diff --git a/docker-env2/central-node-a/appsettings.Central.json b/docker-env2/central-node-a/appsettings.Central.json index dc4a8ca4..a082186f 100644 --- a/docker-env2/central-node-a/appsettings.Central.json +++ b/docker-env2/central-node-a/appsettings.Central.json @@ -27,8 +27,8 @@ "Port": 3893, "Transport": "None", "AllowInsecure": true, - "SearchBase": "dc=scadabridge,dc=local", - "ServiceAccountDn": "cn=admin,dc=scadabridge,dc=local", + "SearchBase": "dc=zb,dc=local", + "ServiceAccountDn": "cn=admin,dc=zb,dc=local", "ServiceAccountPassword": "password" }, "JwtSigningKey": "scadabridge-env2-dev-jwt-signing-key-must-be-at-least-32-characters-long", diff --git a/docker-env2/central-node-b/appsettings.Central.json b/docker-env2/central-node-b/appsettings.Central.json index 761c0974..44968208 100644 --- a/docker-env2/central-node-b/appsettings.Central.json +++ b/docker-env2/central-node-b/appsettings.Central.json @@ -27,8 +27,8 @@ "Port": 3893, "Transport": "None", "AllowInsecure": true, - "SearchBase": "dc=scadabridge,dc=local", - "ServiceAccountDn": "cn=admin,dc=scadabridge,dc=local", + "SearchBase": "dc=zb,dc=local", + "ServiceAccountDn": "cn=admin,dc=zb,dc=local", "ServiceAccountPassword": "password" }, "JwtSigningKey": "scadabridge-env2-dev-jwt-signing-key-must-be-at-least-32-characters-long", diff --git a/docker/central-node-a/appsettings.Central.json b/docker/central-node-a/appsettings.Central.json index c8f0a1a4..9a888e2b 100644 --- a/docker/central-node-a/appsettings.Central.json +++ b/docker/central-node-a/appsettings.Central.json @@ -27,8 +27,8 @@ "Port": 3893, "Transport": "None", "AllowInsecure": true, - "SearchBase": "dc=scadabridge,dc=local", - "ServiceAccountDn": "cn=admin,dc=scadabridge,dc=local", + "SearchBase": "dc=zb,dc=local", + "ServiceAccountDn": "cn=admin,dc=zb,dc=local", "ServiceAccountPassword": "password" }, "JwtSigningKey": "scadabridge-dev-jwt-signing-key-must-be-at-least-32-characters-long", diff --git a/docker/central-node-b/appsettings.Central.json b/docker/central-node-b/appsettings.Central.json index 41a89814..a6fa9ad3 100644 --- a/docker/central-node-b/appsettings.Central.json +++ b/docker/central-node-b/appsettings.Central.json @@ -27,8 +27,8 @@ "Port": 3893, "Transport": "None", "AllowInsecure": true, - "SearchBase": "dc=scadabridge,dc=local", - "ServiceAccountDn": "cn=admin,dc=scadabridge,dc=local", + "SearchBase": "dc=zb,dc=local", + "ServiceAccountDn": "cn=admin,dc=zb,dc=local", "ServiceAccountPassword": "password" }, "JwtSigningKey": "scadabridge-dev-jwt-signing-key-must-be-at-least-32-characters-long", diff --git a/docs/test_infra/test_infra.md b/docs/test_infra/test_infra.md index e551f8eb..21990f1e 100644 --- a/docs/test_infra/test_infra.md +++ b/docs/test_infra/test_infra.md @@ -67,7 +67,7 @@ For use in `appsettings.Development.json`: "Ldap": { "Server": "localhost", "Port": 3893, - "BaseDN": "dc=scadabridge,dc=local", + "BaseDN": "dc=zb,dc=local", "UseSsl": false }, "OpcUa": { diff --git a/docs/test_infra/test_infra_ldap.md b/docs/test_infra/test_infra_ldap.md index 