Add production config with LDAP, fix LDAP auth flow

- Production port: 3389 - LDAP enabled with theta42.com config - Proper bind -> search -> user bind flow - Support service account bind for user search - Add systemd service file
2026-02-25 03:28:35 +00:00
parent 41833376f1
commit 48a876f34f
3 changed files with 72 additions and 24 deletions
--- a/conf/production.json
+++ b/conf/production.json
@@ -1,11 +1,17 @@
 {
  "server": {
-    "port": 3000
-  },
-  "session": {
-    "secret": "CHANGE-ME-NOW"
+    "port": 3389,
+    "host": "0.0.0.0"
  },
  "auth": {
-    "disabled": false
+    "disabled": false,
+    "ldap": {
+      "enabled": true,
+      "url": "ldap://10.1.0.55:389",
+      "baseDN": "dc=theta42,dc=com",
+      "bindDN": "cn=ldapclient service,ou=people,dc=theta42,dc=com",
+      "bindPassword": "",
+      "searchFilter": "(&(memberof=cn=app_openclaw_access,ou=groups,dc=theta42,dc=com)(objectClass=posixAccount)(uid={{username}}))"
+    }
  }
 }
--- a/conf/secrets.json
+++ b/conf/secrets.json
@@ -0,0 +1,14 @@
+{
+  "gateway": {
+    "token": "a41984619a5f4b9bf9148ab6eb4abca53eb796d046cbbec5"
+  },
+  "session": {
+    "secret": "dev-session-secret-change-in-production"
+  },
+  "auth": {
+    "ldap": {
+      "bindDN": "cn=ldapclient service,ou=people,dc=theta42,dc=com",
+      "bindPassword": "REPLACE_WITH_ACTUAL_PASSWORD"
+    }
+  }
+}