I am looking for a container like openshift/openldap-2441-centos7 or https://github.com/osixia/docker-openldap that would be running a Windows OS and have some sensible defaults.
I'd like to add a couple of user accounts and test that my application can talk to the Windows AD and login with the specified accounts.
ATM we're testing against OpenLDAP on Linux but would like to test against a real Windows AD configuration.
CodePudding user response:
The way Windows Active directory is designed , currently it does not support running inside a windows container. You may have to keep the Active directory server outside the container and setup DNS accordingly. Please check the article https://docs.microsoft.com/en-us/virtualization/windowscontainers/manage-containers/manage-serviceaccounts . windows containers cannot be domain joined but for testing applications you can create a group managed service account (gMSA) . If you were hoping to run active directory service in a windows container , its not possible , however if you are looking for testing with service accounts you can use gMSA.
CodePudding user response:
• There is currently no available officially released docker image for Windows Server Active Directory that can be deployed in a container, however, you can configure a Windows container to run with a group managed service account which can in turn provide Active Directory authentication to a group of computers or applications running on other containers.
• For this purpose, you would need a Windows Active Directory domain with at least one functional domain controller running Windows Server 2012 R2 or later and a system with internet access and domain administrator credentials to download the CredentialSpec Powershell module.
• Retrieve the ‘KdsRootKey’ from the domain controller and make it effective. Create a group managed service account by the name of the container that can be shared across multiple different machines and whose access is limited to a security group including the container host through a access control list and further register a SPN for that gMSA.
• Once a gMSA is created, prepare a container host for domain joined container host and set up docker for Windows Server on it. Then, create the credential specification file on it and install on the container host. In this way, it becomes ready to authenticate with various applications with the active directory authentication.
Please find the below links for more information: -
https://kubernetes.io/docs/tasks/configure-pod-container/configure-gmsa/