diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 7b014174d20d5beb398fcd253bb194de310a7f97..577094850cea76d6c5c49323ec56572714c3106b 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,11 +1,11 @@
-image: docker:19.03.1
+image: docker:19.03.12
 
 variables:
   DOCKER_TLS_CERTDIR: "/certs"
-  IMAGE_TAG: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG
+  IMAGE_VER: 1.4.0
 
 services:
-  - docker:19.03.1-dind
+  - docker:19.03.12-dind
 
 before_script:
   - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
@@ -13,5 +13,7 @@ before_script:
 build:
   stage: build
   script:
-    - docker build -t $IMAGE_TAG .
-    - docker push $IMAGE_TAG
+    - docker pull $CI_REGISTRY_IMAGE:latest || true
+    - docker build --cache-from $CI_REGISTRY_IMAGE:latest --tag $CI_REGISTRY_IMAGE:$IMAGE_VER --tag $CI_REGISTRY_IMAGE:latest .
+    - docker push $CI_REGISTRY_IMAGE:$IMAGE_VER
+    - docker push $CI_REGISTRY_IMAGE:latest
diff --git a/Dockerfile b/Dockerfile
index 8bc401590024ccc7d682fa33eb9802f5b1f609fb..357f3923dd55c8a6dbab664e4375cd069d91a237 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -32,7 +32,7 @@ WORKDIR ${OPENLDAP_INSTALL_DIR}/contrib/slapd-modules/passwd/bcrypt
 RUN make
 RUN make install
 
-FROM osixia/openldap:1.3.0
+FROM osixia/openldap-backup:1.4.0
 MAINTAINER Andrej RamaĊĦeuski <andrej.ramaseuski@pirati.cz>
 
 # Osixia/OpenLDAP extension
diff --git a/bootstrap/schema/pirati.schema b/bootstrap/schema/pirati.schema
index af1db01927f3c643f9480ce3d01168d42c50df2a..19a7e2675871991a64e550b566b657ef9d68d246 100644
--- a/bootstrap/schema/pirati.schema
+++ b/bootstrap/schema/pirati.schema
@@ -30,12 +30,6 @@ attributetype ( 1.3.6.1.4.1.55307.2.3.5 NAME 'isEnabled'
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
 	SINGLE-VALUE
 	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.55307.2.3.6 NAME 'emailVerified'
-	DESC 'Registracni email je overen'
-	EQUALITY booleanMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-	SINGLE-VALUE
-	USAGE userApplications )
 attributetype ( 1.3.6.1.4.1.55307.2.3.7 NAME 'contactEmail'
 	DESC 'Kontaktni email'
 	EQUALITY caseIgnoreIA5Match
@@ -48,6 +42,13 @@ attributetype ( 1.3.6.1.4.1.55307.2.3.8 NAME 'isTeam'
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.7{5}
 	SINGLE-VALUE
 	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.55307.2.3.9 NAME 'keycloakUUID'
+	DESC 'Identifikator uzivatele v keycloak'
+	EQUALITY UUIDMatch
+	ORDERING UUIDOrderingMatch
+	SYNTAX 1.3.6.1.1.16.1{36}
+	SINGLE-VALUE
+	USAGE userApplications )
 objectclass ( 1.3.6.1.4.1.55307.2.4.1 NAME 'groupOfPirates'
 	DESC 'Piratska skupina'
 	SUP top
@@ -57,4 +58,9 @@ objectclass ( 1.3.6.1.4.1.55307.2.4.1 NAME 'groupOfPirates'
 objectclass ( 1.3.6.1.4.1.55307.2.4.2 NAME 'pirate'
 	DESC 'Pirat'
 	AUXILIARY
-	MAY ( contactEmail $ emailVerified $ forumId $ isEnabled ) )
+	MAY ( contactEmail $ forumId $ keycloakUUID ) )
+objectclass ( 1.3.6.1.4.1.55307.2.4.3 NAME 'clientRole'
+	DESC 'Role'
+	STRUCTURAL
+	MUST cn
+	MAY ( description $ member ) )