external-software/github_OpenIdentityPlatform_OpenDJ.git

parent: ec3714cb | patch | commit | ignore whitespace

Remove ENV ROOT_PASSWORD from Dockerfiles, fix HEALTHCHECK default, add CDD...

Copilot

9 hours ago 0d7341111740dde530c57e9234a5f3dc54cb0f75

Remove ENV ROOT_PASSWORD from Dockerfiles, fix HEALTHCHECK default, add CDDL headers (#633)

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: vharseko <6818498+vharseko@users.noreply.github.com>

4 files modified

	.github/workflows/build.yml	14 ●●●●● patch \| view \| raw \| blame \| history
	opendj-packages/opendj-docker/Dockerfile	19 ●●●●● patch \| view \| raw \| blame \| history
	opendj-packages/opendj-docker/Dockerfile-alpine	19 ●●●●● patch \| view \| raw \| blame \| history
	opendj-packages/opendj-docker/run.sh	17 ●●●●● patch \| view \| raw \| blame \| history

 .github/workflows/build.yml

@@ -354,6 +354,13 @@
          docker exec test 'sh' '-c' '/opt/opendj/bin/rebuild-index --bindDN "cn=Directory Manager" --bindPassword password --baseDN "dc=example2,dc=com" --rebuildAll --trustAll'
          docker exec test 'sh' '-c' '/opt/opendj/bin/ldapsearch --hostname localhost --port 1636 --bindDN "cn=Directory Manager" --bindPassword password --useSsl --trustAll --baseDN "ou=people,dc=example2,dc=com" --searchScope sub "(uid=user.*)" dn | grep ^dn: | wc -l | grep -q 10000'
          docker kill test
      - name: Docker test custom password
        shell: bash
        run: |
          docker run --rm -it -d --memory="512m" -e ROOT_PASSWORD=custom_password --name=test_custom localhost:5000/${GITHUB_REPOSITORY,,}:${{ env.release_version }}
          timeout 3m bash -c 'until docker inspect --format="{{json .State.Health.Status}}" test_custom | grep -q \"healthy\"; do sleep 10; done'
          docker exec test_custom 'sh' '-c' '/opt/opendj/bin/ldapsearch --hostname localhost --port 1636 --bindDN "cn=Directory Manager" --bindPassword custom_password --useSsl --trustAll --baseDN "dc=example,dc=com" --searchScope base "(objectClass=*)" 1.1'
          docker kill test_custom

  build-docker-alpine:
    needs: build-maven
@@ -419,3 +426,10 @@
          docker exec test 'sh' '-c' '/opt/opendj/bin/rebuild-index --bindDN "cn=Directory Manager" --bindPassword password --baseDN "dc=example2,dc=com" --rebuildAll --trustAll'
          docker exec test 'sh' '-c' '/opt/opendj/bin/ldapsearch --hostname localhost --port 1636 --bindDN "cn=Directory Manager" --bindPassword password --useSsl --trustAll --baseDN "ou=people,dc=example2,dc=com" --searchScope sub "(uid=user.*)" dn | grep ^dn: | wc -l | grep -q 10000'
          docker kill test
      - name: Docker test custom password
        shell: bash
        run: |
          docker run --rm -it -d --memory="1g" -e ROOT_PASSWORD=custom_password --name=test_custom localhost:5000/${GITHUB_REPOSITORY,,}:${{ env.release_version }}-alpine
          timeout 3m bash -c 'until docker inspect --format="{{json .State.Health.Status}}" test_custom | grep -q \"healthy\"; do sleep 10; done'
          docker exec test_custom 'sh' '-c' '/opt/opendj/bin/ldapsearch --hostname localhost --port 1636 --bindDN "cn=Directory Manager" --bindPassword custom_password --useSsl --trustAll --baseDN "dc=example,dc=com" --searchScope base "(objectClass=*)" 1.1'
          docker kill test_custom

 opendj-packages/opendj-docker/Dockerfile

@@ -1,3 +1,17 @@
# The contents of this file are subject to the terms of the Common Development and
# Distribution License (the License). You may not use this file except in compliance with the
# License.
#
# You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
# specific language governing permission and limitations under the License.
#
# When distributing Covered Software, include this CDDL Header Notice in each file and include
# the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
# Header, with the fields enclosed by brackets [] replaced by your own identifying
# information: "Portions copyright [year] [name of copyright owner]".
#
# Copyright 2026 3A Systems, LLC.

