MariaDB - LDAP Authentication on the Active Directory

Would you like to learn how to configure the MariaDB service LDAP authentication on Active Directory? In this tutorial, we are going to show you how to authenticate MariaDB users using the Active Directory from Microsoft Windows and the LDAP protocol.

• Ubuntu 20.04
• Ubuntu 19.04
• Ubuntu 18.04
• MariaDB 10.3
• Windows 2012 R2

In our example, the domain controller IP address is 192.168.15.10.

In our example, the MariaDB server IP address is 192.168.15.11.

Tutorial Windows - Domain Controller Firewall

• IP - 192.168.15.10
• Operacional System - WINDOWS 2012 R2
• Hostname - TECH-DC01

First, we need to create a Firewall rule on the Windows domain controller.

This firewall rule will allow the MariaDB server to query the Active directory.

On the domain controller, open the application named Windows Firewall with Advanced Security

Create a new Inbound firewall rule.

Select the PORT option.

Select the TCP option.

Select the Specific local ports option.

Enter the TCP port 389.

Select the Allow the connection option.

Check the DOMAIN option.

Check the PRIVATE option.

Check the PUBLIC option.

Enter a description to the firewall rule.

Congratulations, you have created the required firewall rule.

This rule will allow the MariaDB server to query the Active Directory.

Tutorial Windows - Domain Account Creation

Next, we need to create at least 2 accounts on the Active Directory database.

The ADMIN account will be used to login on the MariaDB server.

The BIND account will be used to query the Active Directory database.

On the domain controller, open the application named: Active Directory Users and Computers

Create a new account inside the Users container.

Create a new account named: admin

Password configured to the ADMIN user: kamisama123..

This account will be used to authenticate on the MariaDB interface.

Create a new account named: bind

Password configured to the BIND user: 123qwe..

This account will be used to query the passwords stored on the Active Directory.

Congratulations, you have created the required Active Directory accounts.

Tutorial MariaDB - LDAP authentication

• IP - 192.168.15.11
• Operacional System - Ubuntu 20
• Hostname - MARIADB

Install the required packages to enable LDAP authentication.

On the Graphic installation, perform the following configuration:

• LDAP Server URI - ldap://192.168.15.10/
• LDAP Search base - DC=TECH,DC=LOCAL
• Name services to configure - PASSWD

Edit the NSLCD configuration file.

Here is the file, before our configuration.

Here is the file, after our configuration.

You need to change the domain controller IP address to reflect your Network environment.

You need to change the domain information to reflect your Network environment.

You need to change the bind credentials to reflect your Network environment.

Edit the NSSWITCH configuration file.

Make sure the following line exists.

As an example, here is the content of our configuration file.

Restart the NSLCD service.

You have finished the required LDAP configuration.

Tutorial MariaDB - LDAP authentication on the Active Directory

Install the MariaDB service.

Create the PAM configuration file.

Here is the file content.

In our example, we are going to authenticate the MariaDB service access using the LDAP account password.

Access the MariaDB command-line.

Enable the PAM authentication plugin.

Create a new user account.

In our example, we create a MariaDB account named ADMIN.

In our example, we configured this user account to authenticate using the PAM file named MARIADB.

Access the MariaDB command-line using the new account.

Verify the user account.

Here is the command output.

Congratulations! You have finished the MariaDB service LDAP authentication configuration.