# MariaDB with PAM authentication via LDAP against an ActiveDirectory server This image directly derives from the official mariadb image from docker hub, (https://hub.docker.com/_/mariadb). It is built via a CI/CD pipeline on Gitlab from the repository https://gitlab.com/wolutator/mariadb-with-ldap-pam. It can be pulled either using `docker pull registry.gitlab.com/wolutator/mariadb-with-ldap-pam` or from Docker Hub using `docker pull wollud1969/mariadb-with-ldap-pam`. The `libpam_ldap` package is installed and configured. Final values for the LDAP configuration are loaded at start time of the container from environment variables given on the command line. These variables are * `LDAPURI`: LDAP URI, like `ldap://dc.yourdomain.com:389` * `LDAPBASE`: Search base, like `DC=YOURDOMAIN, DC=com` * `LDAPBINDDN`: DN of a user to read on the ActiveDirectory server * `LDAPBINDPW`: Password of that user Start the container after creating the required volumes (see documentation of the original mariadb image) with something like this: docker run --rm --name mariadb \ -e LDAPURI="ldap://dc.yourdomain.com:389" \ -e LDAPBASE="dc=YOURDOMAIN,dc=com" \ -e LDAPBINDDN="ldapbinddn" \ -e LDAPBINDPW="ldapbindpw" \ -e MYSQL_ROOT_PASSWORD=test123 \ wollud1969/mariadb-with-ldap-pam:latest Since one important scenario in my environment is access from dotnet applications, where the client plugin dialog is not available (https://mariadb.com/kb/en/library/authentication-plugin-pam/#using-the-plugin-with-mysqlconnector-for-net), I've add the configuration line pam_use_cleartext_plugin = ON to the default configuration. This in turn requires SSL/TLS connections to the database server so I added the SSL configuration to the default config file. To enable users to access the database server with PAM/LDAP authentication, you still need to create those users in the database: CREATE USER username@hostname IDENTIFIED VIA pam USING 'mariadb'; For details see https://mariadb.com/kb/en/library/authentication-plugin-pam/