I have a container host on which users are authenticated against a company Active Directory using SSSD with LDAP. On this host I have several docker containers running. Some of these containers just need to recognize the users (like e.g. the "id " command) and retrieve userid and group information, for some others I need the ability to run processes as a users.
For all this I could run SSSD inside each container, but this is an additional in principle unneeded process that makes building and running the container cumbersome and also goes against the idea of small isolated microservices.
I have read about running an "SSSD-proxy" that forwards the information from local /etc/passwd, but found no description on whether it would be possible to use the host's SSSD with LDAP and have it somehow forward the data needed to authenticate users to the containers.
How would you go about this?
