Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-6387

MariaDB LDAP integration

    XMLWordPrintable

    Details

    • Type: Task
    • Status: Open (View Workflow)
    • Priority: Major
    • Resolution: Unresolved
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None

      Description

      As per enterprise requirement to control user authorization based on "roles" and permissions, we would like to suggest controlling authorization and authentication through AD and LDAP layers by providing authentication mechanism through LDAP & Kerberos ticketing.
      As an example would be granting permissions to an AD based group members, so database access controls will be moved to Active Directory by adding/removing participants into particular functional AD group.
      For example creating AD group glbDBAdmins and GRANT ALL ON . for this AD or Linux group in MariaDB will grant to control access by just editing participant inside the group.
      I suggest that this implementation could be done through PAM module and as per Mysql documentation "6.3.7.3.2.3 Unix Password Authentication with Proxy Users and Group Mapping" I think that this is the feature which could be reused..
      Also I suggest that authentication part could be done through MDEV-4691 Kerberos module.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned
              Reporter:
              trofimal Aleksej Trofimov
              Votes:
              2 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated: