MySQL ldap group proxy mapping using ldap simple plugin
(Doc ID 2829012.1)
Last updated on NOVEMBER 18, 2024
Applies to:
MySQL Server - Version 8.0 and laterInformation in this document applies to any platform.
Goal
To configure a MySQL instance to use an existing LDAP directory ( generally either OpenLDAP or Active Directory ) to allow for service accounts on the MySQL Instance to be mapped to individual directory user's accounts.
LDAP authentication plugins support proxying, enabling a user to connect to the MySQL server as one user but assume the privileges of a different user.
Note: There are many ways this can be configured, but this example will use a dedicated LDAP Group entry which contains a list of ldap user's to determine which group mapping they get.
Note: Configuring MySQL LDAP plugins, requires a thorough understanding of LDAP as a per-requisite.
In this example we will use GROUP objects in the ldap directory , which each contain a list of members, to map the individual users to their respective GROUPs in MySQL, eg the user 'aanon' is mapped to the MySQL group user , 'dba'
Solution
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Goal |
Solution |
LDAP directory |
MySQL configuration |
References |