Appreciate the reply Shawn.
It’s a fair question to ask. There are many openldap images out there, of varying refinement, complexity and (presumably) quality.
Agreed. I prefer to stick to what is supported without "hacking" too much
I’ll start:
1. Must be secure, not run as root, and follow best practices.
I can agree to this but the current symas rpm by default does not follow this... ( I believe there was a mailing list Q about it recently which was shut down because "many customers run like this and it's fine" )
of course, the user can easily create the ldap user and make the slapd service run as ldap.
2. The configuration and database artifacts must reside outside the container.
absolutely
3. Must be able to add new modules/plugins. (probably outside the container too) For example, we use bind-dyndb-ldap
Cant think of anything else honestly, ldap is pretty light.. hence the name :D
My only qualm about dockering openldap is the dependency to docker, but does not hurt to explore it.
Either-way, options are always good to have.
Thanks again for the response.
Best,
Dave