We want to implement ldap authentication for external users through openLDAP server in our Percona MySQL env, can you share a technical documentation for setting up LDAP authentication and how to setup a LDAP server and how to connect them.
Hi @CTutte, thank you for your answer, I have already checked this document and it is lacking the part for setting the LDAP server and connecting it to the MySQL server. Can you please share a documentation regarding this?
Thank you.
Hi @mirabraykova, Are you looking for instructions on how to install and configure and LDAP server? LDAP is a world in itself which is way beyond what is included in the plugin instructions. Here are a few starting points for LDAP:
Once you have a working LDAP service on your network, you tell MySQL where is the LDAP server with:
authentication_ldap_simple_server_host='127.0.0.1';
or
authentication_ldap_sasl_server_host='127.0.0.1';
Then, you need to create the users in LDAP before “enabling” them to access MySQL. Once you have users defined in your LDAP (with passwords), let’s say:
uid=yves,ou=testusers,dc=percona,dc=com
you can create a user in MySQL with:
CREATE USER 'yves'@'localhost' IDENTIFIED WITH authentication_ldap_simple BY 'uid=yves,ou=testusers,dc=percona,dc=com';
Essentially, this means, when user “yves” will try to connect to MySQL, validate the password by trying to connect to the LDAP server using the uid and provided password. Of course this means the server must have access to the actual password and not just the hash so the mysql client --enable-cleartext-plugin is required.