01378396..0e1f8bdf 100644 --- a/docs/test_infra/test_infra_ldap.md +++ b/docs/test_infra/test_infra_ldap.md @@ -12,7 +12,7 @@ The test LDAP server uses [GLAuth](https://glauth.github.io/), a lightweight LDA ## Base DN ``` -dc=scadabridge,dc=local +dc=zb,dc=local ``` ## Test Users @@ -41,20 +41,20 @@ All users have the password `password`. Users bind with their full DN, which includes the primary group as an OU: ``` -cn=,ou=,ou=users,dc=scadabridge,dc=local +cn=,ou=,ou=users,dc=zb,dc=local ``` -For example: `cn=admin,ou=SCADA-Admins,ou=users,dc=scadabridge,dc=local` +For example: `cn=admin,ou=SCADA-Admins,ou=users,dc=zb,dc=local` The full DNs for all test users: | Username | Full DN | |----------|---------| -| `admin` | `cn=admin,ou=SCADA-Admins,ou=users,dc=scadabridge,dc=local` | -| `designer` | `cn=designer,ou=SCADA-Designers,ou=users,dc=scadabridge,dc=local` | -| `deployer` | `cn=deployer,ou=SCADA-Deploy-All,ou=users,dc=scadabridge,dc=local` | -| `site-deployer` | `cn=site-deployer,ou=SCADA-Deploy-SiteA,ou=users,dc=scadabridge,dc=local` | -| `multi-role` | `cn=multi-role,ou=SCADA-Admins,ou=users,dc=scadabridge,dc=local` | +| `admin` | `cn=admin,ou=SCADA-Admins,ou=users,dc=zb,dc=local` | +| `designer` | `cn=designer,ou=SCADA-Designers,ou=users,dc=zb,dc=local` | +| `deployer` | `cn=deployer,ou=SCADA-Deploy-All,ou=users,dc=zb,dc=local` | +| `site-deployer` | `cn=site-deployer,ou=SCADA-Deploy-SiteA,ou=users,dc=zb,dc=local` | +| `multi-role` | `cn=multi-role,ou=SCADA-Admins,ou=users,dc=zb,dc=local` | ## Verification @@ -68,9 +68,9 @@ docker ps --filter name=scadabridge-ldap ```bash ldapsearch -H ldap://localhost:3893 \ - -D "cn=admin,ou=SCADA-Admins,ou=users,dc=scadabridge,dc=local" \ + -D "cn=admin,ou=SCADA-Admins,ou=users,dc=zb,dc=local" \ -w password \ - -b "dc=scadabridge,dc=local" \ + -b "dc=zb,dc=local" \ "(objectClass=*)" ``` @@ -78,9 +78,9 @@ ldapsearch -H ldap://localhost:3893 \ ```bash ldapsearch -H ldap://localhost:3893 \ - -D "cn=admin,ou=SCADA-Admins,ou=users,dc=scadabridge,dc=local" \ + -D "cn=admin,ou=SCADA-Admins,ou=users,dc=zb,dc=local" \ -w password \ - -b "dc=scadabridge,dc=local" \ + -b "dc=zb,dc=local" \ "(cn=multi-role)" ``` diff --git a/infra/glauth/config.toml b/infra/glauth/config.toml index cee52a16..9a1200bf 100644 --- a/infra/glauth/config.toml +++ b/infra/glauth/config.toml @@ -7,7 +7,7 @@ [backend] datastore = "config" - baseDN = "dc=scadabridge,dc=local" + baseDN = "dc=zb,dc=local" # ── Groups ────────────────────────────────────────────────────────── diff --git a/infra/tools/ldap_tool.py b/infra/tools/ldap_tool.py index efed6177..27729072 100644 --- a/infra/tools/ldap_tool.py +++ b/infra/tools/ldap_tool.py @@ -9,10 +9,10 @@ from ldap3 import Server, Connection, NONE, SUBTREE, SIMPLE DEFAULT_HOST = "localhost" DEFAULT_PORT = 3893 -DEFAULT_BASE_DN = "dc=scadabridge,dc=local" +DEFAULT_BASE_DN = "dc=zb,dc=local" # GLAuth places users under ou=,ou=users,dc=... # The admin user (primarygroup SCADA-Admins) needs search capabilities in config. -DEFAULT_BIND_DN = "cn=admin,ou=SCADA-Admins,ou=users,dc=scadabridge,dc=local" +DEFAULT_BIND_DN = "cn=admin,ou=SCADA-Admins,ou=users,dc=zb,dc=local" DEFAULT_BIND_PASSWORD = "password" @@ -48,7 +48,7 @@ def cmd_check(args): def cmd_bind(args): """Test user authentication via bind. - GLAuth DN format: cn=,ou=,ou=users,dc=scadabridge,dc=local + GLAuth DN format: cn=,ou=,ou=users,dc=zb,dc=local Since we don't know the user's primary group upfront, we search for the user first to discover the full DN, then rebind with that DN. """ diff --git a/src/ZB.MOM.WW.ScadaBridge.Host/appsettings.Central.json b/src/ZB.MOM.WW.ScadaBridge.Host/appsettings.Central.json index b0efdbd2..32992628 100644 --- a/src/ZB.MOM.WW.ScadaBridge.Host/appsettings.Central.json +++ b/src/ZB.MOM.WW.ScadaBridge.Host/appsettings.Central.json @@ -28,8 +28,8 @@ "Port": 3893, "Transport": "None", "AllowInsecure": true, - "SearchBase": "dc=scadabridge,dc=local", - "ServiceAccountDn": "cn=admin,dc=scadabridge,dc=local", + "SearchBase": "dc=zb,dc=local", + "ServiceAccountDn": "cn=admin,dc=zb,dc=local", "ServiceAccountPassword": "${SCADABRIDGE_LDAP_SERVICE_ACCOUNT_PASSWORD}" }, "JwtSigningKey": "${SCADABRIDGE_JWT_SIGNING_KEY}", diff --git a/tests/ZB.MOM.WW.ScadaBridge.Host.Tests/ActorPathTests.cs b/tests/ZB.MOM.WW.ScadaBridge.Host.Tests/ActorPathTests.cs index a0091ef6..83d32963 100644 --- a/tests/ZB.MOM.WW.ScadaBridge.Host.Tests/ActorPathTests.cs +++ b/tests/ZB.MOM.WW.ScadaBridge.Host.Tests/ActorPathTests.cs @@ -57,8 +57,8 @@ public class CentralActorPathTests : IAsyncLifetime ["ScadaBridge:Security:Ldap:Port"] = "3893", ["ScadaBridge:Security:Ldap:Transport"] = "None", ["ScadaBridge:Security:Ldap:AllowInsecure"] = "true", - ["ScadaBridge:Security:Ldap:SearchBase"] = "dc=scadabridge,dc=local", - ["ScadaBridge:Security:Ldap:ServiceAccountDn"] = "cn=admin,dc=scadabridge,dc=local", + ["ScadaBridge:Security:Ldap:SearchBase"] = "dc=zb,dc=local", + ["ScadaBridge:Security:Ldap:ServiceAccountDn"] = "cn=admin,dc=zb,dc=local", }); }); builder.UseSetting("ScadaBridge:Node:Role", "Central"); diff --git a/tests/ZB.MOM.WW.ScadaBridge.Host.Tests/AkkaHostedServiceAuditWiringTests.cs b/tests/ZB.MOM.WW.ScadaBridge.Host.Tests/AkkaHostedServiceAuditWiringTests.cs index 5e4fed4c..f0f101f7 100644 --- a/tests/ZB.MOM.WW.ScadaBridge.Host.Tests/AkkaHostedServiceAuditWiringTests.cs +++ b/tests/ZB.MOM.WW.ScadaBridge.Host.Tests/AkkaHostedServiceAuditWiringTests.cs @@ -121,8 +121,8 @@ public class CentralAuditWiringTests : IDisposable ["ScadaBridge:Security:Ldap:Port"] = "3893", ["ScadaBridge:Security:Ldap:Transport"] = "None", ["ScadaBridge:Security:Ldap:AllowInsecure"] = "true", - ["ScadaBridge:Security:Ldap:SearchBase"] = "dc=scadabridge,dc=local", - ["ScadaBridge:Security:Ldap:ServiceAccountDn"] = "cn=admin,dc=scadabridge,dc=local", + ["ScadaBridge:Security:Ldap:SearchBase"] = "dc=zb,dc=local", + ["ScadaBridge:Security:Ldap:ServiceAccountDn"] = "cn=admin,dc=zb,dc=local", ["ScadaBridge:InboundApi:ApiKeyPepper"] = "test-inbound-api-key-pepper-at-least-32-chars!", }); }); diff --git a/tests/ZB.MOM.WW.ScadaBridge.Host.Tests/CompositionRootTests.cs