Showing entries 1 to 7
Displaying posts with tag: OpenLDAP (reset)
MySQL LDAP Authentication Plugin (Clear password client plugin)

Based on my last post MySQL LDAP Authentication Plugin, I received feedback from MySql Joro Blog by Oracle.

They told me:

Insted of writing (and having to deply) your own client plugin you probably can reuse the cleartext client side plugin, specially because it’s available in a number of mysql clients already. Check sql-common/client.c on MySQL 5.5+ for details.

This is very useful because you only need to put the plugin in server side, and in the client side you only need to check if the clear password plugin is enabled.

Now, I present the updated code with the only server side plugin, and I reused the cleartext client side plugin from MySql, it’s more short and very focused in LDAP authentication:

Author: Ignacio Ocampo …
[Read more]
MySQL LDAP Authentication Plugin

As a continuation of previous post, now, I will show how to make a mysql plugin for ldap authentication.

Get the mysql-server source code at (

Installing necessary packages

yum groupinstall 'Development Tools'
yum install cmake ncurses-devel

Download source code, build and start MySQL Server

tar -xzf mysql-5.5.27.tar.gz
cd mysql-5.5.25

# Preconfiguration setup
groupadd mysql
useradd -r -g mysql mysql

# Beginning of source-build specific instructions
cmake .
make install

# Postinstallation setup
chown -R mysql .
chgrp -R mysql .
./scripts/mysql_install_db --user=mysql
chown -R root .
chown -R mysql data

cp support-files/mysql.server …
[Read more]
MySQL PAM/LDAP authentication module configuration

MySQL Enterprise 5.5 (trial version available here) includes MySQL PAM authentication plugin. In this post I will show how to configure it with the OpenLDAP and Active Directory.

MySQL PAM authentication uses Linux pam_ldap library to send the calls. To configure MySQL LDAP authentication we will need to configure pam_ldap on linux.

OpenLDAP Linux configuration

  • Make sure that libpam-ldap/openldap is installed. If not, on RedHat/CentOS use commands:

# yum install openldap openldap-clients

  • Configure /etc/ldap.conf. Sample configuration:

debug 10 # set debug level only during the initial configuration
base dc=corp,dc=company_name,dc=com
binddn cn=service_account,OU=Service Accounts,OU=US Security,DC=corp,DC=company_name,DC=com
bindpw <password>
timelimit 120 …

[Read more]
Setting up OpenLDAP for MySQL Enterprise Monitor

The latest 2.2 release of MySQL Enterprise Monitor (MEM) has the ability to authenticate against LDAP. I decided to test this setup and for that, I had to create and populate an OpenLDAP server, including STARTTLS/SSL certificates. This guide was done on CentOS 5.5 but it shouldn’t be much different in other Linux/Unix distributions. First, start off by installing the packages with:

root@shell> yum install openldap openldap-clients openldap-servers

Then head to /etc/openldap where you can set you domain and the DN for the LDAP manager user. I’ve inserted some useful comments into the slapd.conf file. Lines without comments have not been changed from the default slapd.conf file.

shell> grep -v "^#" /etc/openldap/slapd.conf | grep -v "^$"
include         /etc/openldap/schema/core.schema
include         /etc/openldap/schema/cosine.schema
include         /etc/openldap/schema/inetorgperson.schema
include …
[Read more]
Charts from LDAP Con on LDAP access to MySQL Cluster

At last year’s LDAP-Con event, Ludo from OpenDS and Howard from OpenLDAP presented on the work that they’d done on using MySQL Cluster as the scalable, real-time data store for LDAP directories (going directly to the NDB API rather than using SQL). Symas now provide their implementation (back-ndb) for OpenLDAP.

You can view the charts at

Accessing the same data through LDAP and SQL

OpenLDAP includes a driver that allows it to store and access data held in MySQL Cluster. It uses the NDB-API to access the database and so the performance is extremely good. One of the great things about the solution is that it lets you simultaneously access the same data through both LDAP and SQL (or the NDB-API or any of the MySQL connectors). This article gives an example of how this can be done.


This article assumes that you’ve already installed MySQL Cluster  – if that isn’t the case then please first refer to “Creating a simple Cluster on a single LINUX host” or “ …

[Read more]
Upcoming Webinar: Guide to Scaling OpenLDAP: MySQL Cluster as Data Store for OpenLDAP Directories

Howard Chu with Johan Andersson at MySQL User Conference 2009

From MySQL Cluster 7.0, it’s possible to use Cluster as the Data Store for the OpenLDAP Directory Server – this has 2 very signifficant implications:

  1. All of the advantages of MySQL Cluster (scalability, high availability and cost) can now be applied to your directory server deployment
  2. The same data held in a MySQL Cluster database can now be accessed simultaneously using LDAP in addition to SQL, the native C++ interface and all of the connectors available for MySQL

Howard Chu (Chief Architect of the OpenLDAP project and CTO of Symas) will be presenting a Webinar on Wednesday together with Mat Keep from MySQL. I’ll be helping with the Q&A.

Webinar details…

Wednesday, June 24, 2009

[Read more]
Showing entries 1 to 7