById(userId);
+        final User user = userService.findById(userId);
         if (!user.equals(principal)) {
             log.error("Failed to modify user password: not current user");
             throw new NotAllowedException("Failed to modify user password: not current user");
         }
-        user = userService.findByUsername(principal.getName());
-        userService.updatePassword(user, data);
         authenticationService.updatePassword(user, data);
         for (Database database : databaseService.findAllAccess(userId)) {
             databaseService.updatePassword(database, user);
         }
+        userService.updatePassword(user, data);
         return ResponseEntity.accepted()
                 .build();
     }
diff --git a/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/gateway/KeycloakGatewayUnitTest.java b/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/gateway/KeycloakGatewayUnitTest.java
index 3c2ef1340ef8381a46c7277213d72311b5b357d6..bb3bcbb094ad1e9a2510abe20b9649ee73e6e975 100644
--- a/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/gateway/KeycloakGatewayUnitTest.java
+++ b/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/gateway/KeycloakGatewayUnitTest.java
@@ -191,7 +191,8 @@ public class KeycloakGatewayUnitTest extends AbstractUnitTest {
     }
 
     @Test
-    public void updateUserCredentials_succeeds() throws AuthServiceException, AuthServiceConnectionException {
+    public void updateUserCredentials_succeeds() throws AuthServiceException, AuthServiceConnectionException,
+            UserNotFoundException {
 
         /* mock */
         when(restTemplate.exchange(anyString(), eq(HttpMethod.POST), any(HttpEntity.class), eq(TokenDto.class)))
diff --git a/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/service/AuthenticationServiceIntegrationTest.java b/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/service/AuthenticationServiceIntegrationTest.java
index 334b9776d6b792d255c036707b63456dd8961a70..4125529155b135dae929fa7192db073e20dc9f55 100644
--- a/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/service/AuthenticationServiceIntegrationTest.java
+++ b/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/service/AuthenticationServiceIntegrationTest.java
@@ -57,6 +57,7 @@ public class AuthenticationServiceIntegrationTest extends AbstractUnitTest {
         keycloakGateway.createUser(USER_1_KEYCLOAK_SIGNUP_REQUEST);
         final User request = User.builder()
                 .id(keycloakGateway.findByUsername(USER_1_USERNAME).getId())
+                .username(USER_1_USERNAME)
                 .build();
 
         /* test */
diff --git a/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/service/UserServiceUnitTest.java b/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/service/UserServiceUnitTest.java
index 5a4690892f890097f636a868ab9d69aadb0c6ef2..5becb9225a42db3ab451dc054663e811e7c71629 100644
--- a/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/service/UserServiceUnitTest.java
+++ b/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/service/UserServiceUnitTest.java
@@ -109,7 +109,7 @@ public class UserServiceUnitTest extends AbstractUnitTest {
 
     @Test
     public void updatePassword_succeeds() throws AuthServiceException, AuthServiceConnectionException,
-            CredentialsInvalidException {
+            UserNotFoundException {
 
         /* mock */
         doNothing()
diff --git a/dbrepo-metadata-service/services/src/main/java/at/tuwien/gateway/KeycloakGateway.java b/dbrepo-metadata-service/services/src/main/java/at/tuwien/gateway/KeycloakGateway.java
index 71e30fb8606afc9c1fcef0c6fea3518bd7143d60..94ea986f78727a6fdc927b4e7ebb25ca6f0616bd 100644
--- a/dbrepo-metadata-service/services/src/main/java/at/tuwien/gateway/KeycloakGateway.java
+++ b/dbrepo-metadata-service/services/src/main/java/at/tuwien/gateway/KeycloakGateway.java
@@ -40,7 +40,7 @@ public interface KeycloakGateway {
      * @param password The user credential.
      */
     void updateUserCredentials(UUID id, UserPasswordDto password) throws AuthServiceException,
-            AuthServiceConnectionException;
+            AuthServiceConnectionException, UserNotFoundException;
 
