From 244207c0db86da37ae723b9811ef13a459e91b7e Mon Sep 17 00:00:00 2001 From: Joseph Doherty Date: Thu, 4 Jun 2026 15:58:42 -0400 Subject: [PATCH] feat(auth): point dev clusters at shared GLAuth 10.100.0.35; retire local scadabridge-ldap Both :9000 (docker) and :9100 (docker-env2) central nodes now bind the shared dev GLAuth (scadaproj/infra/glauth/, dc=zb,dc=local) via the cn=serviceaccount search account instead of the bundled scadabridge-ldap container (now commented out in infra/docker-compose.yml, kept for rollback). Verified: multi-role -> all 4 roles on both clusters with scadabridge-ldap stopped. --- .../central-node-a/appsettings.Central.json | 6 ++--- .../central-node-b/appsettings.Central.json | 6 ++--- .../central-node-a/appsettings.Central.json | 6 ++--- .../central-node-b/appsettings.Central.json | 6 ++--- infra/docker-compose.yml | 25 +++++++++++-------- 5 files changed, 27 insertions(+), 22 deletions(-) diff --git a/docker-env2/central-node-a/appsettings.Central.json b/docker-env2/central-node-a/appsettings.Central.json index a5383bd0..e5e85c86 100644 --- a/docker-env2/central-node-a/appsettings.Central.json +++ b/docker-env2/central-node-a/appsettings.Central.json @@ -23,13 +23,13 @@ }, "Security": { "Ldap": { - "Server": "scadabridge-ldap", + "Server": "10.100.0.35", "Port": 3893, "Transport": "None", "AllowInsecure": true, "SearchBase": "dc=zb,dc=local", - "ServiceAccountDn": "cn=admin,dc=zb,dc=local", - "ServiceAccountPassword": "password" + "ServiceAccountDn": "cn=serviceaccount,dc=zb,dc=local", + "ServiceAccountPassword": "serviceaccount123" }, "JwtSigningKey": "scadabridge-env2-dev-jwt-signing-key-must-be-at-least-32-characters-long", "JwtExpiryMinutes": 15, diff --git a/docker-env2/central-node-b/appsettings.Central.json b/docker-env2/central-node-b/appsettings.Central.json index 37076f67..82611580 100644 --- a/docker-env2/central-node-b/appsettings.Central.json +++ b/docker-env2/central-node-b/appsettings.Central.json @@ -23,13 +23,13 @@ }, "Security": { "Ldap": { - "Server": "scadabridge-ldap", + "Server": "10.100.0.35", "Port": 3893, "Transport": "None", "AllowInsecure": true, "SearchBase": "dc=zb,dc=local", - "ServiceAccountDn": "cn=admin,dc=zb,dc=local", - "ServiceAccountPassword": "password" + "ServiceAccountDn": "cn=serviceaccount,dc=zb,dc=local", + "ServiceAccountPassword": "serviceaccount123" }, "JwtSigningKey": "scadabridge-env2-dev-jwt-signing-key-must-be-at-least-32-characters-long", "JwtExpiryMinutes": 15, diff --git a/docker/central-node-a/appsettings.Central.json b/docker/central-node-a/appsettings.Central.json index 9a888e2b..8908a4d2 100644 --- a/docker/central-node-a/appsettings.Central.json +++ b/docker/central-node-a/appsettings.Central.json @@ -23,13 +23,13 @@ }, "Security": { "Ldap": { - "Server": "scadabridge-ldap", + "Server": "10.100.0.35", "Port": 3893, "Transport": "None", "AllowInsecure": true, "SearchBase": "dc=zb,dc=local", - "ServiceAccountDn": "cn=admin,dc=zb,dc=local", - "ServiceAccountPassword": "password" + "ServiceAccountDn": "cn=serviceaccount,dc=zb,dc=local", + "ServiceAccountPassword": "serviceaccount123" }, "JwtSigningKey": "scadabridge-dev-jwt-signing-key-must-be-at-least-32-characters-long", "JwtExpiryMinutes": 15, diff --git a/docker/central-node-b/appsettings.Central.json b/docker/central-node-b/appsettings.Central.json index a6fa9ad3..20884f6d 100644 --- a/docker/central-node-b/appsettings.Central.json +++ b/docker/central-node-b/appsettings.Central.json @@ -23,13 +23,13 @@ }, "Security": { "Ldap": { - "Server": "scadabridge-ldap", + "Server": "10.100.0.35", "Port": 3893, "Transport": "None", "AllowInsecure": true, "SearchBase": "dc=zb,dc=local", - "ServiceAccountDn": "cn=admin,dc=zb,dc=local", - "ServiceAccountPassword": "password" + "ServiceAccountDn": "cn=serviceaccount,dc=zb,dc=local", + "ServiceAccountPassword": "serviceaccount123" }, "JwtSigningKey": "scadabridge-dev-jwt-signing-key-must-be-at-least-32-characters-long", "JwtExpiryMinutes": 15, diff --git a/infra/docker-compose.yml b/infra/docker-compose.yml index cf080435..cd32c86d 100644 --- a/infra/docker-compose.yml +++ b/infra/docker-compose.yml @@ -41,16 +41,21 @@ services: - scadabridge-net restart: unless-stopped - ldap: - image: glauth/glauth:latest - container_name: scadabridge-ldap - ports: - - "3893:3893" - volumes: - - ./glauth/config.toml:/app/config/config.cfg:ro - networks: - - scadabridge-net - restart: unless-stopped + # RETIRED 2026-06-04: superseded by the shared dev GLAuth on 10.100.0.35:3893 + # (scadaproj/infra/glauth/). The central nodes now bind there (see + # docker/ + docker-env2 central-node appsettings: Ldap:Server=10.100.0.35). + # Kept here, commented, for rollback — uncomment + `docker compose up -d ldap` + # and revert the central-node Server back to "scadabridge-ldap". + # ldap: + # image: glauth/glauth:latest + # container_name: scadabridge-ldap + # ports: + # - "3893:3893" + # volumes: + # - ./glauth/config.toml:/app/config/config.cfg:ro + # networks: + # - scadabridge-net + # restart: unless-stopped mssql: image: mcr.microsoft.com/mssql/server:2022-latest