[GH-ISSUE #733] [BUG] Migration issue with key going from 0.4.3 to 0.5 #265

New issue

Closed

opened 2026-02-27 08:16:14 +03:00 by kerem · 1 comment

kerem commented

2026-02-27 08:16:14 +03:00

Owner

Originally created by @ishanjain28 on GitHub (Nov 9, 2023).
Original GitHub issue: https://github.com/lldap/lldap/issues/733

Describe the bug

lldap version 0.4.3 ignores key_seed field and uses key files. lldap 0.5 does not ignore key_seed field. This can confuse people who had configured key_seed with 0.4.3 and didn't realize it auto generated a key file any way and it was using a key file.

After upgrading to 0.5, key_seed will actually start working and users will not be able to login to any thing(the web dashboard or ldap enabled apps) if key seed and key file contain different keys.

To Reproduce
Steps to reproduce the behavior:

In 0.4.3, Set config to,

#key_file = "/opt/lldap/server_key"

key_seed = "04f82f05aec2e06be45d74fbad340d729148dbf"

Start 0.4.3 once to initialize every thing
Upgrade to 0.5
Try logging in any where with any credentials

Expected behavior

Every thing should still be accessible after upgrading

Additional context

On startup, lldap should warn users about potential migration issues if config contains key_seed and there is a valid private key at the path specified in key_file OR there is a valid private key at $(pwd)/server_key.

The latter is default location for saving private key if key_file field was empty/unspecified.

Originally created by @ishanjain28 on GitHub (Nov 9, 2023). Original GitHub issue: https://github.com/lldap/lldap/issues/733 **Describe the bug** lldap version 0.4.3 ignores `key_seed` field and uses key files. lldap 0.5 does not ignore `key_seed` field. This can confuse people who had configured `key_seed` with 0.4.3 and didn't realize it auto generated a key file any way and it was using a key file. After upgrading to 0.5, `key_seed` will _actually_ start working and users will not be able to login to any thing(the web dashboard or ldap enabled apps) if key seed and key file contain different keys. **To Reproduce** Steps to reproduce the behavior: 1. In 0.4.3, Set config to, ``` #key_file = "/opt/lldap/server_key" key_seed = "04f82f05aec2e06be45d74fbad340d729148dbf" ``` 2. Start 0.4.3 once to initialize every thing 3. Upgrade to 0.5 4. Try logging in any where with any credentials **Expected behavior** Every thing should still be accessible after upgrading **Additional context** On startup, `lldap` should warn users about potential migration issues if config contains `key_seed` and there is a valid private key at the path specified in `key_file` OR there is a valid private key at `$(pwd)/server_key`. The latter is default location for saving private key if `key_file` field was empty/unspecified.

kerem

2026-02-27 08:16:14 +03:00

closed this issue
added the
bug
label

kerem commented

2026-02-27 08:16:15 +03:00

Author

Owner

@nitnelave commented on GitHub (Jan 22, 2024):

I fixed that in a previous PR, closing now. We have way better diagnosis for that case.

@nitnelave commented on GitHub (Jan 22, 2024): I fixed that in a previous PR, closing now. We have way better diagnosis for that case.