From aa8ae318ff3b22c497f01471d8f3960798d4395a Mon Sep 17 00:00:00 2001 From: Valera V Harseko Date: Fri, 15 May 2026 11:32:20 +0300 Subject: [PATCH 1/3] Docker base DN entry creation opt-in and improves bootstrap LDIF loading resilience. ## Changes - Removed default `ADD_BASE_ENTRY="--addBaseEntry"` from Docker images. - Documented `ADD_BASE_ENTRY` as an optional runtime variable. - Added `--continueOnError` for bootstrap LDIF loading. - Updated Dockerfile copyright headers. ## Impact Users who need automatic base DN entry creation should now explicitly set: ```bash -e ADD_BASE_ENTRY=--addBaseEntry --- opendj-packages/opendj-docker/Dockerfile | 4 ++-- opendj-packages/opendj-docker/Dockerfile-alpine | 4 ++-- opendj-packages/opendj-docker/README.md | 2 +- opendj-packages/opendj-docker/bootstrap/setup.sh | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/opendj-packages/opendj-docker/Dockerfile b/opendj-packages/opendj-docker/Dockerfile index f49c0671ac..2275b9a393 100644 --- a/opendj-packages/opendj-docker/Dockerfile +++ b/opendj-packages/opendj-docker/Dockerfile @@ -10,13 +10,13 @@ # Header, with the fields enclosed by brackets [] replaced by your own identifying # information: "Portions copyright [year] [name of copyright owner]". # -# Copyright 2026 3A Systems, LLC. +# Copyright 2018-2026 3A Systems, LLC. FROM eclipse-temurin:25-jre-jammy LABEL org.opencontainers.image.authors="Open Identity Platform Community" -ENV ADD_BASE_ENTRY="--addBaseEntry" +#ENV ADD_BASE_ENTRY="--addBaseEntry" use during setup to add a base entry ENV PORT=1389 ENV LDAPS_PORT=1636 ENV ADMIN_PORT=4444 diff --git a/opendj-packages/opendj-docker/Dockerfile-alpine b/opendj-packages/opendj-docker/Dockerfile-alpine index 415ac37b7b..435b967bfa 100644 --- a/opendj-packages/opendj-docker/Dockerfile-alpine +++ b/opendj-packages/opendj-docker/Dockerfile-alpine @@ -10,13 +10,13 @@ # Header, with the fields enclosed by brackets [] replaced by your own identifying # information: "Portions copyright [year] [name of copyright owner]". # -# Copyright 2026 3A Systems, LLC. +# Copyright 2018-2026 3A Systems, LLC. FROM alpine:latest LABEL org.opencontainers.image.authors="Open Identity Platform Community" -ENV ADD_BASE_ENTRY="--addBaseEntry" +#ENV ADD_BASE_ENTRY="--addBaseEntry" use during setup to add a base entry ENV PORT=1389 ENV LDAPS_PORT=1636 ENV ADMIN_PORT=4444 diff --git a/opendj-packages/opendj-docker/README.md b/opendj-packages/opendj-docker/README.md index 5fcaddbe59..9c40fc3459 100644 --- a/opendj-packages/opendj-docker/README.md +++ b/opendj-packages/opendj-docker/README.md @@ -16,7 +16,7 @@ docker run -d -p 1389:1389 -p 1636:1636 -p 4444:4444 --name opendj openidentityp | Variable | Default Value | Description | |-------------------------|---------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| ADD_BASE_ENTRY | --addBaseEntry | if set, creates base DN entry | +| ADD_BASE_ENTRY | | if set --addBaseEntry , creates base DN entry | | PORT | 1389 | LDAP Listener Port | | LDAPS_PORT | 1636 | LDAPS Listener Port | | BASE_DN | dc=example,dc=com | OpenDJ Base DN | diff --git a/opendj-packages/opendj-docker/bootstrap/setup.sh b/opendj-packages/opendj-docker/bootstrap/setup.sh index e887039d9d..a71782cad2 100755 --- a/opendj-packages/opendj-docker/bootstrap/setup.sh +++ b/opendj-packages/opendj-docker/bootstrap/setup.sh @@ -83,6 +83,6 @@ if [ -d /opt/opendj/bootstrap/data/ ]; then for file in /opt/opendj/bootstrap/data/*; do echo "Loading $file ..." - /opt/opendj/bin/ldapmodify -D "$ROOT_USER_DN" -h localhost -p $PORT -w $ROOT_PASSWORD -f $file + /opt/opendj/bin/ldapmodify -D "$ROOT_USER_DN" -h localhost -p $PORT -w $ROOT_PASSWORD -f $file --continueOnError done fi From fd791fe3d104cee335bde5fb2b547b6257d1793c Mon Sep 17 00:00:00 2001 From: Valera V Harseko Date: Fri, 15 May 2026 15:48:15 +0300 Subject: [PATCH 2/3] FIX HEALTHCHECK without create baseDN --- opendj-packages/opendj-docker/Dockerfile | 2 +- opendj-packages/opendj-docker/Dockerfile-alpine | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/opendj-packages/opendj-docker/Dockerfile b/opendj-packages/opendj-docker/Dockerfile index 2275b9a393..4aa8ba5a34 100644 --- a/opendj-packages/opendj-docker/Dockerfile +++ b/opendj-packages/opendj-docker/Dockerfile @@ -65,6 +65,6 @@ EXPOSE $PORT/tcp $LDAPS_PORT/tcp $ADMIN_PORT/tcp USER $OPENDJ_USER -HEALTHCHECK --interval=30s --timeout=30s --start-period=1s --retries=3 CMD opendj/bin/ldapsearch --hostname localhost --port $LDAPS_PORT --bindDN "$ROOT_USER_DN" --bindPassword "${ROOT_PASSWORD:-password}" --useSsl --trustAll --baseDN "$BASE_DN" --searchScope base "(objectClass=*)" 1.1 || exit 1 +HEALTHCHECK --interval=30s --timeout=30s --start-period=1s --retries=3 CMD opendj/bin/ldapsearch --hostname localhost --port $LDAPS_PORT --bindDN "$ROOT_USER_DN" --bindPassword "${ROOT_PASSWORD:-password}" --useSsl --trustAll --baseDN "" --searchScope base "(objectClass=*)" 1.1 || exit 1 ENTRYPOINT ["/opt/opendj/run.sh"] diff --git a/opendj-packages/opendj-docker/Dockerfile-alpine b/opendj-packages/opendj-docker/Dockerfile-alpine index 435b967bfa..5794b5d654 100644 --- a/opendj-packages/opendj-docker/Dockerfile-alpine +++ b/opendj-packages/opendj-docker/Dockerfile-alpine @@ -67,6 +67,6 @@ EXPOSE $PORT/tcp $LDAPS_PORT/tcp $ADMIN_PORT/tcp USER $OPENDJ_USER -HEALTHCHECK --interval=30s --timeout=30s --start-period=1s --retries=3 CMD opendj/bin/ldapsearch --hostname localhost --port $LDAPS_PORT --bindDN "$ROOT_USER_DN" --bindPassword "${ROOT_PASSWORD:-password}" --useSsl --trustAll --baseDN "$BASE_DN" --searchScope base "(objectClass=*)" 1.1 || exit 1 +HEALTHCHECK --interval=30s --timeout=30s --start-period=1s --retries=3 CMD opendj/bin/ldapsearch --hostname localhost --port $LDAPS_PORT --bindDN "$ROOT_USER_DN" --bindPassword "${ROOT_PASSWORD:-password}" --useSsl --trustAll --baseDN "" --searchScope base "(objectClass=*)" 1.1 || exit 1 ENTRYPOINT ["/opt/opendj/run.sh"] From 8313e5d31c938f03464418a93198150e5b67e01e Mon Sep 17 00:00:00 2001 From: Valery Kharseko Date: Fri, 15 May 2026 18:15:22 +0300 Subject: [PATCH 3/3] Add ADD_BASE_ENTRY environment variable to Docker tests custom password with search to baseDN --- .github/workflows/build.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 72e79360b0..58927fe9e8 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -365,7 +365,7 @@ jobs: - name: Docker test custom password shell: bash run: | - docker run --rm -it -d --memory="512m" -e ROOT_PASSWORD=custom_password --name=test_custom localhost:5000/${GITHUB_REPOSITORY,,}:${{ env.release_version }} + docker run --rm -it -d --memory="512m" -e ADD_BASE_ENTRY="--addBaseEntry" -e ROOT_PASSWORD=custom_password --name=test_custom localhost:5000/${GITHUB_REPOSITORY,,}:${{ env.release_version }} timeout 3m bash -c 'until docker inspect --format="{{json .State.Health.Status}}" test_custom | grep -q \"healthy\"; do sleep 10; done' docker exec test_custom 'sh' '-c' '/opt/opendj/bin/ldapsearch --hostname localhost --port 1636 --bindDN "cn=Directory Manager" --bindPassword custom_password --useSsl --trustAll --baseDN "dc=example,dc=com" --searchScope base "(objectClass=*)" 1.1' docker kill test_custom @@ -437,7 +437,7 @@ jobs: - name: Docker test custom password shell: bash run: | - docker run --rm -it -d --memory="1g" -e ROOT_PASSWORD=custom_password --name=test_custom localhost:5000/${GITHUB_REPOSITORY,,}:${{ env.release_version }}-alpine + docker run --rm -it -d --memory="1g" -e ADD_BASE_ENTRY="--addBaseEntry" -e ROOT_PASSWORD=custom_password --name=test_custom localhost:5000/${GITHUB_REPOSITORY,,}:${{ env.release_version }}-alpine timeout 3m bash -c 'until docker inspect --format="{{json .State.Health.Status}}" test_custom | grep -q \"healthy\"; do sleep 10; done' docker exec test_custom 'sh' '-c' '/opt/opendj/bin/ldapsearch --hostname localhost --port 1636 --bindDN "cn=Directory Manager" --bindPassword custom_password --useSsl --trustAll --baseDN "dc=example,dc=com" --searchScope base "(objectClass=*)" 1.1' docker kill test_custom