Firebird 5.0.0 User trusted authentication on Windows checking user specific group

36 views
Skip to first unread message

Mustafa

unread,
Dec 3, 2024, 8:38:58 AMDec 3
to firebird-support


Hey everyone,

i want to set up User trusted authentication on our Windows hosted Firebird server. For this purpose i have followed this guide:
https://ib-aid.com/download/docs/fb5migrationguide.html#_setting_up_trusted_authentication

On the second step it verifies any user trying to connect to the database, which isnt what i want.
I want to check if the user belongs to a specific Windows group before letting him in.

Now this works for my user specifically:
create global mapping dev
using plugin win_sspi
from user "domain\MyName"
to User Sysdba;

2 Problems here:

  1. the same query doesnt work with:
    create global mapping dev
    using plugin win_sspi
    from user "domain\MyName"
    to Role my_own_role;

So its not possible to assign that user to my own created role.

  1. a mapping that automatically assigns users from my specified group within our domain to a specific role.
    So we might have a active directory group called Devs and we want to let every member of Devs inside.
    I've tried a lot but i imagine something like a wildcard or specifying the group working:

Wildcard:
CREATE Global MAPPING dev
USING PLUGIN WIN_SSPI
FROM User "DN%"
TO ROLE my_own_role;

or

Group:
create global mapping trusted_auth
using plugin win_sspi
from Group "dn\Developer_group"
to ROLE my_own_role;

Is it even possible to create mapping that automatically assigns every user within a certain active directory group to a role?


Best regards,

Mustafa

Reply all
Reply to author
Forward
0 new messages