What we built to make OpenLDAP predictable in Docker

The problem didn’t show up during installation. It showed up months later. A container restart happened during routine maintenance. LDAP came back up. slapd was running. Ports were open. But authentication started behaving strangely. Some users could log in. Others couldn’t. A few queries were suddenly slow. Nothing looked broken. But things were clearly different after the restart. That was the real issue. Not failure. Unpredictability. Why many LDAP Docker setups drift over time Most OpenLDAP containers are designed for the first startup, not for long-running environments. They assume things like: the database directory starts empty initialization scripts only run once container restarts don’t change filesystem ownership configuration stored in slapd.d always matches the environment Those assumptions slowly break down. For example: Mounted volumes can keep old ownership after restarts. Initialization scripts may try to recreate base objects that already exist. Schema loading might ru