ldap user as docker username

[bhuvan]

The -u/--user option for docker run is useful only for local accounts listed in /etc/passwd. If host system is integrated with ldap, the users won't have an entry in this file. Docker run fail, as it's unable to find those users.

In the below example, user bhuvan is in ldap, but docker run don't allow to use this account. Docker should have an ability to use host system auth mechanism.

$ docker run --user=bhuvan --rm -i -t --net host centos:centos6 /bin/bash
2014/07/16 16:45:54 Error response from daemon: Cannot start container 95ef5ab02d7471b509fcaa37c22afe48b04af3c57db5b72264f84136c97bec39: finalize namespace setup user get supplementary groups Unable to find user bhuvan

[louden]

If you are running docker in the bhuvan account, you can enter into the container as the bhuvan user by setting the -u flag like so:

-u=$(id -u $(whoami)):$(id -g $(whoami))

Note that inside the container, you will not see the name but the actual UID and GID.

[unclejack]

@Bhuvaneswaran You need to set this up within your container. Integrating with ldap now isn't possible.

Ldap integration for Docker might become possible in the future, but it's not supported for now. This should become possible once plugins are supported.

[dragon788]

@louden I've run into this same issue years later, and if I try to pass in the user and they are only stored in LDAP and not /etc/passwd I'm unable to use them inside the container even with your code snippet.

Sadly I highly doubt our network admins would appreciate me creating a local user (if I have the permissions) and running docker with that user just to work around the fact that it can't query the network authentication for the user that doesn't "exist" on the system according to /etc/passwd.