Have anyone tried using percona pam module to get to work with Microsoft AD to map groups ?
I was able to do the authentication but the group / proxy mapping seems to not work.
Yes. You can use Proxy users to emulate roles. In the example below, support and dba are the AD groups. When the AD user logs in and is a member of support or dba, that user will have the privileges assigned to support_users@‘%’ or dba_users@‘%’.
mysql> CREATE USER ‘’@‘’ IDENTIFIED WITH auth_pam as ‘mysqld,support=support_users,dba=dba_users’;
Query OK, 0 rows affected (0.00 sec)
mysql> CREATE USER support_users@‘%’ IDENTIFIED BY ‘some_password’;
Query OK, 0 rows affected (0.00 sec)
mysql> CREATE USER dba_users@‘%’ IDENTIFIED BY ‘some_password’;
Query OK, 0 rows affected (0.00 sec)
mysql> GRANT ALL PRIVILEGES ON support.* TO support_users@‘%’;
Query OK, 0 rows affected (0.00 sec)
mysql> GRANT ALL PRIVILEGES ON *.* TO dba_users@‘%’;
Query OK, 0 rows affected (0.00 sec)
mysql> GRANT PROXY ON support_users@‘%’ TO ‘’@‘’;
Query OK, 0 rows affected (0.00 sec)
mysql> GRANT PROXY ON dba_users@‘%’ TO ‘’@‘’;
Query OK, 0 rows affected (0.00 sec)
mysql> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.00 sec)