docker-openldap icon indicating copy to clipboard operation
docker-openldap copied to clipboard
verified publisher icon osixia

offer a rootless version

Open arminfelder opened this issue 5 years ago • 3 comments

OpenLDAP does not require root priviledges for anything else then opening port below 1024

From a security standpoint it would be better to just run as an unpriviledged user e.g 1000 and use higher ports

arminfelder avatar Jan 18 '20 19:01 arminfelder

I have an issue with the root user as well. My environment does not allow pods to be run as root and a non-root user does not seem to work.

I didn't it an issue when running on a different port but without root it does not seem to be progressing at all.

apiVersion: apps/v1\n kind: Deployment metadata: name: openldap labels: app: openldap spec: selector: matchLabels: app: openldap replicas: 1 template: metadata: labels: app: openldap spec: securityContext: runAsUser: 1000 containers: - name: openldap image: hub.visa.com/paas/openldap:1.3.0 args: ["--loglevel", "debug", "--copy-service"]

The error only gives the below

*** CONTAINER_LOG_LEVEL = 4 (debug) *** Run commands before finish... *** Killing all processes..

avsamit6600 avatar Feb 21 '20 22:02 avsamit6600

Any updates on this issue?

creasman avatar Jan 26 '21 22:01 creasman

About the ports: It is possible to override the default ones via LDAP_PORT and LDAPS_PORT

xi avatar Apr 21 '21 10:04 xi