Where to configure

YAML Files

The service merges configuration from two YAML files at startup:

`app.default.yml`

Bundled inside the binary — provides safe defaults. Do not edit this file directly.

`app.yml`

Your user-supplied override file. Place it next to the binary (or mount it at /opt/ldap-password-change/app.yml in Docker). Only the keys you specify will take effect — the rest fall back to app.default.yml.

Example minimal app.yml:

server:
  port: 8080
ldap:
  host: ldap.mycompany.com:636
  userDn: cn=svc-ldap,dc=mycompany,dc=com
  password: s3cr3t
  baseDn: ou=employees,dc=mycompany,dc=com
  ignoreTLS: false
  tlsCert: /etc/ssl/certs/ldap-ca.crt
validation:
  username: ^[a-z]{3,20}$
  password: ^.{12,}$

Environment Variables

Every configuration key can be overridden via an environment variable. The variable name is derived by uppercasing the YAML path and joining segments with _.

YAML key	Environment variable
`server.port`	`SERVER_PORT`
`server.host`	`SERVER_HOST`
`ldap.host`	`LDAP_HOST`
`ldap.userDn`	`LDAP_USERDN`
`ldap.password`	`LDAP_PASSWORD`
`ldap.baseDn`	`LDAP_BASEDN`
`ldap.searchFilter`	`LDAP_SEARCHFILTER`
`ldap.ignoreTLS`	`LDAP_IGNORETLS`
`ldap.tlsCert`	`LDAP_TLSCERT`
`log.level`	`LOG_LEVEL`
`validation.username`	`VALIDATION_USERNAME`
`validation.password`	`VALIDATION_PASSWORD`
`ui.backgroundImage`	`UI_BACKGROUNDIMAGE`
`ui.customCss`	`UI_CUSTOMCSS`
`ui.favicon`	`UI_FAVICON`
`ui.icon`	`UI_ICON`

Example Docker run with environment variables:

docker run \
  -p 3000:3000 \
  -e LDAP_HOST=ldap.mycompany.com:636 \
  -e LDAP_USERDN="cn=svc-ldap,dc=mycompany,dc=com" \
  -e LDAP_PASSWORD=s3cr3t \
  -e LDAP_BASEDN="ou=employees,dc=mycompany,dc=com" \
  -e LDAP_IGNORETLS=false \
  ghcr.io/marcel2603/ldap-password-change/ldap-password-change:latest