maxscale and AD/LDAP
i check options about maxscale to solve next topic
use LDAP/AD to auth users when they need to connect to the mariaDB instance for maintenance with audit log. Idea was behind next: in maxScale we do an auth against of the LDAP and then to connect to the DB we use regular app user. Main requirements there were to have full audit which queries were executed by which AD user + based on user group in AD allow/decline to do particular things
maybe u can advise some good practices for solving it
Answer Answered by Markus Mäkelä in this comment.
The last paragraph of this chapter of the PAM authentication module shows how you could convert individual LDAP users via PAM into common application users (i.e. groups) with the group mapping PAM plugin.
Content reproduced on this site is the property of its respective owners,
and this content is not reviewed in advance by MariaDB. The views, information and opinions
expressed by this content do not necessarily represent those of MariaDB or any other party.