Active Directory Authentication for MySQL Database
MySQL databases don’t contain a built-in mechanism to support the Active Directory (AD) authorization. However, it is possible to configure AD authorization using third-party plugins and modules, with some restrictions. Such solutions are not available for all MySQL versions and usually complex in implementation and maintenance. This article explains how AD authorization could be easily performed with DataSunrise Software, namely, with the Proxy Authentication feature. It is assumed that you have the following configuration:
- The Active Directory box reachable from the DataSunrise host.
- DataSunrise software configured to work in the Proxy mode.
- A MySQL database protected by the DataSunrise firewall.
- LDAP Server Host. Specify the IP or the host name of the Active Directory box.
- LDAP Server Port. Specify the LPAD server port. Usually port 389 is used for TCP and UDP connection and 636 for LDAP over SSL.
- SSL. Enable the checkbox if an SSL connection is used, otherwise, leave it unchecked.
- LDAP Domain. Specify an Active Directory domain name.
- LDAP Login. Specify an Active Directory user that has access to AD groups.
- LDAP Password. Specify Active Directory user password.
- Type of Authentication to DataSunrise UI. Select “Simple” as authentication type value.
- User Filter. A parameter to search for a user name on LDAP servers.
- Base dn. Distinguished name of a database.
- AD Type. Specify “Login” to map an individual AD account to the database account. To map an AD group to the database account, use the “Group” value.
- AD login. Specify an AD user login. Note that we do not provide domain as a part of the login.
- DB Login. Specify a database user to be used to establish the database connection. DB Password. Specify the password for the database user.
- Hash Type. Select the “SHA-256” value.
- LDAP Server. Self-explanatory.