top of page
  • Writer's pictureGreg Burd

OpenLDAP Containers and a Helm Chart

Symas announces commercial support for an OpenLDAP container and associated Helm Chart, simplifying deployment of OpenLDAP within Kubernetes or anywhere Docker is available. The containers and chart, available now on DockerHub and ArtifactHub, are open source and free for use with no obligation; as always, commercial support is available from Symas.

OpenLDAP has been around for over 20 years, long before Docker arrived in 2013. Over the years, Symas has focused on supporting OpenLDAP in the most performance-sensitive application deployments. This meant hardware with specialized storage systems tuned for microsecond access was dedicated to running OpenLDAP in clusters at peak performance levels. Large telecoms, universities, and many other companies depend on Symas support when tuning and deploying OpenLDAP in this way. While we focused on enterprise adoption, we overlooked software written to use LDAP directory services in less demanding environments with lower performance requirements but similar high availability and uptime demands. It is commonplace to deploy software such as Airsonic-Advanced, Apache Guacamole, Apereo CAS server, Authelia, Authentik, Calibre Web, Dell iDRAC, DokuWiki, Dolibarr, Ejabberd, Emby, Ergo, Gitea/Forgejo, Hedgedoc, Home-Assistant, Jellyfin, Jenkins, Kanboard, Keycloak, LibreNMS, Mealie, MinIO, NextCloud, OPNsense, Organizr, pfSense, Portainer, PowerDNS Admin, Proxmox, Rancher, Seafile, Shaarli, Sonatype Nexus, Squid, Syncthing, Synapse, Tandoor Recipes, The Lounge, Vault Warden, Wekan, Wikijs, Zabbix Web, ZendTo, and Zulip - just to name a few - as containers (LXC) configured to use LDAP. This has been hard to do given the lack of well-maintained and supported OpenLDAP containers and methods to deploy into environments like Kubernetes.

Before building our own container, we reviewed what was available. We discovered many abandoned or out-of-date containers for OpenLDAP. The Osixia container is quite old, totally abandoned, yet extremely popular, with over 50 million downloads despite having no updates for 2-9 years! That's half a lifetime ago for OpenLDAP; we strongly recommend people move away from that container as soon as possible if they're using it.

We found that Bitnami (now a part of VMware) had thoughtfully containerized and was maintaining a container for OpenLDAP. The engineers at Binami have added OpenLDAP into their build systems, dug into the maze of configuration options, and boiled them down into something that worked for most cases we've run across, albeit with a Docker-friendly approach. This container has been wildly successful, with over 10 million downloads, a testament to their work. In the spirit of open source, we've forked Bitnami's code, improved it, and released our version on DockerHub for our LTS 2.5.x version and 2.6.x release for amd64 and arm64 architectures. Should you have issues or even better improvements, please consider filing them as bugs or pull requests on GitHub.

For our Helm Chart, we started with the work done by Jean-Philippe Gouin (an engineer working at Bitnami, perhaps on the OpenLDAP container code), which uses the Bitnami container, swapped in the Symas container for OpenLDAP, and updated some of the configuration for replicated systems based on our years of field experience and knowledge of the code. The Chart is available today and will continue to evolve rapidly as we learn how to best integrate OpenLDAP into Kubernetes clusters.

Our value is in our attention to detail and depth of knowledge; we build OpenLDAP with additional patches not only to the code in that project but to any supporting library that we find flaws in that remain unpatched upstream. While other builds of OpenLDAP are nearly identical to those we produce, we go further for our customers by including fixes to anything related to OpenLDAP. Those fixes are then pushed to the other open-source projects, and when they are finally released, we can revert our custom-patched versions in favor of the maintainers.

We are committed to supporting containers as a primary distribution method, just as we provide install packages for various platforms (Debian, RPM, etc) published in predictable locations to ease adoption. We will update the chart and container regularly, adding new versions as they are released, supporting new CPU architectures, and adding more features or configuration options as necessary. Please contact us if you need help; we're available via Matrix for troubleshooting.

332 views0 comments

Recent Posts

See All

OpenSSL 3

Symas is pleased to announce that all of its OpenLDAP 2.5, starting with 2.5.17-2, and its 2.6 builds, starting with 2.6.7-2, feature OpenSSL 3.0.8-1 and later. Upgrades are seamless and functionality


bottom of page