diff --git a/rlm_python/Dockerfile b/rlm_python/Dockerfile
index 0aad95f8e..ca564a41c 100644
--- a/rlm_python/Dockerfile
+++ b/rlm_python/Dockerfile
@@ -1,16 +1,17 @@
 ARG BASE_IMAGE=opensuse/tumbleweed:latest
-FROM ${BASE_IMAGE} AS repos
+# FROM ${BASE_IMAGE} as repos
+FROM ${BASE_IMAGE}
+
 ADD ../scripts/zypper_fixing.sh /zypper_fixing.sh
 RUN --mount=type=cache,id=zypp,target=/var/cache/zypp /zypper_fixing.sh
 
 # ======================
-FROM repos
-EXPOSE 1812 1813
+# FROM repos
 ARG RADIUS_USER=radiusd
+EXPOSE 1812 1813
+ENV KANIDM_CONFIG_FILE="/data/kanidm"
 
-RUN \
-    --mount=type=cache,id=zypp,target=/var/cache/zypp \
-    zypper install -y \
+RUN --mount=type=cache,id=zypp,target=/var/cache/zypp zypper install -y \
         freeradius-client \
         freeradius-server \
         freeradius-server-python3 \
@@ -52,11 +53,14 @@ RUN mkdir -p /pkg/pykanidm/
 COPY pykanidm/ /pkg/pykanidm/
 
 # install the package and its dependencies
-RUN python3 -m pip install --no-cache-dir --no-warn-script-location /pkg/pykanidm
+RUN python3 -m pip install \
+    --break-system-packages \
+    --no-cache-dir \
+    --no-warn-script-location \
+    /pkg/pykanidm
 
 COPY rlm_python/radius_entrypoint.py /radius_entrypoint.py
 
-ENV KANIDM_CONFIG_FILE="/data/kanidm"
 
 RUN chmod a+r /etc/raddb/certs/ -R
 USER $RADIUS_USER
diff --git a/tools/Dockerfile b/tools/Dockerfile
index 454714581..c96424aee 100644
--- a/tools/Dockerfile
+++ b/tools/Dockerfile
@@ -48,7 +48,11 @@ RUN \
     cargo build -p kanidm-ipa-sync ${KANIDM_BUILD_OPTIONS} \
         --target-dir="/usr/src/kanidm/target/" \
         --features="${KANIDM_FEATURES}" \
-        --release  && \
+        --release && \
+    cargo build -p kanidm-ldap-sync ${KANIDM_BUILD_OPTIONS} \
+        --target-dir="/usr/src/kanidm/target/" \
+        --features="${KANIDM_FEATURES}" \
+        --release && \
     sccache -s
 
 # == Construct the tools container
@@ -60,18 +64,16 @@ RUN \
     --mount=type=cache,id=zypp,target=/var/cache/zypp \
     zypper install -y \
         timezone \
-        busybox-adduser \
         openssl-3
 
 COPY --from=builder /usr/src/kanidm/target/release/kanidm /sbin/
 COPY --from=builder /usr/src/kanidm/target/release/kanidm-ipa-sync /sbin/
+COPY --from=builder /usr/src/kanidm/target/release/kanidm-ldap-sync /sbin/
 RUN chmod +x /sbin/kanidm
 RUN chmod +x /sbin/kanidm-ipa-sync
+RUN chmod +x /sbin/kanidm-ldap-sync
 
-RUN adduser -D -H kanidm && \
-    mkdir /etc/kanidm && \
+RUN mkdir /etc/kanidm && \
     touch /etc/kanidm/config
 
-USER kanidm
-
 CMD [ "/sbin/kanidm", "-h" ]
\ No newline at end of file