wn/mariadb-with-ldap-pam
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
mariadb-with-ldap-pam/readme.md

41 lines
2.0 KiB
Markdown
Raw Permalink Blame History

# MariaDB with PAM authentication via LDAP against an ActiveDirectory server
This image directly derives from the official mariadb image from docker hub, (https://hub.docker.com/_/mariadb).
It is built via a CI/CD pipeline on Gitlab from the repository https://gitlab.com/wolutator/mariadb-with-ldap-pam.
It can be pulled either using `docker pull registry.gitlab.com/wolutator/mariadb-with-ldap-pam` or from Docker Hub using `docker pull wollud1969/mariadb-with-ldap-pam`.
The `libpam_ldap` package is installed and configured. Final values for the LDAP configuration are loaded at start time of the container from environment variables given on the command line.
These variables are
* `LDAPURI`: LDAP URI, like `ldap://dc.yourdomain.com:389`
* `LDAPBASE`: Search base, like `DC=YOURDOMAIN, DC=com`
* `LDAPBINDDN`: DN of a user to read on the ActiveDirectory server
* `LDAPBINDPW`: Password of that user
Start the container after creating the required volumes (see documentation of the original mariadb image) with something like this:
docker run --rm --name mariadb \
-e LDAPURI="ldap://dc.yourdomain.com:389" \
-e LDAPBASE="dc=YOURDOMAIN,dc=com" \
-e LDAPBINDDN="ldapbinddn" \
-e LDAPBINDPW="ldapbindpw" \
-e MYSQL_ROOT_PASSWORD=test123 \
wollud1969/mariadb-with-ldap-pam:latest
Since one important scenario in my environment is access from dotnet applications, where the client plugin dialog is not available (https://mariadb.com/kb/en/library/authentication-plugin-pam/#using-the-plugin-with-mysqlconnector-for-net), I've add the configuration line
pam_use_cleartext_plugin = ON
to the default configuration. This in turn requires SSL/TLS connections to the database server so I added the SSL configuration to the default config file.
To enable users to access the database server with PAM/LDAP authentication, you still need to create those users in the database:
CREATE USER username@hostname IDENTIFIED VIA pam USING 'mariadb';
For details see https://mariadb.com/kb/en/library/authentication-plugin-pam/
Reference in New Issue View Git Blame Copy Permalink