diff --git a/docs/v2/dev-environment.md b/docs/v2/dev-environment.md index 1d4c8e33..07136ca7 100644 --- a/docs/v2/dev-environment.md +++ b/docs/v2/dev-environment.md @@ -65,7 +65,7 @@ Running record of v2 dev services on the Windows dev VM. Updated on every instal |---------|---------------------|---------|-----------|------------------------|---------------|--------| | **Central config DB** | Docker container `otopcua-mssql` on the Linux Docker host (image `mcr.microsoft.com/mssql/server:2022-latest`) | 16.0.4250.1 (RTM-CU24-GDR, KB5083252) | `10.100.0.35:14330` → `1433` (container) — port 14330 retained from the previous local-container setup so connection-string ports don't churn | User `sa` / Password `OtOpcUaDev_2026!` | Docker named volume `otopcua-mssql-data` on the Docker host | ✅ Running on Docker host (`/opt/otopcua-mssql/`) since 2026-04-28; carries `project=lmxopcua` label | | Dev Galaxy (AVEVA System Platform) | Local install on this dev box — full ArchestrA + Historian + OI-Server stack | v1 baseline | Local COM via MXAccess (`C:\Program Files (x86)\ArchestrA\Framework\bin\ArchestrA.MXAccess.dll`); Historian via `aaH*` services; SuiteLink via `slssvc` | Windows Auth | Galaxy repository DB `ZB` on local SQL Server (separate instance from `otopcua-mssql` — legacy v1 Galaxy DB, not related to v2 config DB) | ✅ **Fully available — Phase 2 lift unblocked.** 27 ArchestrA / AVEVA / Wonderware services running incl. `aaBootstrap`, `aaGR` (Galaxy Repository), `aaLogger`, `aaUserValidator`, `aaPim`, `ArchestrADataStore`, `AsbServiceManager`, `AutoBuild_Service`; full Historian set (`aahClientAccessPoint`, `aahGateway`, `aahInSight`, `aahSearchIndexer`, `aahSupervisor`, `InSQLStorage`, `InSQLConfiguration`, `InSQLEventSystem`, `InSQLIndexing`, `InSQLIOServer`, `InSQLManualStorage`, `InSQLSystemDriver`, `HistorianSearch-x64`); `slssvc` (Wonderware SuiteLink); `OI-Gateway` install present at `C:\Program Files (x86)\Wonderware\OI-Server\OI-Gateway\` (decision #142 AppServer-via-OI-Gateway smoke test now also unblocked) | -| GLAuth (LDAP) | Local install at `C:\publish\glauth\` | v2.4.0 | `localhost:3893` (LDAP) / `3894` (LDAPS, disabled) | Direct-bind `cn={user},dc=lmxopcua,dc=local` per `auth.md`; users `readonly`/`writeop`/`writetune`/`writeconfig`/`alarmack`/`admin`/`serviceaccount` (passwords in `glauth.cfg` as SHA-256) | `C:\publish\glauth\` | ✅ Running (NSSM service `GLAuth`). Phase 1 Admin uses GroupToRole map `ReadOnly→ConfigViewer`, `WriteOperate→ConfigEditor`, `AlarmAck→FleetAdmin`. v2-rebrand to `dc=otopcua,dc=local` is a future cosmetic change | +| GLAuth (LDAP) | Local install at `C:\publish\glauth\` | v2.4.0 | `localhost:3893` (LDAP) / `3894` (LDAPS, disabled) | Direct-bind `cn={user},dc=zb,dc=local` per `auth.md`; users `readonly`/`writeop`/`writetune`/`writeconfig`/`alarmack`/`admin`/`serviceaccount` (passwords in `glauth.cfg` as SHA-256) | `C:\publish\glauth\` | ✅ Running (NSSM service `GLAuth`). Phase 1 Admin uses GroupToRole map `ReadOnly→ConfigViewer`, `WriteOperate→ConfigEditor`, `AlarmAck→FleetAdmin`. Dev base DN unified to `dc=zb,dc=local` (Task 1.6) | | OPC Foundation reference server | Not yet built | — | `10.100.0.35:62541` (target) | `user1` / `password1` (reference-server defaults) | — | Pending (needed for Phase 5 OPC UA Client driver testing) | | FOCAS TCP stub | Not yet built | — | `10.100.0.35:8193` (target) | n/a | — | Pending (built in Phase 5; runs on Docker host) | | Modbus simulator (`otopcua-pymodbus:3.13.0`) | Docker compose at `/opt/otopcua-modbus/` on Docker host | pinned 3.13.0 | `10.100.0.35:5020` | n/a | n/a | Stack staged; bring up with `lmxopcua-fix up modbus ` from this VM | diff --git a/docs/v2/implementation/phase-7-e2e-smoke.md b/docs/v2/implementation/phase-7-e2e-smoke.md index 396625b0..2bf201d0 100644 --- a/docs/v2/implementation/phase-7-e2e-smoke.md +++ b/docs/v2/implementation/phase-7-e2e-smoke.md @@ -104,8 +104,8 @@ Anonymous OPC UA sessions are denied writes against `Operate`-classified tags by "Enabled": true, "Server": "localhost", "Port": 3893, - "SearchBase": "dc=lmxopcua,dc=local", - "ServiceAccountDn": "cn=serviceaccount,dc=lmxopcua,dc=local", + "SearchBase": "dc=zb,dc=local", + "ServiceAccountDn": "cn=serviceaccount,dc=zb,dc=local", "ServiceAccountPassword": "serviceaccount123", "GroupToRole": { "ReadOnly": "ReadOnly", diff --git a/src/Server/ZB.MOM.WW.OtOpcUa.AdminUI/Components/Pages/Clusters/AclEdit.razor b/src/Server/ZB.MOM.WW.OtOpcUa.AdminUI/Components/Pages/Clusters/AclEdit.razor index aa3390f0..74856fe2 100644 --- a/src/Server/ZB.MOM.WW.OtOpcUa.AdminUI/Components/Pages/Clusters/AclEdit.razor +++ b/src/Server/ZB.MOM.WW.OtOpcUa.AdminUI/Components/Pages/Clusters/AclEdit.razor @@ -41,7 +41,7 @@ else
+ placeholder="cn=Operators,ou=FleetAdmin,dc=zb,dc=local" />
diff --git a/src/Server/ZB.MOM.WW.OtOpcUa.Security/Ldap/LdapOptions.cs b/src/Server/ZB.MOM.WW.OtOpcUa.Security/Ldap/LdapOptions.cs index 96238de5..f68339ad 100644 --- a/src/Server/ZB.MOM.WW.OtOpcUa.Security/Ldap/LdapOptions.cs +++ b/src/Server/ZB.MOM.WW.OtOpcUa.Security/Ldap/LdapOptions.cs @@ -50,7 +50,7 @@ public sealed class LdapOptions public bool DevStubMode { get; set; } /// Gets or sets the LDAP search base DN. - public string SearchBase { get; set; } = "dc=lmxopcua,dc=local"; + public string SearchBase { get; set; } = "dc=zb,dc=local"; /// /// Service-account DN used for search-then-bind. When empty, a direct-bind with diff --git a/tests/Server/ZB.MOM.WW.OtOpcUa.Host.IntegrationTests/TwoNodeClusterHarness.cs b/tests/Server/ZB.MOM.WW.OtOpcUa.Host.IntegrationTests/TwoNodeClusterHarness.cs index 8485b498..7f7d32e8 100644 --- a/tests/Server/ZB.MOM.WW.OtOpcUa.Host.IntegrationTests/TwoNodeClusterHarness.cs +++ b/tests/Server/ZB.MOM.WW.OtOpcUa.Host.IntegrationTests/TwoNodeClusterHarness.cs @@ -185,8 +185,8 @@ public sealed class TwoNodeClusterHarness : IAsyncDisposable configOverrides["Security:Ldap:Port"] = "3894"; configOverrides["Security:Ldap:Transport"] = "None"; configOverrides["Security:Ldap:AllowInsecure"] = "true"; - configOverrides["Security:Ldap:SearchBase"] = "dc=lmxopcua,dc=local"; - configOverrides["Security:Ldap:ServiceAccountDn"] = "cn=admin,dc=lmxopcua,dc=local"; + configOverrides["Security:Ldap:SearchBase"] = "dc=zb,dc=local"; + configOverrides["Security:Ldap:ServiceAccountDn"] = "cn=admin,dc=zb,dc=local"; configOverrides["Security:Ldap:ServiceAccountPassword"] = "ldapadmin"; } diff --git a/tests/Server/ZB.MOM.WW.OtOpcUa.Host.IntegrationTests/docker-compose.yml b/tests/Server/ZB.MOM.WW.OtOpcUa.Host.IntegrationTests/docker-compose.yml index 9cc93358..463d03ff 100644 --- a/tests/Server/ZB.MOM.WW.OtOpcUa.Host.IntegrationTests/docker-compose.yml +++ b/tests/Server/ZB.MOM.WW.OtOpcUa.Host.IntegrationTests/docker-compose.yml @@ -47,7 +47,7 @@ services: # alice/bob match the GLAuth fixtures so AuthEndpoints contract tests share creds. image: bitnami/openldap:2.6 environment: - LDAP_ROOT: "dc=lmxopcua,dc=local" + LDAP_ROOT: "dc=zb,dc=local" LDAP_ADMIN_USERNAME: "admin" LDAP_ADMIN_PASSWORD: "ldapadmin" LDAP_USERS: "alice,bob"