[GH-ISSUE #1128] [BUG] The default password in the docker compose example has wrong syntax #402

New issue

Closed

opened 2026-02-27 08:17:06 +03:00 by kerem · 4 comments

kerem commented

2026-02-27 08:17:06 +03:00

Owner

Originally created by @garylavayou on GitHub (Mar 14, 2025).
Original GitHub issue: https://github.com/lldap/lldap/issues/1128

Describe the bug

In the project's README file, in the docker compose example, the LLDAP_LDAP_USER_PASS=adminPas$word will be parsed as adminPas, due to $word being treated as a compose environment variable, which is not defined and thus empty.

This is misleading and frustrating for a user who want to get started with lldap, as the person may not recognize that the real password is adminPas. When the service is up, he/she will use adminPas$word as password to login as admin, which results in failure as the password does not match.

Expected behavior

Using $$ to escape $ in the compose file, i.e., update LLDAP_LDAP_USER_PASS=adminPas$word as LLDAP_LDAP_USER_PASS=adminPas$$word.

Originally created by @garylavayou on GitHub (Mar 14, 2025). Original GitHub issue: https://github.com/lldap/lldap/issues/1128 **Describe the bug** In the project's README file, in the docker compose example, the `LLDAP_LDAP_USER_PASS=adminPas$word` will be parsed as `adminPas`, due to `$word` being treated as a compose environment variable, which is not defined and thus empty. This is misleading and frustrating for a user who want to get started with lldap, as the person may not recognize that the real password is `adminPas`. When the service is up, he/she will use `adminPas$word` as password to login as `admin`, which results in failure as the password does not match. **Expected behavior** Using `$$` to escape `$` in the compose file, i.e., update `LLDAP_LDAP_USER_PASS=adminPas$word` as `LLDAP_LDAP_USER_PASS=adminPas$$word`.

kerem

2026-02-27 08:17:06 +03:00

closed this issue
added the
documentation
label

kerem commented

2026-02-27 08:17:07 +03:00

Author

Owner

@nitnelave commented on GitHub (Mar 14, 2025):

I'm sorry, I lack a bit of empathy for people who use default passwords :D

I think your suggestion still fails the usability test, since users will now think that the password is "pas$$word". I would rather put "CHANGE_ME" as the password.

Do you think you could open a PR to fix the example?

@nitnelave commented on GitHub (Mar 14, 2025): I'm sorry, I lack a bit of empathy for people who use default passwords :D I think your suggestion still fails the usability test, since users will now think that the password is "pas$$word". I would rather put "CHANGE_ME" as the password. Do you think you could open a PR to fix the example?

kerem commented

2026-02-27 08:17:07 +03:00

Author

Owner

@garylavayou commented on GitHub (Mar 15, 2025):

I'm sorry, I lack a bit of empathy for people who use default passwords :D

I think your suggestion still fails the usability test, since users will now think that the password is "pas$$word". I would rather put "CHANGE_ME" as the password.

Do you think you could open a PR to fix the example?

yes, I will create a PR later.

By the way, is there any requirements on the password complexity. Maybe we can demonstrate it using some other special characters.

@garylavayou commented on GitHub (Mar 15, 2025): > I'm sorry, I lack a bit of empathy for people who use default passwords :D > > I think your suggestion still fails the usability test, since users will now think that the password is "pas$$word". I would rather put "CHANGE_ME" as the password. > > Do you think you could open a PR to fix the example? yes, I will create a PR later. By the way, is there any requirements on the password complexity. Maybe we can demonstrate it using some other special characters.

kerem commented

2026-02-27 08:17:07 +03:00

Author

Owner

@nitnelave commented on GitHub (Mar 19, 2025):

There are no requirements (and cannot be, since when changing the password the server doesn't receive the plaintext password).

There are some proposals to have the frontend "enforce" rules (that a motivated user could bypass) and the server enforce the same on the LDAP interface, but nothing concrete yet.

@nitnelave commented on GitHub (Mar 19, 2025): There are no requirements (and cannot be, since when changing the password the server doesn't receive the plaintext password). There are some proposals to have the frontend "enforce" rules (that a motivated user could bypass) and the server enforce the same on the LDAP interface, but nothing concrete yet.

kerem commented

2026-02-27 08:17:07 +03:00

Author

Owner

@NassimBounouas commented on GitHub (Oct 18, 2025):

Thanks @nitnelave for the merge 🙏 Following the PR, I think this issue can be closed.

@NassimBounouas commented on GitHub (Oct 18, 2025): Thanks @nitnelave for the merge 🙏 Following the PR, I think this issue can be closed.

kerem referenced this issue

2026-02-27 09:09:29 +03:00

[PR #402] [MERGED] Add devcontainer #717