Thank you for the input Michael Probably Shawn did not mean running slapd in the container as root or not. > > I understood Shawn that he wrote: The container must not run as root, > and must work without any special privileges. > > Anyway you're absolutely free to use whatever command-line you'd like to > start slapd (CMD) independent from the RPMs you're using. >
I see. Yes, the container as non-priv user is best > > 3. Must be able to add new modules/plugins. (probably outside the > > container too) For example, we use bind-dyndb-ldap > > bind-dyndb-ldap is a bind DNS server backend and not something the > OpenLDAP project is responsible for. Does not make sense to add anything > like this on a requirements list for an OpenLDAP server container. > Fair point. One can mount their own volumes to add anything extra. At least documenting this would be nice. > > My only qualm about dockering openldap is the dependency to docker, but > > does not hurt to explore it. > > There are various container run-times with different security > properties. E.g. podman or sysbox allow to run other containers or > systemd inside an unprivileged container. > > Ciao, Michael. (also not a container expert) > True. I mentioned docker simply because it's one of the most popular right now. Thanks!