     /**
      * Finds a user in the metadata database by given username.
diff --git a/dbrepo-metadata-service/services/src/main/java/at/tuwien/gateway/impl/KeycloakGatewayImpl.java b/dbrepo-metadata-service/services/src/main/java/at/tuwien/gateway/impl/KeycloakGatewayImpl.java
index 38045e0399f00e0f4427a26aa85b4fe1274eeaa1..bce9d6e264b5283864c4e0ce4d2a157bd3d7dab4 100644
--- a/dbrepo-metadata-service/services/src/main/java/at/tuwien/gateway/impl/KeycloakGatewayImpl.java
+++ b/dbrepo-metadata-service/services/src/main/java/at/tuwien/gateway/impl/KeycloakGatewayImpl.java
@@ -161,7 +161,7 @@ public class KeycloakGatewayImpl implements KeycloakGateway {
 
     @Override
     public void updateUserCredentials(UUID id, UserPasswordDto data) throws AuthServiceException,
-            AuthServiceConnectionException {
+            AuthServiceConnectionException, UserNotFoundException {
         final UpdateCredentialsDto payload = metadataMapper.passwordToUpdateCredentialsDto(data.getPassword());
         final String path = "/admin/realms/dbrepo/users/" + id;
         log.trace("update user credentials at endpoint {} with path {}", keycloakConfig.getKeycloakEndpoint(), path);
@@ -171,6 +171,9 @@ public class KeycloakGatewayImpl implements KeycloakGateway {
         } catch (HttpServerErrorException e) {
             log.error("Failed to update user credentials: {}", e.getMessage());
             throw new AuthServiceConnectionException("Service unavailable", e);
+        } catch (HttpClientErrorException.NotFound e) {
+            log.error("Failed to update user credentials: user not found: {}", e.getMessage());
+            throw new UserNotFoundException("User not found", e);
         } catch (Exception e) {
             log.error("Failed to update user: unexpected response: {}", e.getMessage());
             throw new AuthServiceException("Unexpected result", e);
diff --git a/dbrepo-metadata-service/services/src/main/java/at/tuwien/service/AuthenticationService.java b/dbrepo-metadata-service/services/src/main/java/at/tuwien/service/AuthenticationService.java
index 7127138fab2a98a3bb769ae2e5720f5b7886371a..eb378290aaf0cec147292a4528efae7e3928811b 100644
--- a/dbrepo-metadata-service/services/src/main/java/at/tuwien/service/AuthenticationService.java
+++ b/dbrepo-metadata-service/services/src/main/java/at/tuwien/service/AuthenticationService.java
@@ -60,5 +60,6 @@ public interface AuthenticationService {
      * @throws AuthServiceException           The auth service responded with unexpected behavior.
      * @throws AuthServiceConnectionException The connection with the auth service could not be established.
      */
-    void updatePassword(User user, UserPasswordDto data) throws AuthServiceException, AuthServiceConnectionException, CredentialsInvalidException;
+    void updatePassword(User user, UserPasswordDto data) throws AuthServiceException, AuthServiceConnectionException,
+            CredentialsInvalidException, UserNotFoundException;
 }
diff --git a/dbrepo-metadata-service/services/src/main/java/at/tuwien/service/impl/AuthenticationServiceImpl.java b/dbrepo-metadata-service/services/src/main/java/at/tuwien/service/impl/AuthenticationServiceImpl.java
index 460845e897c5f1c3c20e235c35d21535b539939d..52aa5048891102ae10494790992076f9375388f5 100644
--- a/dbrepo-metadata-service/services/src/main/java/at/tuwien/service/impl/AuthenticationServiceImpl.java
+++ b/dbrepo-metadata-service/services/src/main/java/at/tuwien/service/impl/AuthenticationServiceImpl.java
@@ -43,7 +43,8 @@ public class AuthenticationServiceImpl implements AuthenticationService {
     @Override
     public void delete(User user) throws AuthServiceException, AuthServiceConnectionException, UserNotFoundException,
             CredentialsInvalidException {
-        keycloakGateway.deleteUser(user.getId());
+        final UserDto keycloakUser = findByUsername(user.getUsername());
+        keycloakGateway.deleteUser(keycloakUser.getId());
     }
 
