# Created by: Ganbold Tsagaankhuu <ganbold@FreeBSD.org>

# $FreeBSD$

PORTNAME=      ateam_mysql_ldap_auth

PORTVERSION=   1.0

CATEGORIES=    databases

MAINTAINER=    ganbold@FreeBSD.org

COMMENT=       A-Team MySQL LDAP authentication plugin

LICENSE=       GPLv2

LICENSE_FILE=  ${WRKSRC}/COPYING

LIB_DEPENDS=   libconfig.so:devel/libconfig

RUN_DEPENDS=   mysql${MYSQL_VER}-server>5.6:databases/mysql56-server

USE_OPENLDAP=  yes

USES=          gmake mysql:server

USE_GITHUB=    yes

GH_ACCOUNT=    ateamsystems

GH_TAGNAME=    f6a1a5d

PLIST_FILES=   lib/mysql/plugin/auth_ldap.so \

               "@sample etc/ateam_mysql_ldap_auth.conf.sample" \

               ${DOCSDIR}/README \

               ${DOCSDIR}/INSTALL

SUB_FILES=     pkg-message

do-install:

       ${MKDIR} ${STAGEDIR}${PREFIX}/lib/mysql/plugin

       ${MKDIR} ${STAGEDIR}${DOCSDIR}

       ${INSTALL_PROGRAM} ${WRKSRC}/src/auth_ldap.so ${STAGEDIR}${PREFIX}/lib/mysql/plugin/

       ${INSTALL_DATA} ${WRKSRC}/ateam_mysql_ldap_auth.conf ${STAGEDIR}${PREFIX}/etc/ateam_mysql_ldap_auth.conf.sample

       ${INSTALL_MAN} ${WRKSRC}/README ${STAGEDIR}${DOCSDIR}/

       ${INSTALL_MAN} ${WRKSRC}/INSTALL ${STAGEDIR}${DOCSDIR}/

.include <bsd.port.mk>

SHA256 (ateamsystems-ateam_mysql_ldap_auth-1.0-f6a1a5d_GH0.tar.gz) = 3a20533fb4fed93daad0e8944ab6e8ae530ecbebefd95240b1e60f3c5ca5ec9c

SIZE (ateamsystems-ateam_mysql_ldap_auth-1.0-f6a1a5d_GH0.tar.gz) = 17971

---------------------------------------------------------------------

Please see %%DOCSDIR%%/INSTALL

for install notes.

---------------------------------------------------------------------

A-Team MySQL LDAP Authenticator

WWW: https://github.com/ateamsystems/ateam_mysql_ldap_auth

---------------------------------------------------------------------------- -

A-Team MySQL LDAP Authenticator (ateam_mysql_ldap_auth) is an authentication

plugin for MySQL 5.5.7 and up, and has been extensively tested with 5.6

under FreeBSD but should work fine under Linux as well with a few tweaks,

patches are welcome!

This module allows you to create MySQL users that are then authenticated

against an LDAP server. This reduces administrative overhead and eliminates

your users having to remember a seperate username and password for MySQL.

LDAP authenticated users behave no different permission wise than 'local'

users in terms of GRANT and DB permissions.

The configuration file is flexible enough to support almost any LDAP

directory including OpenLDAP or Active Directory.

The plugin requires MySQL 5.5.7 and up. It is compiled as an add on module

and does not require you to alter the MySQL source code or recompile the

entire server. The plugin uses the OpenLDAP library to interface with a

directory.

Just like MySQL Enterprise's PAM module, for client side authentication

this plugin uses the clear_text password module as the LDAP server must

perform the password hasing and comparison.  For command line clients this

is done by setting the following environment variable:

  export LIBMYSQL_ENABLE_CLEARTEXT_PLUGIN=1

In MySQL Workbench this is acheived by going to go to the "Advanced" tab and

checking "Enable Cleartext Authentication Plugin" when editing a connction.

!!! IMPORTANT:

!!! ------------------------------------------------------------------------

!!! ENSURE THE COMMUNICATIONS PATH BETWEEN THE CLIENT AND SERVER IS SECURE!

!!! ------------------------------------------------------------------------

!!! By default MySQL does not use SSL so additional steps and network design

!!! are needed to ensure you're not exposing your credetials.