wn/mariadb-with-ldap-pam
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
8 Commits 2 Branches 1 Tag
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Wolfgang Hottgenroth 551b6d328d prepare 10.4.22 and move to dockerized
2022-02-11 12:42:45 +01:00
.gitlab-ci.yml
prepare 10.4.22 and move to dockerized
2022-02-11 12:42:45 +01:00
docker-entrypoint.sh-head
ready for first build, I hope
2019-09-02 10:48:39 +00:00
Dockerfile
prepare 10.4.22 and move to dockerized
2022-02-11 12:42:45 +01:00
ldap.conf-tmpl
initial
2019-09-02 09:46:57 +00:00
load_pam_plugin.cnf
adjust config files and readme
2019-09-23 16:41:43 +02:00
pam.conf-tail
initial
2019-09-02 09:46:57 +00:00
readme.md
adjust config files and readme
2019-09-23 16:41:43 +02:00
VERSION
adjust config files and readme
2019-09-23 16:41:43 +02:00

readme.md

MariaDB with PAM authentication via LDAP against an ActiveDirectory server

This image directly derives from the official mariadb image from docker hub, (https://hub.docker.com/_/mariadb).

It is built via a CI/CD pipeline on Gitlab from the repository https://gitlab.com/wolutator/mariadb-with-ldap-pam.

It can be pulled either using docker pull registry.gitlab.com/wolutator/mariadb-with-ldap-pam or from Docker Hub using docker pull wollud1969/mariadb-with-ldap-pam.

The libpam_ldap package is installed and configured. Final values for the LDAP configuration are loaded at start time of the container from environment variables given on the command line.

These variables are

  • LDAPURI: LDAP URI, like ldap://dc.yourdomain.com:389
  • LDAPBASE: Search base, like DC=YOURDOMAIN, DC=com
  • LDAPBINDDN: DN of a user to read on the ActiveDirectory server
  • LDAPBINDPW: Password of that user

Start the container after creating the required volumes (see documentation of the original mariadb image) with something like this:

docker run --rm --name mariadb \
  -e LDAPURI="ldap://dc.yourdomain.com:389" \
  -e LDAPBASE="dc=YOURDOMAIN,dc=com" \
  -e LDAPBINDDN="ldapbinddn" \
  -e LDAPBINDPW="ldapbindpw" \
  -e MYSQL_ROOT_PASSWORD=test123 \
  wollud1969/mariadb-with-ldap-pam:latest

Since one important scenario in my environment is access from dotnet applications, where the client plugin dialog is not available (https://mariadb.com/kb/en/library/authentication-plugin-pam/#using-the-plugin-with-mysqlconnector-for-net), I've add the configuration line

pam_use_cleartext_plugin = ON

to the default configuration. This in turn requires SSL/TLS connections to the database server so I added the SSL configuration to the default config file.

To enable users to access the database server with PAM/LDAP authentication, you still need to create those users in the database:

CREATE USER username@hostname IDENTIFIED VIA pam USING 'mariadb';

For details see https://mariadb.com/kb/en/library/authentication-plugin-pam/

Description
No description provided
Readme 43 KiB
Languages
Dockerfile 78.1%
Shell 21.9%