     @Override
@@ -72,8 +73,9 @@ public class AuthenticationServiceImpl implements AuthenticationService {
 
     @Override
     public void updatePassword(User user, UserPasswordDto data) throws AuthServiceException,
-            AuthServiceConnectionException, CredentialsInvalidException {
-        keycloakGateway.updateUserCredentials(user.getId(), data);
+            AuthServiceConnectionException, CredentialsInvalidException, UserNotFoundException {
+        final UserDto keycloakUser = findByUsername(user.getUsername());
+        keycloakGateway.updateUserCredentials(keycloakUser.getId(), data);
     }
 
 }
diff --git a/docker-compose.yml b/docker-compose.yml
index 1e77531c42dfeaa8f8ab9cbcc507c044b8c35a1d..3c78d4d9e9db11765aa5ea47b7f4c781c9ca1743 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -374,7 +374,6 @@ services:
       - '1389:1389'
       - '1636:1636'
     environment:
-      BITNAMI_DEBUG: true
       LDAP_ADMIN_USERNAME: "${IDENTITY_SERVICE_ADMIN_USERNAME:-admin}"
       LDAP_ADMIN_PASSWORD: "${IDENTITY_SERVICE_ADMIN_PASSWORD:-admin}"
       LDAP_USERS: "${SYSTEM_USERNAME:-admin}"
@@ -404,7 +403,6 @@ services:
       OPENSEARCH_PORT: ${OPENSEARCH_PORT:-9200}
       OPENSEARCH_USERNAME: ${SEARCH_DB_USERNAME:-admin}
       OPENSEARCH_PASSWORD: ${SEARCH_DB_PASSWORD:-admin}
-      LOG_LEVEL: ${LOG_LEVEL:-info}
     depends_on:
       dbrepo-search-db:
         condition: service_healthy
@@ -494,10 +492,10 @@ services:
       BROKER_EXCHANGE_NAME: ${BROKER_EXCHANGE_NAME:-dbrepo}
       BROKER_QUEUE_NAME: ${BROKER_QUEUE_NAME:-dbrepo}
       BROKER_HOST: "${BROKER_ENDPOINT:-broker-service}"
-      BROKER_PASSWORD: ${SYSTEM_USERNAME:-admin}
+      BROKER_PASSWORD: ${SYSTEM_PASSWORD:-admin}
       BROKER_PORT: ${BROKER_PORT:-5672}
       BROKER_SERVICE_ENDPOINT: ${BROKER_SERVICE_ENDPOINT:-http://gateway-service/admin/broker}
-      BROKER_USERNAME: ${SYSTEM_PASSWORD:-admin}
+      BROKER_USERNAME: ${SYSTEM_USERNAME:-admin}
       BROKER_VIRTUALHOST: "${BROKER_VIRTUALHOST:-dbrepo}"
       CONNECTION_TIMEOUT: ${CONNECTION_TIMEOUT:-60000}
       EXCHANGE_NAME: ${EXCHANGE_NAME:-dbrepo}
diff --git a/helm/dbrepo/values.yaml b/helm/dbrepo/values.yaml
index f96cf27b47bb0492479bd7ae45e2389870c8f9ef..2b18ed14222517593b1d9a31ec3bf67633fd2e91 100644
--- a/helm/dbrepo/values.yaml
+++ b/helm/dbrepo/values.yaml
@@ -306,7 +306,7 @@ brokerservice:
     ## @param brokerservice.ldap.uidField The field containing the user id.
     uidField: uid
     ## @param brokerservice.ldap.basedn The base domain name containing the users.
-    basedn: ou=users,dc=dbrepo,dc=at
+    basedn: dc=dbrepo,dc=at
     ## @param brokerservice.ldap.userDnPattern The pattern to determine the user.
     userDnPattern: ${username}
   auth: