Notes about DirectControl utilities in docker containers


  • Do not run "adleave" inside any docker container. This may affect the configuration in the host.
  • If you run "adleave" from the host and then joins to Active Directory again using adjoin, all docker containers MUST be restarted. Otherwise, DirectControl and DirectAudit functionalities will not work in the docker containers.
  • "adreload" should not be run in the docker container. It does not change anything in the container or the CoreOS host but generates an audit trail event in the docker syslog.
  • If addebug is enabled in a docker container, all the debug messages are sent to the host, and cannot be found in the docker container itself.
  • Instead of copying a snapshot of /etc/centrifydc and /etc/centrifyda to the docker containers, you can also share these directories with the docker containers by using the -v option in the docker run command. If you decide to do this, running "addebug on/off" (and "dadebug on/off") on the host will enable/disable debug messages for all the containers.