wn/mariadb-with-ldap-pam
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

adjust config files and readme

Browse Source
This commit is contained in:
Wolfgang Hottgenroth 2019-09-23 16:41:43 +02:00
parent 40a64c40f8
commit a41275c49b
Signed by: wn
GPG Key ID: 6C1E5E531E0D5D7F
3 changed files with 23 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
VERSION
View File

@ -1 +1 @@
0.1-10.4 0.2-10.4

11
load_pam_plugin.cnf
View File

@ -1,4 +1,13 @@
[mariadb] [mariadb]
plugin_load=auth_pam.so plugin_load=auth_pam
pam_use_cleartext_plugin = ON
# create these stuff and enable the following configuration
# otherwise the pam_use_cleartext_plugin won't work which
# is required for dotnet connections
# ssl_cert = /etc/mysql/conf.d/ssl/server-cert.pem
# ssl_key = /etc/mysql/conf.d/ssl/server-key.pem
# ssl_ca = /etc/mysql/conf.d/ssl/ca.pem

12
readme.md
View File

@ -25,4 +25,16 @@ Start the container after creating the required volumes (see documentation of th
-e MYSQL_ROOT_PASSWORD=test123 \ -e MYSQL_ROOT_PASSWORD=test123 \
wollud1969/mariadb-with-ldap-pam:latest wollud1969/mariadb-with-ldap-pam:latest
Since one important scenario in my environment is access from dotnet applications, where the client plugin dialog is not available (https://mariadb.com/kb/en/library/authentication-plugin-pam/#using-the-plugin-with-mysqlconnector-for-net), I've add the configuration line
pam_use_cleartext_plugin = ON
to the default configuration. This in turn requires SSL/TLS connections to the database server so I added the SSL configuration to the default config file.
To enable users to access the database server with PAM/LDAP authentication, you still need to create those users in the database:
CREATE USER username@hostname IDENTIFIED VIA pam USING 'mariadb';
For details see https://mariadb.com/kb/en/library/authentication-plugin-pam/