Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-6387

MariaDB LDAP integration

Details

    • Task
    • Status: Open (View Workflow)
    • Major
    • Resolution: Unresolved
    • None
    • None
    • None

    Description

      As per enterprise requirement to control user authorization based on "roles" and permissions, we would like to suggest controlling authorization and authentication through AD and LDAP layers by providing authentication mechanism through LDAP & Kerberos ticketing.
      As an example would be granting permissions to an AD based group members, so database access controls will be moved to Active Directory by adding/removing participants into particular functional AD group.
      For example creating AD group glbDBAdmins and GRANT ALL ON . for this AD or Linux group in MariaDB will grant to control access by just editing participant inside the group.
      I suggest that this implementation could be done through PAM module and as per Mysql documentation "6.3.7.3.2.3 Unix Password Authentication with Proxy Users and Group Mapping" I think that this is the feature which could be reused..
      Also I suggest that authentication part could be done through MDEV-4691 Kerberos module.

      Attachments

        Issue Links

          relates to

          Task - A task that needs to be done. MDEV-4691 Kerberize MariaDB -- add Kerberos authentication support to MariaDB

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

          Activity

            People

              Unassigned Unassigned
              trofimal Aleksej Trofimov
              Votes:
              2 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.