[GH-ISSUE #706] Bootstrap with arbitrary groups-users #255

New issue

Closed

opened 2026-02-27 08:16:11 +03:00 by kerem · 1 comment

kerem commented

2026-02-27 08:16:11 +03:00

Owner

Originally created by @quentinb69 on GitHub (Oct 17, 2023).
Original GitHub issue: https://github.com/lldap/lldap/issues/706

As an administrator I need to bootstrap Lldap with some pre-identified groups and users.
The users are "services accounts", and they need to be paired with groups.

Use case :

MinIO (S3 like) with ldap authentication (with lldap as a backend)
Lldap with a PostgreSQL as a database
PostgreSQL database with backup in MinIO

I have got an egg-chicken issue with the creation of the PostgreSQL DB, intialized from the backup in MinIO ; and MinIO needs Lldap (and PostgreSQL) to validate authentication and serve the backup.

If I can bootstrap Lldap with some preconfigured users/groups ; it would be sufficient, and i can re-mount the dump afterward.

More over the mechanic is already present with the default admin user ; maybe it can be customized to allow username/password/groups from the parameter file ?

Edit: right now the solution i'm using is via k8s jobs (i'm in kubernetes) to make some api call to the graphql endpoint, and then use the tool "set-password" to init password for the service account.

Originally created by @quentinb69 on GitHub (Oct 17, 2023). Original GitHub issue: https://github.com/lldap/lldap/issues/706 As an administrator I need to bootstrap Lldap with some pre-identified groups and users. The users are "services accounts", and they need to be paired with groups. Use case : - MinIO (S3 like) with ldap authentication (with lldap as a backend) - Lldap with a PostgreSQL as a database - PostgreSQL database with backup in MinIO I have got an egg-chicken issue with the creation of the PostgreSQL DB, intialized from the backup in MinIO ; and MinIO needs Lldap (and PostgreSQL) to validate authentication and serve the backup. If I can bootstrap Lldap with some preconfigured users/groups ; it would be sufficient, and i can re-mount the dump afterward. More over the mechanic is already present with the default admin user ; maybe it can be customized to allow username/password/groups from the parameter file ? Edit: right now the solution i'm using is via k8s jobs (i'm in kubernetes) to make some api call to the graphql endpoint, and then use the tool "set-password" to init password for the service account.

kerem

2026-02-27 08:16:11 +03:00

closed this issue
added the
duplicate
label

kerem commented

2026-02-27 08:16:11 +03:00

Author

Owner

@nitnelave commented on GitHub (Oct 17, 2023):

The question has already come up here: https://github.com/lldap/lldap/issues/654
Short answer is: it's not something that we want to support as part of LLDAP, but it's easy to script it.

In particular, I want to keep the configuration simple.

@nitnelave commented on GitHub (Oct 17, 2023): The question has already come up here: https://github.com/lldap/lldap/issues/654 Short answer is: it's not something that we want to support as part of LLDAP, but it's easy to script it. In particular, I want to keep the configuration simple.