Home |  MySQL Buzz |  FAQ |  Feeds |  Submit your blog feed |  Feedback |  Archive |  Aggregate feed RSS 2.0 English Deutsch Español Français Italiano 日本語 Русский Português 中文
Showing entries 1 to 14

Displaying posts with tag: ldap (reset)

How to Setup Centralized Authentication of ClusterControl Users with LDAP
+0 Vote Up -0Vote Down
April 24, 2014 By Severalnines

ClusterControl 1.2.6 introduces integration with Active Directory and LDAP authentication. This allows users to log into ClusterControl by using their corporate credentials instead of a separate password. LDAP groups can be mapped onto ClusterControl user groups to apply roles to the entire group, so it is very convenient for larger organizations who have a centralized LDAP-compliant authentication system. This blog shows you how to configure LDAP authentication in ClusterControl, and allow users to use their Active Directory or LDAP username and password to log in to ClusterControl. 

  [Read more...]
ClusterControl 1.2.6 Released
+0 Vote Up -0Vote Down
April 22, 2014 By Severalnines


Join our upcoming webinar New Features Webinar on ClusterControl 1.2.6 - May 13th 2014 with live demo. Click on following banner to register:


The Severalnines team is pleased to announce the release of ClusterControl 1.2.6. This release contains key new features along with performance improvements and bug fixes. We have outlined some of the key features below. 


Highlights of ClusterControl 1.2.6 include:

  • Centralized Authentication
  [Read more...]
MySQL LDAP Authentication Plugin (Clear password client plugin)
+1 Vote Up -0Vote Down

Based on my last post MySQL LDAP Authentication Plugin, I received feedback from MySql Joro Blog by Oracle.

They told me:

Insted of writing (and having to deply) your own client plugin you probably can reuse the cleartext client side plugin, specially because it’s available in a number of mysql clients already. Check sql-common/client.c on MySQL 5.5+ for details.

This is very useful because you only need to put the plugin in server side, and in the client side you only need to check if the clear password plugin is enabled.

Now, I present the updated code with the only server side plugin, and I reused the cleartext client side plugin from MySql, it’s more short

  [Read more...]
MySQL LDAP Authentication Plugin
+3 Vote Up -0Vote Down

As a continuation of previous post, now, I will show how to make a mysql plugin for ldap authentication.

Get the mysql-server source code at http://dev.mysql.com/downloads/mysql/ (http://dev.mysql.com/get/Downloads/MySQL-5.5/mysql-5.5.27.tar.gz/from/http://cdn.mysql.com/)

Installing necessary packages

yum groupinstall 'Development Tools'
yum install cmake ncurses-devel

Download source code, build and start MySQL Server

wget http://dev.mysql.com/get/Downloads/MySQL-5.5/mysql-5.5.27.tar.gz/from/http://cdn.mysql.com/
tar -xzf mysql-5.5.27.tar.gz
cd mysql-5.5.25

# Preconfiguration setup
groupadd mysql
useradd -r -g mysql mysql

# Beginning of source-build specific instructions
cmake .
make install

# Postinstallation setup
chown -R mysql .
chgrp -R mysql .
  [Read more...]
LDAP C Client Authentication Example (with OpenLDAP)
+0 Vote Up -0Vote Down

I have the goal of authenticate MySQL users with an LDAP server, currently, employees of my company are authenticated in several services (ftp, ssh, svn) through my LDAP server, except MySQL. (As you can imagine, I need to add manually every user in MySQL, a very tedious task).

In this post I only leave the example with LDAP authentication.

Installing necessary packages

yum groupinstall 'Development Tools'
yum install openldap-devel

Source ldapClient.c

#include <stdio.h>
#include <ldap.h>
/* LDAP Server settings */
#define LDAP_SERVER "ldap://nafiux.com:389"
main( int argc, char **argv )
LDAP        *ld;
int        rc;
char        bind_dn[100];

/* Get username and password */
if( argc != 3 )
perror( "invalid
  [Read more...]
MySQL 5.5 Authentication Goodies
Employee +3 Vote Up -0Vote Down
MySQL 5.5 is currently in the Release Candidate phase and making good
progress on the way to being a Generally Available release. There
are many new features that will improve performance, make service
more robust, and generally make life better for DBAs. But since
5.5.7 was released for evaluation in October, there has not been a
lot of attention given to the changes in authentication.

To greatly simplify, MySQL has a table with a list of users and a
list of hosts from which those users are allowed access. So user
'jones' and the host they connect from are checked to make sure they
are allowed access. If they match, they can access the instance.

As of 5.5.7, MySQL authentication now supports pluggable
authentication and proxies. So now you can use PAM, Windows native
authentication, LDAP,

  [Read more...]
Configuring MySQL Enterprise Monitor to authenticate from LDAP
Employee +2 Vote Up -1Vote Down

In the last post, we saw how to create a test OpenLDAP server, populate it and secure it with SSL certificates. Now we are going to have a look at how to configure MySQL Enterprise Manager (MEM) to authenticate against LDAP. We will be examining a few different kinds of setup methods.

