views:

1928

answers:

4

I'm trying to come up with a plan to allow users to auth with a MySQL database (many, actually) using LDAP. More specifically, ActiveDirectory. Database will likely be accessed through applications, not web. What are my options?

EDIT:

Okay. It seems that there is no "official" way to allow authentication on MySQL using LDAP. What other options exist? Can we synchronize LDAP users and passwords to the MySQL user table?

A: 

I personally can't find any information that suggests this is possible. All I see is using MySQL as the data store for the LDAP directory.

Robert Rouse
I've been pretty much in the same situation. That's why I came here! usually I don't post if I can find it with the Google machine ;)
snicker
+1  A: 

Seems like you are out of luck :(

Could you use PostgreSQL?

This authentication method operates similarly to password except that it uses LDAP as the authentication method. LDAP is used only to validate the user name/password pairs. Therefore the user must already exist in the database before LDAP can be used for authentication. The server and parameters used are specified after the ldap key word in the file pg_hba.conf. The format of this parameter is:

ldap[s]://servername[:port]/base dn[;prefix[;suffix]]

voyager
PostgreSQL may be an option. I haven't deployed yet and am currently in the planning stages... good thing I found out before implementing MySQL for the solution and having to worry about data migration. Thanks for this.
snicker
+1  A: 

It can not be currently done. It was planned for 7.0 release; whether it'll actually be implemented (and when) remains to be seen.

ChssPly76
+3  A: 

this is possible with mysql proxy. there's a few things you need to know to make this work:

mysql proxy can execute shell commands mysql proxy can intercept and rewrite authentication

these two pages will help you get started:

example of running a shell command: http://forge.mysql.com/tools/tool.php?id=79 example of intercepting and rewriting authentication: http://jan.kneschke.de/2009/6/25/mysql-proxy-roles

longneck