Hello, On Tue, Mar 29, 2022 at 10:42 AM Shawn McKinney <smckin...@symas.com> wrote: > > > > On Mar 21, 2022, at 3:55 PM, Dave Macias <dav...@gmail.com> wrote: > > > > Does anyone else have an opinion/comment/concern on this? > > This will be the last time I ask if no response... ( I like quiet mailing > > list too :D ) > > > > Thank you always for the awesome support!! > > Hi Dave, > > It’s a fair question to ask. There are many openldap images out there, of > varying refinement, complexity and (presumably) quality. > > Despite not being an expert in containers, I took on the task of creating > images that we use in testing and to share with our customers, as they > sometimes ask about it as well. > > I have my own opinion on what’s needed but that’s not as good as real > requirements. > > Speaking of, can you supply a list of them? If we can agree to what we’d > like to see an openldap container ‘do’, it should be easy enough to make that > happen. > > I’ll start: > > 1. Must be secure, not run as root, and follow best practices. > > 2. The configuration and database artifacts must reside outside the container.
I believe the trickiest thing to get right is exactly this interface between the container and its configuration. In summary, what should the entrypoint.sh be able to do, with what env vars set, what to do if an existing db is found, hooks for extra scripts to run, storage mount points, etc. A good source for inspiration might be database-like containers, like postgresql.
