feat(auth): point dev clusters at shared GLAuth 10.100.0.35; retire local scadabridge-ldap

Both :9000 (docker) and :9100 (docker-env2) central nodes now bind the shared dev GLAuth (scadaproj/infra/glauth/, dc=zb,dc=local) via the cn=serviceaccount search account instead of the bundled scadabridge-ldap container (now commented out in infra/docker-compose.yml, kept for rollback). Verified: multi-role -> all 4 roles on both clusters with scadabridge-ldap stopped.
2026-06-04 15:58:42 -04:00
parent 0e2d9ed186
commit 244207c0db
5 changed files with 27 additions and 22 deletions
@@ -23,13 +23,13 @@
    },
    "Security": {
      "Ldap": {
-        "Server": "scadabridge-ldap",
+        "Server": "10.100.0.35",
        "Port": 3893,
        "Transport": "None",
        "AllowInsecure": true,
        "SearchBase": "dc=zb,dc=local",
-        "ServiceAccountDn": "cn=admin,dc=zb,dc=local",
-        "ServiceAccountPassword": "password"
+        "ServiceAccountDn": "cn=serviceaccount,dc=zb,dc=local",
+        "ServiceAccountPassword": "serviceaccount123"
      },
      "JwtSigningKey": "scadabridge-env2-dev-jwt-signing-key-must-be-at-least-32-characters-long",
      "JwtExpiryMinutes": 15,
@@ -23,13 +23,13 @@
    },
    "Security": {
      "Ldap": {
-        "Server": "scadabridge-ldap",
+        "Server": "10.100.0.35",
        "Port": 3893,
        "Transport": "None",
        "AllowInsecure": true,
        "SearchBase": "dc=zb,dc=local",
-        "ServiceAccountDn": "cn=admin,dc=zb,dc=local",
-        "ServiceAccountPassword": "password"
+        "ServiceAccountDn": "cn=serviceaccount,dc=zb,dc=local",
+        "ServiceAccountPassword": "serviceaccount123"
      },
      "JwtSigningKey": "scadabridge-env2-dev-jwt-signing-key-must-be-at-least-32-characters-long",
      "JwtExpiryMinutes": 15,
@@ -23,13 +23,13 @@
    },
    "Security": {
      "Ldap": {
-        "Server": "scadabridge-ldap",
+        "Server": "10.100.0.35",
        "Port": 3893,
        "Transport": "None",
        "AllowInsecure": true,
        "SearchBase": "dc=zb,dc=local",
-        "ServiceAccountDn": "cn=admin,dc=zb,dc=local",
-        "ServiceAccountPassword": "password"
+        "ServiceAccountDn": "cn=serviceaccount,dc=zb,dc=local",
+        "ServiceAccountPassword": "serviceaccount123"
      },
      "JwtSigningKey": "scadabridge-dev-jwt-signing-key-must-be-at-least-32-characters-long",
      "JwtExpiryMinutes": 15,
@@ -23,13 +23,13 @@
    },
    "Security": {
      "Ldap": {
-        "Server": "scadabridge-ldap",
+        "Server": "10.100.0.35",
        "Port": 3893,
        "Transport": "None",
        "AllowInsecure": true,
        "SearchBase": "dc=zb,dc=local",
-        "ServiceAccountDn": "cn=admin,dc=zb,dc=local",
-        "ServiceAccountPassword": "password"
+        "ServiceAccountDn": "cn=serviceaccount,dc=zb,dc=local",
+        "ServiceAccountPassword": "serviceaccount123"
      },
      "JwtSigningKey": "scadabridge-dev-jwt-signing-key-must-be-at-least-32-characters-long",
      "JwtExpiryMinutes": 15,
@@ -41,16 +41,21 @@ services:
      - scadabridge-net
    restart: unless-stopped

-  ldap:
-    image: glauth/glauth:latest
-    container_name: scadabridge-ldap
-    ports:
-      - "3893:3893"
-    volumes:
-      - ./glauth/config.toml:/app/config/config.cfg:ro
-    networks:
-      - scadabridge-net
-    restart: unless-stopped
+  # RETIRED 2026-06-04: superseded by the shared dev GLAuth on 10.100.0.35:3893
+  # (scadaproj/infra/glauth/). The central nodes now bind there (see
+  # docker/ + docker-env2 central-node appsettings: Ldap:Server=10.100.0.35).
+  # Kept here, commented, for rollback — uncomment + `docker compose up -d ldap`
+  # and revert the central-node Server back to "scadabridge-ldap".
+  # ldap:
+  #   image: glauth/glauth:latest
+  #   container_name: scadabridge-ldap
+  #   ports:
+  #     - "3893:3893"
+  #   volumes:
+  #     - ./glauth/config.toml:/app/config/config.cfg:ro
+  #   networks:
+  #     - scadabridge-net
+  #   restart: unless-stopped

  mssql:
    image: mcr.microsoft.com/mssql/server:2022-latest