I want to connect LDAP to my MariaDB instance on my Ubuntu server so that I can create user accounts by linking them like this: CREATE USER 'testuser'@'%' IDENTIFIED WITH authentication_ldap_simple AS 'uid=testuser,ou=testing,dc=test,dc=com'; But for that I need to install the plugin authentication_ldap_simple. I tried installing it with this command but it failed: INSTALL PLUGIN authentication_ldap_simple SONAME 'authentication_ldap_simple.so'; ERROR 1126 (HY000): Can't open shared library '/usr/lib/mysql/plugin/authentication_ldap_simple.so' (errno: 2, cannot open shared object file: No such file or directory) I tried to find a way to install the plugin via apt but I couldn't find any. Can you help me? How do I install authentication_ldap_simple or get the file authentication_ldap_simple.so? Or is there another way to authenticate with LDAP?

I have installed Percona PAm plugin on my Percona server as shown below: mysql> show plugins; ... | auth_pam | ACTIVE | AUTHENTICATION | auth_pam.so | GPL | | auth_pam_compat | ACTIVE | AUTHENTICATION | auth_pam_compat.so | GPL | +-------------------------------+----------+--------------------+--------------------+---------+ And also have this configured: cat /etc/pam.d/mysqld auth required pam_sss.so account required pam_sss.so I have a group on the AD server called "dba", and added an AD user 'john.d' in this group. So I would like to log into MySQL using AD users e.g., john.d, who should also inherit all privileges granted to the "dba" group. Below is how this AD group, "dba", is a setup to allow its users access the Percona server: CREATE USER ''@'' IDENTIFIED WITH auth_pam AS 'mysqld,dba=dbarole'; CREATE USER 'dbarole'@'%' IDENTIFIED BY 'dbapass'; GRANT ALL PRIVILEGES ON *.* TO 'dbarole'@'%'; GRANT PROXY ON 'dbarole'@'%' TO ''@''; When I log into MySQL as dbarole, everything works well with all granted privileges. But when I log in as john.d, one of the AD users included into the "dba" AD group, this user does not inherit the privileges (ALL) granted to its group, but only has the USAGE privilege as shown below: mysql> show grants; +-----------------------------------+ | Grants for @ | +-----------------------------------+ | GRANT USAGE ON *.* TO ''@'' | | GRANT PROXY ON 'dba'@'%' TO ''@'' | +-----------------------------------+ 2 rows in set (0.00 sec) mysql> show databases; +--------------------+ | Database | +--------------------+ | information_schema | +--------------------+ 1 row in set (0.01 sec) My Question is, how can I get an AD user to inherit privileges granted to their group in MySQL?

The JDBC connection I should use is defined in Oracle SQL Developer with the following syntax: jdbc:oracle:thin:@ldap://intranet.oid-01.dama.ch:3063/EDWHPD,cn=OracleContext,dc=emea,dc=dama,dc=ch But with Ruby on Rails, I don't use JDBC. I use Ruby-oci8 gem. I should probably get the server name or the SID from the LADP resource, but how can I do this? Thanks for your help!

My application is running on Rails 5.4.2/Ruby 2.7 and relies on an Oracle 19c. I used to query an Oracle database through a classical OCI connection configuration: **config/database.yml** development: adapter: oci host: xe username: dqm password: dqm_password But the organisation's IT architecture has changed, so that connections should now go through LDAP for security reasons. The URL looks like this : jdbc:oracle:thin:@ldap://intranet.oid-01.dama.ch:3063/EDWHPD,cn=OracleContext,dc=emea,dc=dama,dc=ch I don't know how to handle this with Rails, and it raises several questions for me: * How to describe this connection in the **database.yml** file? * Should I use the Net-LDAP gem, and what would it bring to help establishing the connection to Oracle database? * Do you know a tutorial explaining how to setup this type of database access? Thank you for your help!

