Line 0
Link Here
|
|
|
1 |
A-Team MySQL LDAP Authenticator |
2 |
WWW: https://github.com/ateamsystems/ateam_mysql_ldap_auth |
3 |
---------------------------------------------------------------------------- - |
4 |
|
5 |
A-Team MySQL LDAP Authenticator (ateam_mysql_ldap_auth) is an authentication |
6 |
plugin for MySQL 5.5.7 and up, and has been extensively tested with 5.6 |
7 |
under FreeBSD but should work fine under Linux as well with a few tweaks, |
8 |
patches are welcome! |
9 |
|
10 |
This module allows you to create MySQL users that are then authenticated |
11 |
against an LDAP server. This reduces administrative overhead and eliminates |
12 |
your users having to remember a seperate username and password for MySQL. |
13 |
LDAP authenticated users behave no different permission wise than 'local' |
14 |
users in terms of GRANT and DB permissions. |
15 |
|
16 |
The configuration file is flexible enough to support almost any LDAP |
17 |
directory including OpenLDAP or Active Directory. |
18 |
|
19 |
The plugin requires MySQL 5.5.7 and up. It is compiled as an add on module |
20 |
and does not require you to alter the MySQL source code or recompile the |
21 |
entire server. The plugin uses the OpenLDAP library to interface with a |
22 |
directory. |
23 |
|
24 |
Just like MySQL Enterprise's PAM module, for client side authentication |
25 |
this plugin uses the clear_text password module as the LDAP server must |
26 |
perform the password hasing and comparison. For command line clients this |
27 |
is done by setting the following environment variable: |
28 |
|
29 |
export LIBMYSQL_ENABLE_CLEARTEXT_PLUGIN=1 |
30 |
|
31 |
In MySQL Workbench this is acheived by going to go to the "Advanced" tab and |
32 |
checking "Enable Cleartext Authentication Plugin" when editing a connction. |
33 |
|
34 |
!!! IMPORTANT: |
35 |
!!! ------------------------------------------------------------------------ |
36 |
!!! ENSURE THE COMMUNICATIONS PATH BETWEEN THE CLIENT AND SERVER IS SECURE! |
37 |
!!! ------------------------------------------------------------------------ |
38 |
!!! By default MySQL does not use SSL so additional steps and network design |
39 |
!!! are needed to ensure you're not exposing your credetials. |