On (11/05/16 14:29), Ondrej Valousek wrote:
I did not think of bind mounts and sssd-client. Interesting idea. Is it proven to work?
You cannot bind mount sssd-client. The package should be already installed in client container. The fedora base images already contains sssd-client.
You just need to bind mount unix sockets which are used for communication between sssd-client and sssd daemon.
You can optionaly bind mount memory cache. (It can be done read-only)
docker run -ti --rm \ --volume=/var/lib/sss/pipes/:/var/lib/sss/pipes/:rw \ --volume=/var/lib/sss/mc/:/var/lib/sss/mc/:ro \ fedora:23 getent passwd ldap_user
I basically need to have NSS and maybe even automounter, but not sure if autofs works inside the container.
NSS will work with previous example.(tested)
You will need to install "libsss_autofs" into client container and "automount -m" should return maps provided by sssd (not tested)
LS