Appreciate the reply Shawn.
> It’s a fair question to ask. There are many openldap images out there, of > varying refinement, complexity and (presumably) quality. Agreed. I prefer to stick to what is supported without "hacking" too much > I’ll start: > > 1. Must be secure, not run as root, and follow best practices. > I can agree to this but the current symas rpm by default does not follow this... ( I believe there was a mailing list Q about it recently which was shut down because "many customers run like this and it's fine" ) of course, the user can easily create the ldap user and make the slapd service run as ldap. 2. The configuration and database artifacts must reside outside the > container. > absolutely 3. Must be able to add new modules/plugins. (probably outside the container too) For example, we use bind-dyndb-ldap Cant think of anything else honestly, ldap is pretty light.. hence the name :D My only qualm about dockering openldap is the dependency to docker, but does not hurt to explore it. Either-way, options are always good to have. Thanks again for the response. Best, Dave