I'm practicing OpenLDAP replication with 2 Centos 6.9 64bit virtual machines. The setting-up process was fine, but after I insert data into the master server, nothing happens in the slave. **MASTER SETTING** *slapd.conf* overlay syncprov syncprov-checkpoint 100 10 syncprov-sessionlog 100 updatedn "cn=Manager,dc=example,dc=com" updateref ldap://192.168.1.11:389 **SLAVE SETTING** *slapd.conf* syncrepl rid=2 provider=ldap://192.168.1.10 type=refreshOnly interval=00:00:00:01 searchbase="dc=example,dc=com" filter="(objectClass=*)" attrs="*" scope=sub schemachecking=off updatedn="cn=manager,dc=example,dc=com" bindmethod=simple binddn="cn=manager,dc=example,dc=com" credentials=secret updateref ldap://192.168.1.10 I'm using OpenLDAP 2.4.21, BerkeleyDB-4.8.

I am working on setting up LDAP authentication for a PostgreSQL database and have added the following in my pg_hba.conf file:

# TYPE  DATABASE    USER    ADDRESS     METHOD
host    all         all     all         ldap ldapurl="ldap://example.local/dc=example,dc=local?sAMAccountName" ldapbinddn="username" ldapbindpasswd="password"

It works! But now I'd like to store the username and password as environment variables, like I do for most of my config settings. I've tried adding the username and password as $LDAPUSERNAME or "$LDAPUSERNAME" but they aren't inserting any values. Is this possible? Note: The database will be running in a docker container. If I have to run some script to process the pg_hba.conf file before starting the database, I can.

Haven’t had much luck while trying several ways to implement LDAPS for PostgreSQL. **pg_hba.conf** hostssl all +test_ldap 0.0.0.0/0 ldap ldapserver=dc2.ad.foobar.com ldapport=636 ldapscheme=ldaps ldaptls=0 ldapbinddn="CN=ldap,OU=Helpers,OU=Foobar,DC=ad,DC=foobar,DC=com" ldapbindpasswd=*** ldapsearchattribute=mail ldapbasedn="OU=Users,OU=Foobar,DC=ad,DC=foobar,DC=com" Upon research, I found out that the below params are to be changed. **postgresql.conf** ssl = on ssl_cert_file = 'server.crt' ssl_key_file = 'server.key' The question is how do I get .crt and .key from the .pem certificate that I already have (shared by LDAP team). Apart from these what else needs to be done to make it work with LDAPS (SSL/TLS).

So I had an interesting talk today with some coworkers regarding spitballing ideas for some infrastructure we are building. The topic of concern is the aspect of using LDAP as a generic data store. My coworker insists that this is a good idea. I’m familiar with the concept of LDAP for auth purposes, but the aspect of using it as a general data store for users in addition to accounts, services, billing data, machine inventory; and all sorts of things that a company involved with selling cloud servers/services would need to store. I can’t seem to find any real world instances of this sort of use case. I will admit that much of the data would be hierarchical, but not necessarily all. Is this a good idea™️? Looking for some answers from people in the know, not people telling me that ldap is used for user data - I know that. As a seasoned MySQL user, this seems crazy to me, but I’m an open minded person. I’m looking for some honest and thoughtful answers. Should we consider using this for storing all sorts of data, should we only use it for storing user credentials for logins to our systems, or should we use a mainstream database for both things (obviously with hashed/salted passwords, although we may want to lean on hashicorp vault for that purpose)? Thank you!

We have a client interested in using LDAP (specifically Active Directory) for user authentication on a PostgreSQL AWS RDS (Aurora, specifically) database. Anybody doing this successfully?

I can fetch data back from LDAPS (port 636/3269) by first creating a Linked Server using sp_addlinkedserver and sp_addlinkedsrvlogin. However, what I really need to do is to authenticate a Username/Password pair against LDAPS, to determine if the credentials are Valid. Can SQL Server be used in any way to authenticate Username/Password credentials against AD/LDAP? Is it possible to use an Extended Stored Procedure or the CLR to do this? I need to abstract this away from a .DLL because the same authentication needs to be used in a legacy application and on a website.

