# openldap
## directory server

the traffic is proxied by the ingress controller
there is a config map in place ingress-nginx/tcp-services
see:
https://kubernetes.github.io/ingress-nginx/user-guide/exposing-tcp-udp-services/

the traffic is still secured in the pod with a cert from cert manager

looks like nested groups are not possible

improvements:
proper lets encrypt cert
demand encryption
sophosxg firewall user
metrics
liveness probes
resource limits