Would you like to learn how to configure the MariaDB service LDAP authentication on Active Directory? In this tutorial, we are going to show you how to authenticate MariaDB users using the Active Directory from Microsoft Windows and the LDAP protocol.

• Ubuntu 20.04
• Ubuntu 19.04
• Ubuntu 18.04
• MariaDB 10.3
• Windows 2012 R2

In our example, the domain controller IP address is 192.168.15.10.

In our example, the MariaDB server IP address is 192.168.15.11.

Tutorial Windows – Domain Controller Firewall

• IP – 192.168.15.10
• Operacional System – WINDOWS 2012 R2
• Hostname – TECH-DC01

First, we need to create a Firewall rule on the Windows domain controller.

This firewall rule will allow the MariaDB server to query the Active directory.

On the domain controller, open the application named Windows Firewall with Advanced Security

Create a new Inbound firewall rule.

zabbix active directory

Select the PORT option.

Select the TCP option.

Select the Specific local ports option.

Enter the TCP port 389.

zabbix windows firewall port ldap

Select the Allow the connection option.

zabbix windows firewall allow connection

Check the DOMAIN option.

Check the PRIVATE option.

Check the PUBLIC option.

Enter a description to the firewall rule.

windows firewall active directory

Congratulations, you have created the required firewall rule.

This rule will allow the MariaDB server to query the Active Directory.

Tutorial Windows – Domain Account Creation

Next, we need to create at least 2 accounts on the Active Directory database.

The ADMIN account will be used to login on the MariaDB server.

The BIND account will be used to query the Active Directory database.

On the domain controller, open the application named: Active Directory Users and Computers

Create a new account inside the Users container.

Zabbix active directory account

Create a new account named: admin

Password configured to the ADMIN user: kamisama123..

This account will be used to authenticate on the MariaDB interface.

active directory admin account
zabbix active directory admin properties

Create a new account named: bind

Password configured to the BIND user: 123qwe..

This account will be used to query the passwords stored on the Active Directory.

active directory bind account
zabbix active directory ldap bind properties

Congratulations, you have created the required Active Directory accounts.

Tutorial MariaDB – LDAP authentication

• IP – 192.168.15.11
• Operacional System – Ubuntu 20
• Hostname – MARIADB

Install the required packages to enable LDAP authentication.

Copy to Clipboard

On the Graphic installation, perform the following configuration:

• LDAP Server URI – ldap://192.168.15.10/
• LDAP Search base – DC=TECH,DC=LOCAL
• Name services to configure – PASSWD

Edit the NSLCD configuration file.

Copy to Clipboard

Here is the file, before our configuration.

Copy to Clipboard

Here is the file, after our configuration.

Copy to Clipboard

You need to change the domain controller IP address to reflect your Network environment.

You need to change the domain information to reflect your Network environment.

You need to change the bind credentials to reflect your Network environment.

Edit the NSSWITCH configuration file.

Copy to Clipboard

Make sure the following line exists.

Copy to Clipboard

As an example, here is the content of our configuration file.

Copy to Clipboard

Restart the NSLCD service.

Copy to Clipboard

You have finished the required LDAP configuration.

Tutorial MariaDB – LDAP authentication on the Active Directory

Install the MariaDB service.

Copy to Clipboard

Create the PAM configuration file.

Copy to Clipboard

Here is the file content.

Copy to Clipboard

In our example, we are going to authenticate the MariaDB service access using the LDAP account password.

Access the MariaDB command-line.

Copy to Clipboard

Enable the PAM authentication plugin.

Copy to Clipboard

Create a new user account.

Copy to Clipboard

In our example, we create a MariaDB account named ADMIN.

In our example, we configured this user account to authenticate using the PAM file named MARIADB.

Access the MariaDB command-line using the new account.

Copy to Clipboard

Verify the user account.

Copy to Clipboard

Here is the command output.

Copy to Clipboard

Congratulations! You have finished the MariaDB service LDAP authentication configuration.