[GH-ISSUE #1066] [BUG] LLDAP not starting after changing for _FILE secrets #380

New issue

Closed

opened 2026-02-27 08:16:58 +03:00 by kerem · 3 comments

kerem commented

2026-02-27 08:16:58 +03:00

Owner

Originally created by @Flyingfufu on GitHub (Dec 26, 2024).
Original GitHub issue: https://github.com/lldap/lldap/issues/1066

Describe the bug
After changing from using .env LLDAP_JWT_SECRET and LLDAP_KEY_SEED to LLDAP_JWT_SECRET_FILE and LLDAP_KEY_SEED_FILE with the exact same content, LLDAP is not starting anymore but throw the following error:

Error: The private key has changed. It used to come from KeySeed(EnvironmentVariable("`LLDAP_` environment variable(s)")), but now it comes from KeySeed(EnvironmentVariable("`LLDAP_` environment variable(s)")).
Caused by:
    The private key encoding the passwords has changed since last successful startup. Changing the private key will invalidate all existing passwords. If you want to proceed, restart the server with the CLI arg --force-update-private-key=true or the env variable LLDAP_FORCE_UPDATE_PRIVATE_KEY=true. You probably also want --force-ldap-user-pass-reset / LLDAP_FORCE_LDAP_USER_PASS_RESET=true to reset the admin password to the value in the configuration .

The original value where written LLDAP_JWT_SECRET=XXXX, not ='XXXX'
Both contains special characters and are 64 characters long.

Installation is done under Docker, using the :latest version

Expected behavior
Restart as when using the .env data.

Additional context
https://discordapp.com/channels/898492935446876200/1321896418536853525

Originally created by @Flyingfufu on GitHub (Dec 26, 2024). Original GitHub issue: https://github.com/lldap/lldap/issues/1066 **Describe the bug** After changing from using .env LLDAP_JWT_SECRET and LLDAP_KEY_SEED to LLDAP_JWT_SECRET_FILE and LLDAP_KEY_SEED_FILE with the exact same content, LLDAP is not starting anymore but throw the following error: ``` Error: The private key has changed. It used to come from KeySeed(EnvironmentVariable("`LLDAP_` environment variable(s)")), but now it comes from KeySeed(EnvironmentVariable("`LLDAP_` environment variable(s)")). Caused by: The private key encoding the passwords has changed since last successful startup. Changing the private key will invalidate all existing passwords. If you want to proceed, restart the server with the CLI arg --force-update-private-key=true or the env variable LLDAP_FORCE_UPDATE_PRIVATE_KEY=true. You probably also want --force-ldap-user-pass-reset / LLDAP_FORCE_LDAP_USER_PASS_RESET=true to reset the admin password to the value in the configuration . ``` The original value where written LLDAP_JWT_SECRET=XXXX, not ='XXXX' Both contains special characters and are 64 characters long. Installation is done under Docker, using the :latest version **Expected behavior** Restart as when using the .env data. **Additional context** https://discordapp.com/channels/898492935446876200/1321896418536853525

kerem

2026-02-27 08:16:58 +03:00

closed this issue
added the
bug
label

kerem commented

2026-02-27 08:16:59 +03:00

Author

Owner

@nitnelave commented on GitHub (Dec 26, 2024):

I could not reproduce it with:

LLDAP_KEY_SEED=abc lldap run
echo -n abc > my_key_file
LLDAP_KEY_SEED_FILE=my_key_file lldap run

@nitnelave commented on GitHub (Dec 26, 2024): I could not reproduce it with: ``` LLDAP_KEY_SEED=abc lldap run echo -n abc > my_key_file LLDAP_KEY_SEED_FILE=my_key_file lldap run ```

kerem commented

2026-02-27 08:16:59 +03:00

Author

Owner

@burn3r10 commented on GitHub (Nov 15, 2025):

I'm setting the variable in the config file and getting this same error.

Or I get told I need to set a JWT_Secret variable despite having one set already.

@burn3r10 commented on GitHub (Nov 15, 2025): I'm setting the variable in the config file and getting this same error. Or I get told I need to set a JWT_Secret variable despite having one set already.

kerem commented

2026-02-27 08:16:59 +03:00

Author

Owner

@nitnelave commented on GitHub (Nov 15, 2025):

Can you open a new issue with the details of your configuration? Which keys are you setting?

@nitnelave commented on GitHub (Nov 15, 2025): Can you open a new issue with the details of your configuration? Which keys are you setting?

kerem referenced this issue

2026-02-27 09:09:26 +03:00

[PR #380] [MERGED] server: follow clippy's suggestions #707