Question :
Reading over this post it seemed to indicate this plugin allowed user authentication via LDAP
Percona Server is bundled with the PAM plugin which opens a plethora
of ways to authenticate to MySQL such as restricting time when users
can connect to MySQL, authenticate via a USB key, authenticate to an
external authentication system such as LDAP and many, many more PAM
compatible mechanisms.
However that intro paragraph is the only mention of LDAP in the entire post. I’ve read through that as well as the general Percona PAM installation post. Every setup instruction seems to be talking about authenticating against a local unix account. No mention of specifying an LDAP server or anything.
I found one other SourceForge project and some other mentions of perhaps slapping mysql_proxy infront. Frankly that SF project doesn’t feel very production ready.
Am I missing something about this percona plugin being able to authenticate via LDAP?
If I’m completely off base with that plugin perhaps my larger questions is “How can I get users authenticated via LDAP?”
Answer :
I have used the Percona PAM Authentication Plugin for MySQL to successfully authenticate individual users via LDAP but so far I haven’t managed to the group/proxy part working.
You do need to make sure that there is a PAM profile for MySQL, which is probably the bit that is missing (first question) from the article you linked. I had also read through that along the way.
I found this guide particularly helpful for getting it working (second question):
I’m still in the process of finalising this all and once I’m finished I’ll blog about my experience and update this post with more information. Hope this helped!