feat(auth): cut ScadaBridge over to ZB.MOM.WW.Auth.Ldap; nest+rename Ldap config; roles+sitescope via IGroupRoleMapper (Task 1.2/1.4)

tests/ZB.MOM.WW.ScadaBridge.IntegrationTests/ScadaBridgeWebApplicationFactory.cs

@@ -38,17 +38,19 @@ public class ScadaBridgeWebApplicationFactory : WebApplicationFactory<Program>
             ["ScadaBridge__Database__MachineDataDb"] = "Server=localhost;Database=ScadaBridge_MachineData_Test;TrustServerCertificate=True",
             ["ScadaBridge__Database__SkipMigrations"] = "true",
             ["ScadaBridge__Security__JwtSigningKey"] = "integration-test-signing-key-must-be-at-least-32-chars-long",
-            ["ScadaBridge__Security__LdapServer"] = "localhost",
-            ["ScadaBridge__Security__LdapPort"] = "3893",
-            ["ScadaBridge__Security__LdapUseTls"] = "false",
-            ["ScadaBridge__Security__AllowInsecureLdap"] = "true",
-            ["ScadaBridge__Security__LdapSearchBase"] = "dc=scadabridge,dc=local",
-            // GLAuth places users at cn=<name>,ou=<group>,ou=users,dc=... — the
-            // no-service-account fallback DN (uid=<name>,dc=...) does not match,
-            // so a service account is configured to enable search-then-bind:
-            // resolve the user's real DN by (uid=<name>) lookup, then bind it.
-            ["ScadaBridge__Security__LdapServiceAccountDn"] = "cn=admin,ou=SCADA-Admins,ou=users,dc=scadabridge,dc=local",
-            ["ScadaBridge__Security__LdapServiceAccountPassword"] = "password",
+            // Task 1.4: LDAP settings nest under Security:Ldap (shared LdapOptions) and use
+            // the renamed keys (Transport replaces LdapUseTls; None == plaintext for the
+            // GLAuth dev directory, paired with AllowInsecure=true).
+            ["ScadaBridge__Security__Ldap__Server"] = "localhost",
+            ["ScadaBridge__Security__Ldap__Port"] = "3893",
+            ["ScadaBridge__Security__Ldap__Transport"] = "None",
+            ["ScadaBridge__Security__Ldap__AllowInsecure"] = "true",
+            ["ScadaBridge__Security__Ldap__SearchBase"] = "dc=scadabridge,dc=local",
+            // GLAuth places users at cn=<name>,ou=<group>,ou=users,dc=... — a service
+            // account is configured to enable the shared service's search-then-bind:
+            // resolve the user's real DN by (UserNameAttribute=<name>) lookup, then bind it.
+            ["ScadaBridge__Security__Ldap__ServiceAccountDn"] = "cn=admin,ou=SCADA-Admins,ou=users,dc=scadabridge,dc=local",
+            ["ScadaBridge__Security__Ldap__ServiceAccountPassword"] = "password",
         };
 
         foreach (var (key, value) in envVars)