1. Using LDAP to fetch just the user password

The simplest form is to configure a user with MEM and set it to the LDAP type. The user’s role is setup in MEM during user creation time and is not fetched from LDAP. Below you can see the user definition page:

How to

  [Read more...]
Setting up OpenLDAP for MySQL Enterprise Monitor
Employee +1 Vote Up -0Vote Down

The latest 2.2 release of MySQL Enterprise Monitor (MEM) has the ability to authenticate against LDAP. I decided to test this setup and for that, I had to create and populate an OpenLDAP server, including STARTTLS/SSL certificates. This guide was done on CentOS 5.5 but it shouldn’t be much different in other Linux/Unix distributions. First, start off by installing the packages with:

root@shell> yum install openldap openldap-clients openldap-servers

Then head to /etc/openldap where you can set you domain and the DN for the LDAP manager user. I’ve inserted some useful comments into the slapd.conf file. Lines without comments have not been changed from the default slapd.conf file.

shell> grep -v "^#" /etc/openldap/slapd.conf | grep -v "^$"
include		/etc/openldap/schema/core.schema
  [Read more...]
Charts from LDAP Con on LDAP access to MySQL Cluster
Employee +1 Vote Up -1Vote Down

At last year’s LDAP-Con event, Ludo from OpenDS and Howard from OpenLDAP presented on the work that they’d done on using MySQL Cluster as the scalable, real-time data store for LDAP directories (going directly to the NDB API rather than using SQL). Symas now provide their implementation (back-ndb) for OpenLDAP.

You can view the charts at http://www.mysql.com/customers/view/?id=1041 (http://www.mysql.com/customers/view/?id=1041" target="_blank)

Accessing the same data through LDAP and SQL
Employee +2 Vote Up -0Vote Down

OpenLDAP includes a driver that allows it to store and access data held in MySQL Cluster. It uses the NDB-API to access the database and so the performance is extremely good. One of the great things about the solution is that it lets you simultaneously access the same data through both LDAP and SQL (or the NDB-API or any of the MySQL connectors). This article gives an example of how this can be done.


This article assumes that you’ve already installed MySQL Cluster  – if that isn’t the case then please first refer to “

  [Read more...]
Upcoming Webinar: Guide to Scaling OpenLDAP: MySQL Cluster as Data Store for OpenLDAP Directories
Employee +1 Vote Up -0Vote Down

Howard Chu with Johan Andersson at MySQL User Conference 2009

From MySQL Cluster 7.0, it’s possible to use Cluster as the Data Store for the OpenLDAP Directory Server – this has 2 very signifficant implications:

  • All of the advantages of MySQL Cluster (scalability, high availability and cost) can now be applied to your directory server deployment
  • The same data held in a MySQL Cluster database can now be accessed simultaneously using LDAP in addition to SQL, the native C++ interface and all of the connectors available for MySQL
  • Howard Chu (Chief Architect of the OpenLDAP project and CTO of Symas)

      [Read more...]
    MC 7.0 New Features, LDAP For MySQL Cluster - UC2009 sessions
    +0 Vote Up -0Vote Down
    The presentations from the sessions MySQL Cluster 7.0 - New Features and LDAP For MySQL Cluster - back-ndb, and all other sessions on MySQL Cluster, are available for download from www.mysqlconf.com.
    OpenDS, the Java OpenSource LDAP Server - This Week's Webinar
    Employee_Team +0 Vote Up -0Vote Down

    This week's webinar is on OpenDS, the Open Source Java LDAP server that is at the core of the next generation for Sun's market leading DSEE Product. Ludovic will provide an overview of the project including the recent developments on the v2 release. The presentation on Thursday, April 23rdh, 11am US Pacific, at TheAquarium Channel. Full details (and recordings) at the

      [Read more...]
    LDAP and MySQL Cluster
    +0 Vote Up -0Vote Down
    There are two LDAP Directory Servers available that supports MySQL Cluster - OpenLDAP (supported and maintained by Symas Corp.) and OpenDS (Sun Microsystems). Both of them have implemented a back-end called back-ndb that talks direclty to the data nodes. This means that they use the NDBAPI directly to access data in the cluster, thus bypassing the MySQL Server.

    Using MySQL Cluster as the back-end makes it possible to easily scale out the LDAP layer without using replication between LDAP servers. If you need to have more capacity in the LDAP layer, add another LDAP server (online, no service interruption), if you need more storage capacity, add data nodes (online, no service interruption). This offers incredible scalability. And no single point of failure.

      [Read more...]
    Showing entries 1 to 14

    Planet MySQL © 1995, 2014, Oracle Corporation and/or its affiliates   Legal Policies | Your Privacy Rights | Terms of Use

    Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.