[GH-ISSUE #1340] [FEATURE REQUEST] Allow reading db url by parts and from file #470

New issue

Open

opened 2026-02-27 08:17:27 +03:00 by kerem · 1 comment

kerem commented

2026-02-27 08:17:27 +03:00

Owner

Originally created by @ykhrustalev on GitHub (Oct 25, 2025).
Original GitHub issue: https://github.com/lldap/lldap/issues/1340

Motivation
When using a randomly generated password for a database, the url has to be escaped, it adds extra complexity to prepare it in a particular way for the app.

Describe the solution you'd like

I see there are 2 options:

Add options to read the database url in a granular format, where there is separate username, password, host, port and other pieces are set. That way cli will raise an issue if the DB url is set same time as the DB options.
Add a password specific parameter that allows overriding the password in the DB url

Describe alternatives you've considered
Currently I craft a string in a separate python script before injecting it in the systemd env

Additional context
none

Originally created by @ykhrustalev on GitHub (Oct 25, 2025). Original GitHub issue: https://github.com/lldap/lldap/issues/1340 **Motivation** When using a randomly generated password for a database, the url has to be escaped, it adds extra complexity to prepare it in a particular way for the app. **Describe the solution you'd like** I see there are 2 options: 1. Add options to read the database url in a granular format, where there is separate username, password, host, port and other pieces are set. That way cli will raise an issue if the DB url is set same time as the DB options. 2. Add a password specific parameter that allows overriding the password in the DB url **Describe alternatives you've considered** Currently I craft a string in a separate python script before injecting it in the systemd env **Additional context** none

kerem added the

enhancement

label

2026-02-27 08:17:27 +03:00

kerem commented

2026-02-27 08:17:27 +03:00

Author

Owner

@nitnelave commented on GitHub (Oct 25, 2025):

It seems like a lot of work to avoid calling "url_encode".

You could make the password not contain any of the characters to escape, and make it longer to make up for the deceased complexity.

You can write the entire DB url to a file instead of putting it in the env.

I don't think that the problem justifies an extra parameter and the accompanying (product) complexity. I want to avoid having more things for users to read to configure LLDAP, and save them from ambiguity in how the DB url is specified. The URL format is clear and standard enough.

@nitnelave commented on GitHub (Oct 25, 2025): It seems like a lot of work to avoid calling "url_encode". You could make the password not contain any of the characters to escape, and make it longer to make up for the deceased complexity. You can write the entire DB url to a file instead of putting it in the env. I don't think that the problem justifies an extra parameter and the accompanying (product) complexity. I want to avoid having more things for users to read to configure LLDAP, and save them from ambiguity in how the DB url is specified. The URL format is clear and standard enough.

kerem referenced this issue

2026-02-27 09:09:39 +03:00

[PR #470] [CLOSED] feat(ghcr) add ghcr image workflow #762