fix: make Admin LDAP sign-in work against GLAuth

Three bugs blocked sign-in entirely: - Login.razor is static-SSR but its form model lacked [SupplyParameterFromForm], so the posted username/password never bound — SignInAsync saw empty fields and bailed before LDAP was contacted. Annotate the model; seed it in OnInitialized since BL0008 forbids an initializer on a [SupplyParameterFromForm] property. - appsettings.json ServiceAccountDn used ou=svcaccts, which GLAuth reads as a (non-existent) group — the service-account bind failed with "Group not found". Use cn=serviceaccount,dc=lmxopcua,dc=local. - LdapAuthService resolved the user DN by searching (uid=...), but GLAuth keys users by cn. Add an LdapOptions.UserNameAttribute knob (default cn for GLAuth; set sAMAccountName for Active Directory) and use it for the search filter. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-18 02:48:00 -04:00
parent 482d5f5637
commit 5f5bfe1ea5
4 changed files with 18 additions and 4 deletions
--- a/src/Server/ZB.MOM.WW.OtOpcUa.Admin/appsettings.json
+++ b/src/Server/ZB.MOM.WW.OtOpcUa.Admin/appsettings.json
@@ -10,7 +10,7 @@
      "UseTls": false,
      "AllowInsecureLdap": true,
      "SearchBase": "dc=lmxopcua,dc=local",
-      "ServiceAccountDn": "cn=serviceaccount,ou=svcaccts,dc=lmxopcua,dc=local",
+      "ServiceAccountDn": "cn=serviceaccount,dc=lmxopcua,dc=local",
      "ServiceAccountPassword": "serviceaccount123",
      "DisplayNameAttribute": "cn",
      "GroupAttribute": "memberOf",