Is this a "single UID" container (i.e. SSSD and client apps run under the same UID within container namespace)?
What do you use as an entry point of the container / how do you manage (start of) multiple processes?
What authentication means do you use?
If this is Kerberos, does your app use TGT acquired during authentication?
Yes single UID container with simple init (no systemd). Both SSSD and client applications run within the same container. In our use case we use only LDAP domains for now, no Kerberos.
What platform is this? Is it still
```
The container is executed in OpenShift cluster which does not allow running as root inside container.
```
as in your original email in this thread?
Having said that, and taking into account 'user-ns' support isn't available yet, you might want to try builds from
https://copr.fedorainfracloud.org/coprs/g/sssd/nightly/ : currently Fedora rawhide, Centos-stream 9 and Rhel 9 packages there are built '--with-sssd-user=sssd' and main SSSD process can be run directly under 'sssd' user.
Since you don't need Kerberos / handle keytabs and user TGTs, it should work out of the box.
Your feedback and observations are welcome.