Add support for user password rotation

[gberche-orange]

Is your feature request related to a problem? Please describe.

Changes to userPasswords are ignored (only picked up on first start)

Describe the solution you'd like

changes to userPasswords are applied to the container

I believe this is an upstream limitation of the bitnami image similar to https://github.com/bitnami/containers/issues/44545

The second start shows the following traces indicating "Using persisted data" and not proceeding with existing configuration

Defaulted container "openldap-stack-ha" out of: openldap-stack-ha, init-schema (init), init-tls-secret (init)                                                                                                      
 10:58:25.14 INFO  ==> ** Starting LDAP setup **                                                         
 10:58:25.24 INFO  ==> Validating settings in LDAP_* env vars                                            
 10:58:25.26 INFO  ==> Initializing OpenLDAP...                                                                                                                                                                    
 10:58:25.26 DEBUG ==> Ensuring expected directories/files exist...                                                                                                                                                
 10:58:25.29 INFO  ==> Using persisted data                                                                                                                                                                        
 10:58:25.30 INFO  ==> ** LDAP setup finished! **                                                                                                                                                                  

https://github.com/bitnami/containers/blob/54360af174f405dd7770a867ea880e8469639f3b/bitnami/openldap/2.6/debian-12/rootfs/opt/bitnami/scripts/openldap/setup.sh#L18-L27 https://github.com/bitnami/containers/blob/54360af174f405dd7770a867ea880e8469639f3b/bitnami/openldap/2.6/debian-12/rootfs/opt/bitnami/scripts/libopenldap.sh#L611-L619 https://github.com/bitnami/containers/blob/54360af174f405dd7770a867ea880e8469639f3b/bitnami/openldap/2.6/debian-12/rootfs/opt/bitnami/scripts/libopenldap.sh#L592-L600

Describe alternatives you've considered

Rotating user passwords using ldap cli

Additional context

Thanks again for the great work on this project !

[jp-gouin]

Hi @gberche-orange Indeed the upstream image does not support it .

I though about it and it could be really challenging as you would need to determine either if you should add or modify an entry. And if you need to modify then you need to add the correct replace: in the ldif

We could add a ldif block that would always be executed and it's up to the user to manage the logic 🤷 This is something I could easily add and since I have a custom Bitnami image I could add that logic as well

[gberche-orange]

Thanks @jp-gouin for your prompt response !

Could this logic be accepted in the upstream bitnami image ?

This is something I could easily add and since I have a custom Bitnami image I could add that logic as well

Could you share the repository where the custom bitnami image is maintained ? Is it a goal to keep a custom image or a temporary workaround until a PR/issue with upstream bitnami get merged/fixed ?

[jp-gouin]

It's in my fork https://github.com/jp-gouin/containers/tree/main/bitnami/openldap

It's not the plan to maintain a fork however one mandatory PR that I submitted has been reverted. I need to find an alternative to the PR to use the upstream one again.

[gberche-orange]

Thanks. I don't find your changes in the main branch, is it somewhere else ?

I see

such as https://github.com/jp-gouin/containers/commit/53a18d386786cca8bef1434ed228d23f8dbc5044 and https://github.com/bitnami/containers/commit/53a18d386786cca8bef1434ed228d23f8dbc5044