Connect MySQL to AD

To set up a SASL (Simple Authentication and Security Layer) connection with MySQL, you can follow these steps:

  1. Install the Cyrus SASL library:
    • Check if the library is already installed by running the command saslauthd -v in the terminal.
    • If not installed, download and install the library from the Cyrus SASL website.
  2. Configure the SASL library in the MySQL configuration file (my.cnf):
    • Add the following lines to the file
      [mysqld]

      plugin-load-add=authentication_ldap_simple.so
      plugin-load-add=authentication_ldap_sasl.so
      ldap-server=ldap://ldap.example.com
      ldap-port=389 
      ldap-base-dn="dc=example,dc=com" 
      ldap-bind-dn="cn=Manager,dc=example,dc=com" 
      ldap-bind-password="password"
      ldap-authentication-method=sasl
      ldap-sasl-mechanisms=DIGEST-MD5
      ldap-sasl-realm="example.com" 
      ldap-sasl-authzid="mysql@example.com"
      ldap-sasl-username="uid=%s,ou=people,dc=example,dc=com" 
      ldap-sasl-secprops=none
    • Replace the values in the lines with your own LDAP server information.
  3. Restart the MySQL server.
  4. Create a SASL user mapping in MySQL:
    • Connect to the MySQL server and run the following command:
      CREATE USER ‘sasluser’@’%’ IDENTIFIED WITH authentication_ldap_sasl;
    • Replace sasluser with the username you want to use for SASL authentication.
  5. Test the SASL connection:
    • Connect to the MySQL server using the SASL user:
      mysql -u sasluser -h localhost -p
      mysql -u sasluser -h IP -p -P 3006
      -h – host
      -p – password
      -P – port number
    • Enter the SASL user’s password when prompted.
    • If the connection is successful, you should be able to run MySQL commands as usual.

Leave a Reply

Your email address will not be published. Required fields are marked *