Table 15.3 External Authentication
Name | Description |
---|---|
Disabled |
No external authentication system is used. All user authentication is performed in MySQL Enterprise Monitor. |
LDAP Authentication |
Enables the LDAP configuration. Populate the fields as required by your LDAP installation. |
Active Directory Authentication |
Enables the Active Directory configuration. Populate the fields as required by your Active Directory installation. |
Is Authoritative |
To make the selected authentication system the authoritative authentication mechanism, check Is Authoritative.
Important
If you select this option, and the LDAP service is misconfigured, you can lock yourself out of MySQL Enterprise Monitor entirely. |
Enables you to configure external authentication using LDAP or Active Directory.
Table 15.4 LDAP Authentication
Name | Description |
---|---|
Primary Server Hostname and Port Number |
Hostname or IP address of the primary LDAP directory server, and the Port number of the primary LDAP server. You must change this option to the port used for SSL connections if you have enabled encryption. |
Secondary Server Hostname and Port Number |
Hostname or IP address of the secondary LDAP directory server. Port number of the secondary LDAP server. You must change this option to the port used for SSL connections if you have enabled encryption. |
Connect Timeout (seconds) |
Time elapsed without establishing a connection to the LDAP server. If a connection is not established within the defined number of seconds, an error is returned. |
Read Timeout (seconds) |
Time elapsed without a response to a request for data from the LDAP server. If no response is received within the defined number of seconds, an error is returned. |
Encryption |
Encryption type required for communication with the LDAP server(s). Supported options are None, StartTLS, and SSL. |
Referrals |
Authentication follows the referrals provided by the server. The default is to use whatever the LDAP directory server is configured to do. |
External Authentication Server Allows Anonymous Binds |
Optionally allow Anonymous binds. When unchecked, MySQL
Enterprise Monitor provides for a pre-auth bind user to
lookup account records. For Active Directory, the most
common user account attribute is
|
Authentication Mode |
The authentication mode to use.
|
User Full Name Attribute Name |
Define the user fullname attribute. This enables the system to return the fullname of the user. |
Search by User Distinguished Name (DN) Pattern |
In the User Search Patternfield, define the pattern specifying the LDAP search filter to use after substitution of the username, where {0} defines where the username should be substituted for the DN. |
Search by User Attribute Pattern |
In the User Search Base (leave blank for top level) field, define the value to use as the base of the subtree containing users. If not specified, the search base is the top-level context. To search the entire subtree, starting at the User Search Base Entry, enable Search entire subtree. If disabled, a single-level search is performed, including only the top level. To include nested roles in the search, enable Search Nested Roles. |
User Search Attribute Pattern |
The attribute pattern to use in user searches. |
Map External Roles to Application Roles |
Specifies whether the roles defined in LDAP should map to MySQL Enterprise Monitor application roles. If enabled, and LDAP is not configured to be authoritative, if a user authenticates successfully via LDAP and has a valid mapped role, they are granted permissions to the application. Roles are mapped according to the entries in the Application Role/LDAP Role(s) fields, which take comma-separated lists of LDAP roles to map to the given MySQL Enterprise Monitor roles. If you select this option, additional fields are displayed which enable you to configure how roles are found in the LDAP server. |
Enables you to configure Active Directory authentication.
Table 15.5 Active Directory Authentication
Name | Description |
---|---|
Domain |
The Active Directory Domain. |
Primary Server Hostname |
Hostname of the Active Directory server to use. |
Secondary Server Hostname |
Secondary Active Directory hostname. This is optional. |
Map LDAP Roles to Application Roles |
Whether the roles defined in Active Directory can be mapped to those defined in MySQL Enterprise Monitor. |