[MXS-3923] PAM group mapping to roles/groups Created: 2021-12-17 Updated: 2023-01-31 Resolved: 2023-01-31 |
|
| Status: | Closed |
| Project: | MariaDB MaxScale |
| Component/s: | PAM-Authenticator |
| Affects Version/s: | None |
| Fix Version/s: | 23.02.0 |
| Type: | New Feature | Priority: | Major |
| Reporter: | Ben Stillman | Assignee: | Esa Korhonen |
| Resolution: | Won't Do | Votes: | 1 |
| Labels: | None | ||
| Issue Links: |
|
||||
| Description |
|
Multiple customers and prospects have requested the ability to map groups via PAM to roles/groups within Xpand. The idea here is that Users and groups are defined in LDAP. A mapping between LDAP groups and associated database roles would be handled by MaxScale: https://docs.google.com/document/d/1DQ7tgW04Vcrs5XADPQO_LGJPhZRY6JLF3qd6-nJo5yM/edit# |
| Comments |
| Comment by Christine Lieu (Inactive) [ 2022-08-19 ] |
|
I added a link to some requirements that gdorman created. toddstoffel FYI. |
| Comment by Johan Wikman [ 2022-08-25 ] |
|
gdorman Could you give access to Esa to that document? |
| Comment by Esa Korhonen [ 2023-01-31 ] |
|
Not currently needed. A proper pass-through authentication feature will be required later. In such a scheme, MaxScale skips its own authentication check and relays the username & password to backend. Then, only return authentication success or fail depending on server answer. This may need to be limited to some routers and perhaps some settings (e.g. lazy connect) will be incompatible. |