b/tests/ZB.MOM.WW.ScadaBridge.Host.Tests/CompositionRootTests.cs index d8e119bf..96a9f21c 100644 --- a/tests/ZB.MOM.WW.ScadaBridge.Host.Tests/CompositionRootTests.cs +++ b/tests/ZB.MOM.WW.ScadaBridge.Host.Tests/CompositionRootTests.cs @@ -116,8 +116,8 @@ public class CentralCompositionRootTests : IDisposable ["ScadaBridge:Security:Ldap:Port"] = "3893", ["ScadaBridge:Security:Ldap:Transport"] = "None", ["ScadaBridge:Security:Ldap:AllowInsecure"] = "true", - ["ScadaBridge:Security:Ldap:SearchBase"] = "dc=scadabridge,dc=local", - ["ScadaBridge:Security:Ldap:ServiceAccountDn"] = "cn=admin,dc=scadabridge,dc=local", + ["ScadaBridge:Security:Ldap:SearchBase"] = "dc=zb,dc=local", + ["ScadaBridge:Security:Ldap:ServiceAccountDn"] = "cn=admin,dc=zb,dc=local", // Auth re-arch (C5): inbound-API keys live in the shared // ZB.MOM.WW.Auth.ApiKeys SQLite store. The verifier reuses // this same config key as its pepper secret (PepperSecretName), diff --git a/tests/ZB.MOM.WW.ScadaBridge.IntegrationTests/AuthFlowTests.cs b/tests/ZB.MOM.WW.ScadaBridge.IntegrationTests/AuthFlowTests.cs index a23519e3..9c4b0b4a 100644 --- a/tests/ZB.MOM.WW.ScadaBridge.IntegrationTests/AuthFlowTests.cs +++ b/tests/ZB.MOM.WW.ScadaBridge.IntegrationTests/AuthFlowTests.cs @@ -107,7 +107,7 @@ public class AuthFlowTests : IClassFixture public async Task LoginEndpoint_WithValidLdapCredentials_SetsCookieAndRedirects() { // Requires GLAuth test LDAP server: docker compose -f infra/docker-compose.yml up -d glauth - // GLAuth runs on localhost:3893, baseDN dc=scadabridge,dc=local, all passwords "password" + // GLAuth runs on localhost:3893, baseDN dc=zb,dc=local, all passwords "password" if (!await IsLdapAvailableAsync()) { // Skip gracefully if GLAuth not running — not a test failure diff --git a/tests/ZB.MOM.WW.ScadaBridge.IntegrationTests/ScadaBridgeWebApplicationFactory.cs b/tests/ZB.MOM.WW.ScadaBridge.IntegrationTests/ScadaBridgeWebApplicationFactory.cs index 87882fc8..e95c210a 100644 --- a/tests/ZB.MOM.WW.ScadaBridge.IntegrationTests/ScadaBridgeWebApplicationFactory.cs +++ b/tests/ZB.MOM.WW.ScadaBridge.IntegrationTests/ScadaBridgeWebApplicationFactory.cs @@ -45,11 +45,11 @@ public class ScadaBridgeWebApplicationFactory : WebApplicationFactory ["ScadaBridge__Security__Ldap__Port"] = "3893", ["ScadaBridge__Security__Ldap__Transport"] = "None", ["ScadaBridge__Security__Ldap__AllowInsecure"] = "true", - ["ScadaBridge__Security__Ldap__SearchBase"] = "dc=scadabridge,dc=local", + ["ScadaBridge__Security__Ldap__SearchBase"] = "dc=zb,dc=local", // GLAuth places users at cn=,ou=,ou=users,dc=... — a service // account is configured to enable the shared service's search-then-bind: // resolve the user's real DN by (UserNameAttribute=) lookup, then bind it. - ["ScadaBridge__Security__Ldap__ServiceAccountDn"] = "cn=admin,ou=SCADA-Admins,ou=users,dc=scadabridge,dc=local", + ["ScadaBridge__Security__Ldap__ServiceAccountDn"] = "cn=admin,ou=SCADA-Admins,ou=users,dc=zb,dc=local", ["ScadaBridge__Security__Ldap__ServiceAccountPassword"] = "password", };