FROM eclipse-temurin:25-jre-jammy

LABEL org.opencontainers.image.authors="Open Identity Platform Community"
@@ -8,7 +22,8 @@
ENV ADMIN_PORT=4444
ENV BASE_DN="dc=example,dc=com"
ENV ROOT_USER_DN="cn=Directory Manager"
ENV ROOT_PASSWORD="password"
# ROOT_PASSWORD should be passed at runtime via: docker run -e ROOT_PASSWORD=...
# Default value if not provided: "password"
#ENV SECRET_VOLUME
ENV OPENDJ_SSL_OPTIONS="--generateSelfSignedCertificate"
#ENV MASTER_SERVER
@@ -50,6 +65,6 @@

USER $OPENDJ_USER

HEALTHCHECK --interval=30s --timeout=30s --start-period=1s --retries=3 CMD opendj/bin/ldapsearch --hostname localhost --port $LDAPS_PORT --bindDN "$ROOT_USER_DN" --bindPassword $ROOT_PASSWORD --useSsl --trustAll --baseDN "$BASE_DN" --searchScope base "(objectClass=*)" 1.1 || exit 1
HEALTHCHECK --interval=30s --timeout=30s --start-period=1s --retries=3 CMD opendj/bin/ldapsearch --hostname localhost --port $LDAPS_PORT --bindDN "$ROOT_USER_DN" --bindPassword "${ROOT_PASSWORD:-password}" --useSsl --trustAll --baseDN "$BASE_DN" --searchScope base "(objectClass=*)" 1.1 || exit 1

ENTRYPOINT ["/opt/opendj/run.sh"]

 opendj-packages/opendj-docker/Dockerfile-alpine

@@ -1,3 +1,17 @@
# The contents of this file are subject to the terms of the Common Development and
# Distribution License (the License). You may not use this file except in compliance with the
# License.
#
# You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
# specific language governing permission and limitations under the License.
#
# When distributing Covered Software, include this CDDL Header Notice in each file and include
# the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
# Header, with the fields enclosed by brackets [] replaced by your own identifying
# information: "Portions copyright [year] [name of copyright owner]".
#
# Copyright 2026 3A Systems, LLC.

FROM alpine:latest

LABEL org.opencontainers.image.authors="Open Identity Platform Community"
@@ -8,7 +22,8 @@
ENV ADMIN_PORT=4444
ENV BASE_DN="dc=example,dc=com"
ENV ROOT_USER_DN="cn=Directory Manager"
ENV ROOT_PASSWORD="password"
# ROOT_PASSWORD should be passed at runtime via: docker run -e ROOT_PASSWORD=...
# Default value if not provided: "password"
#ENV SECRET_VOLUME
ENV OPENDJ_SSL_OPTIONS="--generateSelfSignedCertificate"
#ENV MASTER_SERVER
@@ -52,6 +67,6 @@

USER $OPENDJ_USER

HEALTHCHECK --interval=30s --timeout=30s --start-period=1s --retries=3 CMD opendj/bin/ldapsearch --hostname localhost --port $LDAPS_PORT --bindDN "$ROOT_USER_DN" --bindPassword $ROOT_PASSWORD --useSsl --trustAll --baseDN "$BASE_DN" --searchScope base "(objectClass=*)" 1.1 || exit 1
HEALTHCHECK --interval=30s --timeout=30s --start-period=1s --retries=3 CMD opendj/bin/ldapsearch --hostname localhost --port $LDAPS_PORT --bindDN "$ROOT_USER_DN" --bindPassword "${ROOT_PASSWORD:-password}" --useSsl --trustAll --baseDN "$BASE_DN" --searchScope base "(objectClass=*)" 1.1 || exit 1

