Authentication plugin with ldap and proxy user

Setting up authentication plugin for ldap which is working as I am about to login with ldap credentials but the accounts is not using the proxy user which means the grants are not working.
Server version: 5.6.27-75.0-log Percona Server (GPL), Release 75.0, Revision 8bb53b6

[INDENT]created from database admin account

mysql> CREATE USER ‘’@’’ IDENTIFIED WITH auth_pam AS ‘mysqld, mysqldba=dbauser’;
Query OK, 0 rows affected (0.00 sec)

mysql> grant all on . to ‘dbauser’@‘localhost’ identified by ‘xxx’ with grant option;
Query OK, 0 rows affected (0.00 sec)

mysql> grant proxy on ‘dbauser’@‘localhost’ to ‘’@’’;
Query OK, 0 rows affected (0.00 sec)

mysql> select * from mysql.proxies_priv;
±------------------------±----------±-------------±-------------±-----------±--------------------±--------------------+
| Host | User | Proxied_host | Proxied_user | With_grant | Grantor | Timestamp |
±------------------------±----------±-------------±-------------±-----------±--------------------±--------------------+
| localhost | root | | | 1 | | 2015-11-16 16:32:41 |
| localhost | dba_admin | | | 1 | root@localhost | 0000-00-00 00:00:00 |
| | | localhost | dbauser | 0 | dba_admin@localhost | 0000-00-00 00:00:00 |

Question #1- why ‘’@’’ / dbauser@localhost not showing with_grant?


login as ldap user

mysql> show grants;
±----------------------------------------------+
| Grants for @ |
±----------------------------------------------+
| GRANT USAGE ON . TO ‘’@’’ |
| GRANT PROXY ON ‘dbauser’@‘localhost’ TO ‘’@’’ |
±----------------------------------------------+
2 rows in set (0.00 sec)

mysql> SELECT USER(), CURRENT_USER();
±---------------±---------------+
| USER() | CURRENT_USER() |
±---------------±---------------+
| joep@localhost | @ |
±---------------±---------------+

Question #2 - why does it not proxy to dbauser@localhost?[/INDENT]
cat /etc/pam.d/mysqld
auth required pam_warn.so
auth required pam_ldap.so
account required pam_ldap.so

mysql> show grants for ‘’@’’;
±----------------------------------------------+
| Grants for @ |
±----------------------------------------------+
| GRANT USAGE ON . TO ‘’@’’ |
| GRANT PROXY ON ‘dbauser’@‘localhost’ TO ‘’@’’ |
±----------------------------------------------+
2 rows in set (0.00 sec)

mysql> show grants for ‘dbauser’@‘localhost’;
±------------------------------------------------------------------------------------------------------------------------------------------+
| Grants for dbauser@localhost |
±------------------------------------------------------------------------------------------------------------------------------------------+
| GRANT ALL PRIVILEGES ON . TO ‘dbauser’@‘localhost’ IDENTIFIED BY PASSWORD ‘*…’ WITH GRANT OPTION |
±------------------------------------------------------------------------------------------------------------------------------------------+