DEV Community

Cover image for How to deploy python-ldap in Production Docker Image
Nader Elshehabi
Nader Elshehabi

Posted on

How to deploy python-ldap in Production Docker Image

I had a web dashboard that I needed to authenticate using ldap. For that I wanted to go with python-ldap package.

I faced few challenges in deploying to my Docker image since it required source code build on deployment, and there are no official binaries. That meant that if I want to deploy python-ldap on a production server / container; I have to install development packages as described in the Build Prerequisites section of their documentation.

For development purposes, this would have been fine, but I preferred not to have those unnecessary packages in my deployed production container. The other option was to deploy prebuilt packages. I also preferred not to do that.

The solution was simple though. I simply built the wheel inside one stage of my docker image, then just copied this wheel file to the next stage, to install it directly using pip.

Below is my docker file.

FROM python:3.9.2 AS ldap-build

RUN apt-get update -y && \ 
    apt-get install -y libsasl2-dev python-dev libldap2-dev libssl-dev && \
    python -m pip wheel --wheel-dir=/tmp python-ldap==3.3.1

FROM python:3.9.2
COPY --from=ldap-build /tmp/*.whl /tmp
RUN python -m pip install /tmp/*.whl

CMD tail -f /dev/null
Enter fullscreen mode Exit fullscreen mode

While being a simple solution, I was a bit surprised I didn't find a ready made solution like this. I thought it's worth sharing for python-ldap deployments in production, and in any similar case, where you have to build python packages yourself.

I hope it helps somebody out there.


Discussion (5)

florian_courouge profile image

Hi, nice post, I try it to in this way:
What to you think ?

naderelshehabi profile image
Nader Elshehabi Author

Thanks for sharing. Looks like you've put a lot of effort in it. Well written.

I haven't tried the Dockerfile, but I'm wondering why do you need a virtual environment inside the container, and why two stages for build?

florian_courouge profile image

I use multi-stage build to reduce image size and benefit layer caching. In case of virtual environment, I just divide the build stage with pip dependencies and the run stage to reduce attack surface. I'm not a expert on this part but you could find some links that explain why I am using multistage :)

agritheory profile image
Tyler Matteson

@florian_courouge I'm interested in understanding why you decided to use a combination of a debian and distroless base images.

florian_courouge profile image

In short answer, debian for building ordinary packages and distroless to reduce vulnerabilities (and docker image size in some cases). These base images are stable unlike alpine base.