fix(harness): swap retired bitnami/openldap for GLAuth in the Host real-LDAP mode
The Host.IntegrationTests opt-in real-LDAP mode (OTOPCUA_HARNESS_USE_LDAP=1) used bitnami/openldap:2.6, gone since Bitnami deprecated their free image catalog in 2025. Replaced it with GLAuth — the same LDAP server the rest of the project already uses (docker-dev + the live OPC UA data-plane auth, both against the shared GLAuth on :3893) — removing the lone OpenLDAP outlier and the gone-image breakage. - Added tests/.../Host.IntegrationTests/glauth/config.toml: baseDN dc=zb,dc=local, a search-capable serviceaccount, dev users alice (full access) / bob (read-only), and role groups with the same gidnumbers as scadaproj/infra/glauth so GroupToRole maps identically. - Compose ldap service -> glauth/glauth:latest, mounting the config, host :3894 -> :3893. - Repointed the harness real-LDAP override from the OpenLDAP cn=admin/ldapadmin to GLAuth's cn=serviceaccount/serviceaccount123. Live-verified against a deployed container on :3894: the serviceaccount bind searches and returns alice + her 5 memberOf groups; alice/bob bind with the correct password; a wrong password yields Invalid credentials (49) — exactly the OtOpcUaLdapAuthService flow (proven identical to the data-plane's shared-GLAuth path). NB: real-LDAP mode is opt-in; the default Host run uses StubLdapAuthService, so this never blocked the default suite. Integration-sweep follow-up #6 (LDAP leg); the amd64-emulated-SQL deadline leg remains open.
This commit is contained in:
@@ -6,8 +6,8 @@
|
||||
#
|
||||
# 1. EF behaviors that diverge between provider implementations — index uniqueness,
|
||||
# RowVersion concurrency, JSON column round-trips, EF migration application.
|
||||
# 2. Real LDAP binds against an OpenLDAP server with the dev users from
|
||||
# C:\publish\glauth\auth.md.
|
||||
# 2. Real LDAP binds against a GLAuth server (./glauth/config.toml) with dev users
|
||||
# alice (full access) / bob (read-only) and the cn=serviceaccount bind account.
|
||||
#
|
||||
# Activate by setting these env vars before running the suite:
|
||||
#
|
||||
@@ -43,15 +43,13 @@ services:
|
||||
retries: 20
|
||||
|
||||
ldap:
|
||||
# OpenLDAP image — same one docker-dev/ uses, just on a different port. Dev users
|
||||
# alice/bob match the GLAuth fixtures so AuthEndpoints contract tests share creds.
|
||||
image: bitnami/openldap:2.6
|
||||
environment:
|
||||
LDAP_ROOT: "dc=zb,dc=local"
|
||||
LDAP_ADMIN_USERNAME: "admin"
|
||||
LDAP_ADMIN_PASSWORD: "ldapadmin"
|
||||
LDAP_USERS: "alice,bob"
|
||||
LDAP_PASSWORDS: "alice123,bob123"
|
||||
LDAP_USER_DC: "ou=FleetAdmin"
|
||||
# GLAuth — the same LDAP server the rest of the project uses (docker-dev + the live
|
||||
# OPC UA data-plane auth, both against the shared GLAuth on :3893). Replaced the retired
|
||||
# bitnami/openldap:2.6 (Bitnami deprecated their free catalog in 2025). Seeded by
|
||||
# ./glauth/config.toml with a search-capable serviceaccount + dev users alice/bob.
|
||||
# Listens on :3893 in-container; mapped to host :3894 to run beside docker-dev's :3893.
|
||||
image: glauth/glauth:latest
|
||||
volumes:
|
||||
- ./glauth/config.toml:/app/config/config.cfg:ro
|
||||
ports:
|
||||
- "3894:1389"
|
||||
- "3894:3893"
|
||||
|
||||
Reference in New Issue
Block a user