auth required pam_sss.so pam_unix.so audit
account required pam_sss.so pam_unix.so audit
CREATE USER gino IDENTIFIED WITH auth_pam;
CREATE USER ''@'' IDENTIFIED WITH auth_pam AS 'mysqld, mysqlrw=mysqlrw_usr'
CREATE USER mysqlrw_usr IDENTIFIED BY 'XXXXX'
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, FILE, ALTER, SHOW DATABASES on *.* TO mysqlrw_usr
FLUSH PRIVILEGES
CREATE USER ''@'' IDENTIFIED WITH auth_pam AS 'mysqld, mysqlrw=mysqlrw_usr'
if i used group matching, login doesn't works anymore.
If i use anonymous user without group login with ldap works
CREATE USER ''@'' IDENTIFIED WITH auth_pam AS 'mysqld'
So i found this cool guide that use
pam_user_map.so to map groups that works with Mysql too
http://www.geoffmontee.com/configuring-ldap-authentication-and-group-mapping-with-mariadb/auth sufficient pam_sss.so use_first_pass
auth sufficient pam_unix.so nullok try_first_pass
auth required pam_user_map.so
account [default=bad success=ok user_unknown=ignore] pam_sss.so
account required pam_unix.so broken_shadow
> email to percona-discussion+unsub...@googlegroups.com.