From 12d748c4f3b10a07f9ab70abaea10e74b683896f Mon Sep 17 00:00:00 2001 From: Joseph Doherty Date: Mon, 20 Apr 2026 01:41:16 -0400 Subject: [PATCH] =?UTF-8?q?CLAUDE.md=20=E2=80=94=20TopShelf=20+=20LdapAuth?= =?UTF-8?q?enticationProvider=20stale=20references.=20Closes=20task=20#207?= =?UTF-8?q?.=20The=20docs-refresh=20agent=20sweep=20(PR=20#149)=20flagged?= =?UTF-8?q?=20two=20stale=20library/class=20references=20in=20the=20root?= =?UTF-8?q?=20CLAUDE.md=20that=20the=20v2=20refactors=20landed=20but=20the?= =?UTF-8?q?=20project-level=20instructions=20missed.=20Service=20hosting?= =?UTF-8?q?=20line=20replaced=20with=20the=20two-process=20reality:=20Serv?= =?UTF-8?q?er=20+=20Admin=20use=20.NET=20generic-host=20AddWindowsService?= =?UTF-8?q?=20(decision=20#30=20explicitly=20replaced=20TopShelf=20in=20v2?= =?UTF-8?q?=20=E2=80=94=20OpcUaServerService.cs=20carries=20the=20decision?= =?UTF-8?q?-#30=20comment=20inline);=20Galaxy.Host=20is=20a=20plain=20cons?= =?UTF-8?q?ole=20app=20wrapped=20by=20NSSM=20because=20its=20.NET-Framewor?= =?UTF-8?q?k-4.8-x86=20target=20can't=20use=20the=20generic-host=20Windows?= =?UTF-8?q?-service=20integration=20+=20MXAccess=20COM=20bitness=20require?= =?UTF-8?q?ment=20pins=20it=20there=20anyway.=20The=20LDAP-auth=20mention?= =?UTF-8?q?=20gains=20the=20actual=20class=20name=20LdapUserAuthenticator?= =?UTF-8?q?=20(src/ZB.MOM.WW.OtOpcUa.Server/Security/LdapUserAuthenticator?= =?UTF-8?q?.cs)=20implementing=20IUserAuthenticator=20=E2=80=94=20previous?= =?UTF-8?q?ly=20claimed=20LdapAuthenticationProvider=20+=20IUserAuthentica?= =?UTF-8?q?tionProvider=20+=20IRoleProvider,=20none=20of=20which=20exist?= =?UTF-8?q?=20in=20the=20source=20tree=20(the=20docs-refresh=20agent=20gre?= =?UTF-8?q?pped=20for=20it;=20it's=20truly=20gone).=20No=20functional=20im?= =?UTF-8?q?pact=20=E2=80=94=20CLAUDE.md=20is=20operator-facing=20+=20infor?= =?UTF-8?q?ms=20future=20agent=20runs=20about=20the=20stack,=20not=20compi?= =?UTF-8?q?le-time.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-Authored-By: Claude Opus 4.7 (1M context) --- CLAUDE.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/CLAUDE.md b/CLAUDE.md index d1df102..93f8a35 100644 --- a/CLAUDE.md +++ b/CLAUDE.md @@ -87,13 +87,14 @@ The server supports non-transparent warm/hot redundancy via the `Redundancy` sec ## LDAP Authentication -The server uses LDAP-based user authentication via the `Authentication.Ldap` section in `appsettings.json`. When enabled, credentials are validated by LDAP bind against a GLAuth server (installed at `C:\publish\glauth\`), and LDAP group membership maps to OPC UA permissions: `ReadOnly` (browse/read), `WriteOperate` (write FreeAccess/Operate attributes), `WriteTune` (write Tune attributes), `WriteConfigure` (write Configure attributes), `AlarmAck` (alarm acknowledgment). `LdapAuthenticationProvider` implements both `IUserAuthenticationProvider` and `IRoleProvider`. See `docs/Security.md` for the full guide and `C:\publish\glauth\auth.md` for LDAP user/group reference. +The server uses LDAP-based user authentication via the `Authentication.Ldap` section in `appsettings.json`. When enabled, credentials are validated by LDAP bind against a GLAuth server (installed at `C:\publish\glauth\`), and LDAP group membership maps to OPC UA permissions: `ReadOnly` (browse/read), `WriteOperate` (write FreeAccess/Operate attributes), `WriteTune` (write Tune attributes), `WriteConfigure` (write Configure attributes), `AlarmAck` (alarm acknowledgment). `LdapUserAuthenticator` (`src/ZB.MOM.WW.OtOpcUa.Server/Security/LdapUserAuthenticator.cs`) implements `IUserAuthenticator`. See `docs/Security.md` for the full guide and `C:\publish\glauth\auth.md` for LDAP user/group reference. ## Library Preferences - **Logging**: Serilog with rolling daily file sink - **Unit tests**: xUnit + Shouldly for assertions -- **Service hosting**: TopShelf (Windows service install/uninstall/run as console) +- **Service hosting (Server, Admin)**: .NET generic host with `AddWindowsService` (decision #30 — replaced TopShelf in v2; see `src/ZB.MOM.WW.OtOpcUa.Server/OpcUaServerService.cs`) +- **Service hosting (Galaxy.Host)**: plain console app wrapped by NSSM (`.NET Framework 4.8 x86` — required by MXAccess COM bitness) - **OPC UA**: OPC Foundation UA .NET Standard stack (https://github.com/opcfoundation/ua-.netstandard) — NuGet: `OPCFoundation.NetStandard.Opc.Ua.Server` ## OPC UA .NET Standard Documentation