My Oracle Support Banner

MySQL ldap group proxy mapping using ldap simple plugin (Doc ID 2829012.1)

Last updated on NOVEMBER 18, 2024

Applies to:

MySQL Server - Version 8.0 and later
Information in this document applies to any platform.

Goal

To configure a MySQL instance to use an existing LDAP directory ( generally either OpenLDAP or Active Directory ) to allow for service accounts on the MySQL Instance to be mapped to individual directory user's accounts.

https://dev.mysql.com/doc/refman/8.0/en/ldap-pluggable-authentication.html#ldap-pluggable-authentication-usage-proxying

LDAP authentication plugins support proxying, enabling a user to connect to the MySQL server as one user but assume the privileges of a different user.

Note: There are many ways this can be configured, but this example will use a dedicated LDAP Group entry which contains a list of ldap user's to determine which group mapping they get.

Note: Configuring MySQL LDAP plugins, requires a thorough understanding of LDAP as a per-requisite.

 

In this example we will use GROUP objects in the ldap directory , which each contain a list of members, to map the individual users to their respective GROUPs in MySQL, eg the user 'aanon' is mapped to the MySQL group user , 'dba'

 

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Goal
Solution
 LDAP directory
 MySQL configuration
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.