I have a server running Percona Server 5.7 and enabled PAM LDAP authentication. I can connect with LDAP user from: - mysql client - MySQL Workbench 8.0 on Linux (Ubuntu) with dialog.so plugin copied from Percona Server 8.0 distribution. - MySQL Workbench 6.3 on Windows with dialog.dll plugin copied from MariaDB 10.5 distribution to this path: C:\Program Files\MySQL\MySQL Server 5.7\lib\plugin But, I can not make it work with MySQL Workbench 8.0 on Windows. With Procmon I can see that the plugin is expected to be found at: C:\Program Files\MySQL\MySQL Server 8.0\lib\plugin, but when I copy the dialog.dll file I get Error: Authentication plugin 'dialog' can not be loaded: Incompatible client plugin interface I have tried with dialog.dll file from MariaDB 10.2 - 10.5 distributions, none of them seems to work. I have tried also with the dialog.dll file from HeidiSQL distribution, but that one doesn't work either. Percona doesn't have distribution for Windows. Anyone have some solution?

So I would like to connect to a remote Oracle database from my Linux system using the oraclient 19c on the command line, but whenever I try to connect it sees the realmpart of my username as the server. For example I want to connect with my username "USER@REALM.DOMAIN" to the database identified by "DB" in my tnsnames.ora, i do sqlplus USER@REALM.DOMAIN@DB and of course it complains with ORA-12154: TNS:could not resolve the connect identifier specified, because it thinks "REALM.DOMAIN" is the database. When I try it without the realmpart like sqlplus USER@DB it returns ORA-01017: invalid username/password; logon denied. How can I pass my username to the client?

- Database server is Ubuntu Linux 3.13.0-68-generic - Database is PostgreSQL 9.3.10 - LDAP set up according to https://cdc.iseage.org/tutorial-pam-ldap-authentication-active-directory-debianubuntu/ - pg_hba.conf line: host all all 127.0.0.1/32 ldap ldapserver="my.ldap.net" ldapprefix="uid=" ldapsuffix=",ou=People,o=my.net,dc=my,dc=ldap,dc=net" - There is a PostgreSQL account set up for searched.user@my.net I'm able to get successful LDAP searches: ~>$ ldapsearch -h my.ldap.net -x -b "ou=People,o=my.net" "uid=searched.user@my.net" cn That returns as expected, the CN of the user looked for. I'm also able to bind lookups as in ~>$ ldapsearch -h my.ldap.net -W -D "uid=bind.lookup@my.net" -b "ou=People,o=my.net" "uid=searched.user@my.net" cn and have the correct information returned after the bind.lookup user enters their AD password. When I try: psql -U "searched.user@my.net" I get prompted for the password. Upon entering the password, I get: psql: FATAL: password authentication failed for user "searched.user@my.net" That's what I've tried. Any ideas on how I can get this working? I should mention that it is NOT desired to join the database server to the Windows domain - too many other linkage issues would arise.

I have a new installation of Windows Server 2012 with SQL Server Express 2012 with the management tools. I'm planning to create there a simple synchronization that will make queries twice per day to an external LDAP service (not a Windows active directory server) and fill a table in the local SQL instance. I've seen other questions here about this, and all of them refer to the creation of a Linked Server, but I think that will only work if the remote LDAP service was a Windows AD server. I'm able to query this server using the LDP tool, but looks like I cannot add it as a linked server. Any ideas?

