On 3/29/22 16:36, Dave Macias wrote:
Shawn wrote:
I’ll start: 1. Must be secure, not run as root, and follow best practices.I can agree to this but the current symas rpm by default does not follow this...
Probably Shawn did not mean running slapd in the container as root or not.
I understood Shawn that he wrote: The container must not run as root, and must work without any special privileges.
Anyway you're absolutely free to use whatever command-line you'd like to start slapd (CMD) independent from the RPMs you're using.
- Must be able to add new modules/plugins. (probably outside the
container too) For example, we use bind-dyndb-ldap
bind-dyndb-ldap is a bind DNS server backend and not something the OpenLDAP project is responsible for. Does not make sense to add anything like this on a requirements list for an OpenLDAP server container.
My only qualm about dockering openldap is the dependency to docker, but does not hurt to explore it.
There are various container run-times with different security properties. E.g. podman or sysbox allow to run other containers or systemd inside an unprivileged container.
Ciao, Michael. (also not a container expert)