ENTRYPOINT ["/opt/opendj/run.sh"]

 opendj-packages/opendj-docker/run.sh

@@ -1,4 +1,18 @@
#!/usr/bin/env bash
# The contents of this file are subject to the terms of the Common Development and
# Distribution License (the License). You may not use this file except in compliance with the
# License.
#
# You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
# specific language governing permission and limitations under the License.
#
# When distributing Covered Software, include this CDDL Header Notice in each file and include
# the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
# Header, with the fields enclosed by brackets [] replaced by your own identifying
# information: "Portions copyright [year] [name of copyright owner]".
#
# Portions copyright 2026 3A Systems, LLC.

# Run the OpenDJ server
# The idea is to consolidate all of the writable DJ directories to
# a single instance directory root, and update DJ's instance.loc file to point to that root
@@ -28,8 +42,7 @@
export BASE_DN=${BASE_DN:-"dc=example,dc=com"}
echo "BASE DN is ${BASE_DN}"

export PASSWORD=${ROOT_PASSWORD:-password}
echo "Password set to $PASSWORD"
export ROOT_PASSWORD=${ROOT_PASSWORD:-password}

BOOTSTRAP=${BOOTSTRAP:-/opt/opendj/bootstrap/setup.sh}
echo "Running $BOOTSTRAP"

			@@ -354,6 +354,13 @@
			docker exec test 'sh' '-c' '/opt/opendj/bin/rebuild-index --bindDN "cn=Directory Manager" --bindPassword password --baseDN "dc=example2,dc=com" --rebuildAll --trustAll'
			docker exec test 'sh' '-c' '/opt/opendj/bin/ldapsearch --hostname localhost --port 1636 --bindDN "cn=Directory Manager" --bindPassword password --useSsl --trustAll --baseDN "ou=people,dc=example2,dc=com" --searchScope sub "(uid=user.*)" dn \| grep ^dn: \| wc -l \| grep -q 10000'
			docker kill test
			- name: Docker test custom password
			shell: bash
			run: \|
			docker run --rm -it -d --memory="512m" -e ROOT_PASSWORD=custom_password --name=test_custom localhost:5000/${GITHUB_REPOSITORY,,}:${{ env.release_version }}
			timeout 3m bash -c 'until docker inspect --format="{{json .State.Health.Status}}" test_custom \| grep -q \"healthy\"; do sleep 10; done'
			docker exec test_custom 'sh' '-c' '/opt/opendj/bin/ldapsearch --hostname localhost --port 1636 --bindDN "cn=Directory Manager" --bindPassword custom_password --useSsl --trustAll --baseDN "dc=example,dc=com" --searchScope base "(objectClass=*)" 1.1'
			docker kill test_custom

			build-docker-alpine:
			needs: build-maven
			@@ -419,3 +426,10 @@
			docker exec test 'sh' '-c' '/opt/opendj/bin/rebuild-index --bindDN "cn=Directory Manager" --bindPassword password --baseDN "dc=example2,dc=com" --rebuildAll --trustAll'
			docker exec test 'sh' '-c' '/opt/opendj/bin/ldapsearch --hostname localhost --port 1636 --bindDN "cn=Directory Manager" --bindPassword password --useSsl --trustAll --baseDN "ou=people,dc=example2,dc=com" --searchScope sub "(uid=user.*)" dn \| grep ^dn: \| wc -l \| grep -q 10000'
			docker kill test
			- name: Docker test custom password
			shell: bash
			run: \|
			docker run --rm -it -d --memory="1g" -e ROOT_PASSWORD=custom_password --name=test_custom localhost:5000/${GITHUB_REPOSITORY,,}:${{ env.release_version }}-alpine
			timeout 3m bash -c 'until docker inspect --format="{{json .State.Health.Status}}" test_custom \| grep -q \"healthy\"; do sleep 10; done'
			docker exec test_custom 'sh' '-c' '/opt/opendj/bin/ldapsearch --hostname localhost --port 1636 --bindDN "cn=Directory Manager" --bindPassword custom_password --useSsl --trustAll --baseDN "dc=example,dc=com" --searchScope base "(objectClass=*)" 1.1'
			docker kill test_custom