I want to create a global User, identified by a LDAP_DN. My Problem is: I can automatically create users, but when I try to log on to the database, I get the error message that the login data are wrong. > "CREATE USER 'TEST_ID' IDENTIFIED GLOBALLY AS 'LDAP_DN' DEFAULT > TABLESPACE Testuser TEMPORARY TABLESPACE TEMP QUOTA 15M ON Testuser';" > it is my Term to create the User on the DB. Admin_ACL&Assign_ACL files are created and the User got the "Connect" and the "Create Session" permissions. I used the DBMS_LDAP Package to connect to the LDAP Server("init") and then i tried to "bind" with an Account. That was successful. I 've googled a lot, but i cant find a way to authenticate my Database_User without using an OID / Apex. I'm using an Oracle 12c Database on a virtual machine and the LDAP Server is a OpenDJ http://opendj.forgerock.org/ ,LDAP V3. I dont understand why I can use DBMS_LDAP Package without any Problems, but the IDENTIFIED GLOBALLY Term doesnt work. I already tried to activate the Oci/Thick Driver on the Sql Deveolper, but i only got problems. Do you have any idea how I can solve the Problem without using the OID? Maybe someone can explain how the *"Identified Globally"* Term and the password encryption from Orace 12c works exactly?

So I am running into a whirlwind of issues with my cyrus install. I am setting up a multi-domain kolab groupware solution. I am on centos 6.7 I am getting this flooding my error logs when I try to make a new user on a fresh multi domain setup: Aug 24 19:01:19 gmx1 imaps: badlogin: localhost [::1] PLAIN [SASL(-13): authentication failure: bad userid authenticated] Aug 24 19:01:23 gmx1 imaps: starttls: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits new) no authentication Aug 24 19:01:23 gmx1 imaps: SASL unable to open Berkeley db /etc/sasldb2: No such file or directory Aug 24 19:01:23 gmx1 imaps: SASL unable to open Berkeley db /etc/sasldb2: No such file or directory Aug 24 19:01:23 gmx1 imaps: ptload(): bad response from ptloader server: ptsmodule_canonifyid() failed Aug 24 19:01:23 gmx1 imaps: ptload completely failed: unable to canonify identifier: 'john'[0:1]doe@domain.com Aug 24 19:01:23 gmx1 imaps: SASL bad userid authenticated The users do NOT show up on kolab webadmin... It keeps trying to add a test user I made and won't stop trying. I reboot the server and it goes away. I tried playing with: /etc/imapd.conf ldap_domain_base_dn: cn=kolab,cn=config ldap_domain_filter: (&(objectclass=domainrelatedobject)(associateddomain=%s)) ldap_domain_name_attribute: associatedDomain ldap_domain_scope: sub ldap_domain_result_attribute: inetdomainbasedn (Should this be defined?) ldap_domain_base_dn: cn=kolab,cn=config I also noticed these at the top.. Should this be "PLAIN" ? see below.. sasl_pwcheck_method: auxprop saslauthd sasl_mech_list: PLAIN LOGIN allowplaintext: no My imapd config: configdirectory: /var/lib/imap partition-default: /var/spool/imap admins: cyrus-admin sievedir: /var/lib/imap/sieve sendmail: /usr/sbin/sendmail sasl_pwcheck_method: auxprop saslauthd sasl_mech_list: PLAIN LOGIN allowplaintext: no tls_server_cert: /etc/pki/cyrus-imapd/cyrus-imapd.pem tls_server_key: /etc/pki/cyrus-imapd/cyrus-imapd.pem # uncomment this if you're operating in a DSCP environment (RFC-4594) # qosmarking: af13 auth_mech: pts pts_module: ldap ldap_servers: ldap://localhost:389 ldap_sasl: 0 ldap_base: dc=domain,dc=com ldap_bind_dn: uid=kolab-service,ou=Special Users,dc=domain,dc=com ldap_password: WIY0DNbAYPc8uY5 ldap_filter: (|(&(|(uid=cyrus-admin)(uid=cyrus-murder))(uid=%U))(&(|(uid=%U)(mail=%U@%d)(mail=%U@%r))(objectclass=kolabinetorgperson))) ldap_user_attribute: mail ldap_group_base: dc=domain,dc=com ldap_group_filter: (&(cn=%u)(objectclass=ldapsubentry)(objectclass=nsroledefinition)) ldap_group_scope: one ldap_member_base: ou=People,dc=domain,dc=com ldap_member_method: attribute ldap_member_attribute: nsrole ldap_restart: 1 ldap_timeout: 10 ldap_time_limit: 10 unixhierarchysep: 1 virtdomains: userid annotation_definitions: /etc/imapd.annotations.conf sieve_extensions: fileinto reject envelope body vacation imapflags notify include regex subaddress relational copy date index allowallsubscribe: 0 allowusermoves: 1 altnamespace: 1 hashimapspool: 1 anysievefolder: 1 fulldirhash: 0 sieveusehomedir: 0 sieve_allowreferrals: 0 lmtp_downcase_rcpt: 1 lmtp_fuzzy_mailbox_match: 1 username_tolower: 1 deletedprefix: DELETED delete_mode: delayed expunge_mode: delayed postuser: shared ldap_domain_base_dn: cn=kolab,cn=config ldap_domain_filter: (&(objectclass=domainrelatedobject)(associateddomain=%s)) ldap_domain_name_attribute: associatedDomain ldap_domain_scope: sub ldap_domain_result_attribute: inetdomainbasedn Cyrus version: name : Cyrus IMAPD version : git2.5+0-Kolab-2.5-108.1.el6.kolab_3.4 vendor : Project Cyrus support-url: http://www.cyrusimap.org os : Linux os-version : 2.6.32-042stab108.7 environment: Built w/Cyrus SASL 2.1.23 Running w/Cyrus SASL 2.1.23 Built w/OpenSSL 1.0.1e-fips 11 Feb 2013 Running w/OpenSSL 1.0.1e-fips 11 Feb 2013 Built w/zlib 1.2.3 Running w/zlib 1.2.3 CMU Sieve 2.4 TCP Wrappers NET-SNMP mmap = shared lock = fcntl nonblock = fcntl idle = idled Kolab web-admin is in turn unable to write the entry to Cyrus as the user doesn't showin the roundcube DB. I think my main problem is that this "ptloader" cannot canonify the user. Should I turn on canonicalization? This article states to use it: https://docs.kolab.org/howtos/multi-domain.html#cyrus-imap-changes This one does not: http://bmts.us/wiki/doku.php?id=article:kolab:multidomain Running: testsaslauthd -u cyrus-admin -p mypassword Works fine also: 0: OK "Success."

