It can be pulled either using `docker pull registry.gitlab.com/wolutator/mariadb-with-ldap-pam` or from Docker Hub using `docker pull wollud1969/mariadb-with-ldap-pam`.
The `libpam_ldap` package is installed and configured. Final values for the LDAP configuration are loaded at start time of the container from environment variables given on the command line.
These variables are
*`LDAPURI`: LDAP URI, like `ldap://dc.yourdomain.com:389`
*`LDAPBASE`: Search base, like `DC=YOURDOMAIN, DC=com`
*`LDAPBINDDN`: DN of a user to read on the ActiveDirectory server
*`LDAPBINDPW`: Password of that user
Start the container after creating the required volumes (see documentation of the original mariadb image) with something like this:
Since one important scenario in my environment is access from dotnet applications, where the client plugin dialog is not available (https://mariadb.com/kb/en/library/authentication-plugin-pam/#using-the-plugin-with-mysqlconnector-for-net), I've add the configuration line
pam_use_cleartext_plugin = ON
to the default configuration. This in turn requires SSL/TLS connections to the database server so I added the SSL configuration to the default config file.
To enable users to access the database server with PAM/LDAP authentication, you still need to create those users in the database:
CREATE USER username@hostname IDENTIFIED VIA pam USING 'mariadb';
For details see https://mariadb.com/kb/en/library/authentication-plugin-pam/