			@@ -1,3 +1,17 @@
			# The contents of this file are subject to the terms of the Common Development and
			# Distribution License (the License). You may not use this file except in compliance with the
			# License.
			#
			# You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
			# specific language governing permission and limitations under the License.
			#
			# When distributing Covered Software, include this CDDL Header Notice in each file and include
			# the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
			# Header, with the fields enclosed by brackets [] replaced by your own identifying
			# information: "Portions copyright [year] [name of copyright owner]".
			#
			# Copyright 2026 3A Systems, LLC.

			FROM eclipse-temurin:25-jre-jammy

			LABEL org.opencontainers.image.authors="Open Identity Platform Community"
			@@ -8,7 +22,8 @@
			ENV ADMIN_PORT=4444
			ENV BASE_DN="dc=example,dc=com"
			ENV ROOT_USER_DN="cn=Directory Manager"
			ENV ROOT_PASSWORD="password"
			# ROOT_PASSWORD should be passed at runtime via: docker run -e ROOT_PASSWORD=...
			# Default value if not provided: "password"
			#ENV SECRET_VOLUME
			ENV OPENDJ_SSL_OPTIONS="--generateSelfSignedCertificate"
			#ENV MASTER_SERVER
			@@ -50,6 +65,6 @@

			USER $OPENDJ_USER

			HEALTHCHECK --interval=30s --timeout=30s --start-period=1s --retries=3 CMD opendj/bin/ldapsearch --hostname localhost --port $LDAPS_PORT --bindDN "$ROOT_USER_DN" --bindPassword $ROOT_PASSWORD --useSsl --trustAll --baseDN "$BASE_DN" --searchScope base "(objectClass=*)" 1.1 \|\| exit 1
			HEALTHCHECK --interval=30s --timeout=30s --start-period=1s --retries=3 CMD opendj/bin/ldapsearch --hostname localhost --port $LDAPS_PORT --bindDN "$ROOT_USER_DN" --bindPassword "${ROOT_PASSWORD:-password}" --useSsl --trustAll --baseDN "$BASE_DN" --searchScope base "(objectClass=*)" 1.1 \|\| exit 1

			ENTRYPOINT ["/opt/opendj/run.sh"]

			@@ -1,4 +1,18 @@
			#!/usr/bin/env bash
			# The contents of this file are subject to the terms of the Common Development and
			# Distribution License (the License). You may not use this file except in compliance with the
			# License.
			#
			# You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
			# specific language governing permission and limitations under the License.
			#
			# When distributing Covered Software, include this CDDL Header Notice in each file and include
			# the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
			# Header, with the fields enclosed by brackets [] replaced by your own identifying
			# information: "Portions copyright [year] [name of copyright owner]".
			#
			# Portions copyright 2026 3A Systems, LLC.

			# Run the OpenDJ server
			# The idea is to consolidate all of the writable DJ directories to
			# a single instance directory root, and update DJ's instance.loc file to point to that root
			@@ -28,8 +42,7 @@
			export BASE_DN=${BASE_DN:-"dc=example,dc=com"}
			echo "BASE DN is ${BASE_DN}"

			export PASSWORD=${ROOT_PASSWORD:-password}
			echo "Password set to $PASSWORD"
			export ROOT_PASSWORD=${ROOT_PASSWORD:-password}

			BOOTSTRAP=${BOOTSTRAP:-/opt/opendj/bootstrap/setup.sh}
			echo "Running $BOOTSTRAP"