I've been using Oracle Instant Client 12c as a lighter-weight alternative to the full Oracle installation. It works fine when I resolve service names with tnsnames.ora, but now I would like to configure it to use LDAP. I dropped our corporate ldap.ora and sqlnet.ora files into the TNS_ADMIN directory, but they aren't being used when I try to connect to a database. So I'm wondering, is LDAP even supported by the Oracle Instant Client?

Environment: MongoDb: 3.0 Enterprise Edition Linux: Red Hat Enterprise Linux Server release 6.4 (Santiago) Use case: - We need to have the above three MongoDb users which are not present in LDAP (they need to be available for technical modifications) - We will have ~60 users which will be authenticated via LDAP We need to be able to run MongoDb authentication and LDAP authentication in parallel. We have installed MongoDb and created three different users on MongoDb: - admin - repAdmin - ROOT Afterwards we have enabled LDAP configuration as per documentation on http://docs.mongodb.org/manual/tutorial/configure-ldap-sasl-activedirectory/ After that we've added two LDAP Users to the MongoDb ("$external") for testing purposes. Then we enabled the auth option in the MongoDb Configuration file and restarted MongoDb. After we've enabled the auth option, all authentication is failing, LDAP as well as MongoDb. Only the if the auth option is disabled the users which are present in LDAP are getting authenticated successfully. Problem: **How can we authenticate the three users (admin, repAdmin and ROOT), which are not available in LDAP, over the MongoDb Shell and all other users via LDAP?** Many thanks for your support :)