diff --git a/paris-container.nix b/paris-container.nix
index 05ffe13..d68fe9d 100644
--- a/paris-container.nix
+++ b/paris-container.nix
@@ -161,15 +161,30 @@ in {
         target-file = "/run/paris/openssh/${keypairFilename keypair}";
       }) parisKeypairs));
 
+    networking = {
+      bridges.paris-auth0.interfaces = [ "ldap0" ];
+      interfaces.ldap0 = {
+        virtual = true;
+        ipv4.addresses = [{
+          address = "172.16.128.1";
+          prefixLength = 24;
+        }];
+      };
+    };
+
     virtualisation.oci-containers.containers.paris-ldap-proxy = {
       image = cfg.ldap.image;
       autoStart = true;
-      ports = [ "${toString cfg.ldap.port}:389" ];
+      ports = [ "172.16.128.1:${toString cfg.ldap.port}:389" ];
       environmentFiles = [ hostSecrets.parisLdapEnv.target-file ];
     };
 
     containers.paris = {
       macvlans = [ cfg.networking.interface ];
+      extraVeths.paris0 = {
+        hostBridge = "paris-auth0";
+        hostAddress = "172.16.128.5";
+      };
       bindMounts = {
         "/home" = {
           hostPath = "${cfg.state-directory}/home";
@@ -232,7 +247,7 @@ in {
                 auth_provider = "ldap";
                 access_provider = "ldap";
 
-                ldap_uri = "ldap://localhost:${toString cfg.ldap.port}";
+                ldap_uri = "ldap://172.16.128.1:${toString cfg.ldap.port}";
                 ldap_schema = "rfc2307bis";
 
                 ldap_search_base = cfg.ldap.base;